5e01060bd60c83bf2fa00c2f25e86fda090da20bde322a25620a47ad3e4d0328

Analysis

max time kernel
141s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
22-03-2023 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Game Booster.ByINFORMACIONLIBRE.exe
Size

4.2MB
MD5

ab1d5473e2be34629aed5f33969cdcf6
SHA1

b39d2a3aa0ffcd4ea8b8b15d4cb790133e71f48e
SHA256

5e01060bd60c83bf2fa00c2f25e86fda090da20bde322a25620a47ad3e4d0328
SHA512

66cfb2923146e66deef6bf6ff8121cd2522ec9c56fffa59f942fcf81c2ffc9c61581caa92b409680a733767540a7d926f4f6b8ec67805a77a13ca737f44393e3
SSDEEP

98304:qh4QVVE8rR5Z+kL5n6XmiH4dfcdDh6DClPyB/cLOH/fDbB0:qmQ7EUZ+R4df9ClOc6HDbB0

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

Game Booster.ByINFORMACIONLIBRE.tmp

pid process

2016 Game Booster.ByINFORMACIONLIBRE.tmp
Loads dropped DLL 3 IoCs

Processes:

Game Booster.ByINFORMACIONLIBRE.exeGame Booster.ByINFORMACIONLIBRE.tmp

pid process

1196 Game Booster.ByINFORMACIONLIBRE.exe
2016 Game Booster.ByINFORMACIONLIBRE.tmp
2016 Game Booster.ByINFORMACIONLIBRE.tmp
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Game Booster.ByINFORMACIONLIBRE.tmp

pid process

2016 Game Booster.ByINFORMACIONLIBRE.tmp

pid	process
2016	Game Booster.ByINFORMACIONLIBRE.tmp

pid	process
1196	Game Booster.ByINFORMACIONLIBRE.exe
2016	Game Booster.ByINFORMACIONLIBRE.tmp
2016	Game Booster.ByINFORMACIONLIBRE.tmp

pid	process
2016	Game Booster.ByINFORMACIONLIBRE.tmp

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

Game Booster.ByINFORMACIONLIBRE.exe

description	pid	process	target process
PID 1196 wrote to memory of 2016	1196	Game Booster.ByINFORMACIONLIBRE.exe	Game Booster.ByINFORMACIONLIBRE.tmp
PID 1196 wrote to memory of 2016	1196	Game Booster.ByINFORMACIONLIBRE.exe	Game Booster.ByINFORMACIONLIBRE.tmp
PID 1196 wrote to memory of 2016	1196	Game Booster.ByINFORMACIONLIBRE.exe	Game Booster.ByINFORMACIONLIBRE.tmp
PID 1196 wrote to memory of 2016	1196	Game Booster.ByINFORMACIONLIBRE.exe	Game Booster.ByINFORMACIONLIBRE.tmp
PID 1196 wrote to memory of 2016	1196	Game Booster.ByINFORMACIONLIBRE.exe	Game Booster.ByINFORMACIONLIBRE.tmp
PID 1196 wrote to memory of 2016	1196	Game Booster.ByINFORMACIONLIBRE.exe	Game Booster.ByINFORMACIONLIBRE.tmp
PID 1196 wrote to memory of 2016	1196	Game Booster.ByINFORMACIONLIBRE.exe	Game Booster.ByINFORMACIONLIBRE.tmp

C:\Users\Admin\AppData\Local\Temp\Game Booster.ByINFORMACIONLIBRE.exe
"C:\Users\Admin\AppData\Local\Temp\Game Booster.ByINFORMACIONLIBRE.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1196

C:\Users\Admin\AppData\Local\Temp\is-86K6N.tmp\Game Booster.ByINFORMACIONLIBRE.tmp
"C:\Users\Admin\AppData\Local\Temp\is-86K6N.tmp\Game Booster.ByINFORMACIONLIBRE.tmp" /SL5="$90122,3815455,158720,C:\Users\Admin\AppData\Local\Temp\Game Booster.ByINFORMACIONLIBRE.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2016

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-86K6N.tmp\Game Booster.ByINFORMACIONLIBRE.tmp
Filesize
1.1MB

MD5
30f2396ad4a22e87f99f5c3c30eb1490

SHA1
b7b7880b3891ff30434b057b3bbd41100863f0bf

SHA256
09e16e8133b6fbc7a7ae2a24b66b29aba71fa0ed710b377d5a2f484168492f6b

SHA512
bcbbb6fb5be6eb8029526617fcaa6713ff3c1865161b052e50ebcc253083b05c2e659981872c1ef04f013ce054fbeae6be657ff847709669f1672d047ab7a7d0

Download Submit
\Users\Admin\AppData\Local\Temp\is-86K6N.tmp\Game Booster.ByINFORMACIONLIBRE.tmp
Filesize
1.1MB

MD5
30f2396ad4a22e87f99f5c3c30eb1490

SHA1
b7b7880b3891ff30434b057b3bbd41100863f0bf

SHA256
09e16e8133b6fbc7a7ae2a24b66b29aba71fa0ed710b377d5a2f484168492f6b

SHA512
bcbbb6fb5be6eb8029526617fcaa6713ff3c1865161b052e50ebcc253083b05c2e659981872c1ef04f013ce054fbeae6be657ff847709669f1672d047ab7a7d0

Download Submit
\Users\Admin\AppData\Local\Temp\is-OKHNO.tmp\_isetup\_shfoldr.dll
Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-OKHNO.tmp\_isetup\_shfoldr.dll
Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
memory/1196-54-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/1196-71-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/2016-67-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2016-72-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download
memory/2016-73-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads