Overview

overview

8

Static

static

1

GLP_instal...et.exe

windows7-x64

8

GLP_instal...et.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    588s
  • max time network
    640s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    31-03-2023 15:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GLP_installer_900223150_market.exe

  • Size

    3.6MB

  • MD5

    0ac1fd602f5ec2d2231fe311777791e8

  • SHA1

    52ca6ccd121faf4f3aad9e7760ee1a519b323d83

  • SHA256

    bb68113cfaba1def162b8a0df4b1d41b83ea34ce4fd5b23e0a0b75b259b62bfc

  • SHA512

    10fb445ccf904c20b1b3736d02f53bc43a3b9161465c6915c89a06e978be9e988342f40d4c895acbfdabf236fbdbaa87c8470577626cbc2ba1838dba48e57623

  • SSDEEP

    49152:808OhxtUg9OUi82w6aQp9dgS1GUL38XhCOYc3iJXe9emEPGKOPkQThMYRMnm7LBg:808vdsGaQNgS1C6e6ngKpqM

Score
8/10
bootkitpersistence

Malware Config

Signatures

  • Downloads MZ/PE file
  • Loads dropped DLL 1 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe
    "C:\Users\Admin\AppData\Local\Temp\GLP_installer_900223150_market.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    PID:1056
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1108 --field-trial-handle=1304,i,4840377305947269706,5655266994891647438,131072 /prefetch:2
    1⤵
      PID:1072
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=1288,i,17104920026996177288,6278462750247028624,131072 /prefetch:2
      1⤵
        PID:1676
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1208 --field-trial-handle=1320,i,16110019866147191940,8918904550027909063,131072 /prefetch:2
        1⤵
          PID:1372
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1404 --field-trial-handle=1320,i,16110019866147191940,8918904550027909063,131072 /prefetch:8
          1⤵
            PID:2068
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1464 --field-trial-handle=1288,i,17104920026996177288,6278462750247028624,131072 /prefetch:8
            1⤵
              PID:2060
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1464 --field-trial-handle=1304,i,4840377305947269706,5655266994891647438,131072 /prefetch:8
              1⤵
                PID:2052
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1464 --field-trial-handle=1304,i,4840377305947269706,5655266994891647438,131072 /prefetch:8
                1⤵
                  PID:2440
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=1960 --field-trial-handle=1304,i,4840377305947269706,5655266994891647438,131072 /prefetch:1
                  1⤵
                    PID:2536
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2000 --field-trial-handle=1304,i,4840377305947269706,5655266994891647438,131072 /prefetch:1
                    1⤵
                      PID:2544
                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                      1⤵
                        PID:2556
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2304 --field-trial-handle=1304,i,4840377305947269706,5655266994891647438,131072 /prefetch:2
                        1⤵
                          PID:2704
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2856 --field-trial-handle=1304,i,4840377305947269706,5655266994891647438,131072 /prefetch:8
                          1⤵
                            PID:2748
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2316 --field-trial-handle=1304,i,4840377305947269706,5655266994891647438,131072 /prefetch:2
                            1⤵
                              PID:2888
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --mojo-platform-channel-handle=3752 --field-trial-handle=1304,i,4840377305947269706,5655266994891647438,131072 /prefetch:1
                              1⤵
                                PID:2992
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3756 --field-trial-handle=1304,i,4840377305947269706,5655266994891647438,131072 /prefetch:8
                                1⤵
                                  PID:3008
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3888 --field-trial-handle=1304,i,4840377305947269706,5655266994891647438,131072 /prefetch:8
                                  1⤵
                                    PID:2292

                                  Network

                                  MITRE ATT&CK Matrix ATT&CK v6

                                  Initial Access

                                  Execution

                                  Persistence

                                  Bootkit

                                  1
                                  T1067

                                  Privilege Escalation

                                  Defense Evasion

                                  Install Root Certificate

                                  1
                                  T1130

                                  Modify Registry

                                  1
                                  T1112

                                  Credential Access

                                  Discovery

                                  Lateral Movement

                                  Collection

                                  Exfiltration

                                  Command and Control

                                  Impact

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • \Users\Admin\AppData\Local\Tencent\TxGameAssistant\TGBDownloader\dr.dll
                                    Filesize

                                    74KB

                                    MD5

                                    2814acbd607ba47bdbcdf6ac3076ee95

                                    SHA1

                                    50ab892071bed2bb2365ca1d4bf5594e71c6b13b

                                    SHA256

                                    5904a7e4d97eeac939662c3638a0e145f64ff3dd0198f895c4bf0337595c6a67

                                    SHA512

                                    34c73014ffc8d38d6dd29f4f84c8f4f9ea971bc131f665f65b277f453504d5efc2d483a792cdea610c5e0544bf3997b132dcdbe37224912c5234c15cdb89d498

                                    Download Submit
                                  • memory/1056-59-0x0000000000020000-0x000000000002A000-memory.dmp
                                    Filesize

                                    40KB

                                    Download
                                  • memory/1056-60-0x0000000000020000-0x000000000002A000-memory.dmp
                                    Filesize

                                    40KB

                                    Download
                                  • memory/1056-61-0x0000000000020000-0x000000000002A000-memory.dmp
                                    Filesize

                                    40KB

                                    Download
                                  • memory/1056-62-0x0000000000020000-0x000000000002A000-memory.dmp
                                    Filesize

                                    40KB

                                    Download