0bdc1bf1724e6e265599895c5ef0f0104e4cbb2f8c373abba5ed2111ba77b8af

Analysis

max time kernel
17s
max time network
31s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 20:44

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Install VALORANT.exe
Size

66.1MB
MD5

fa9763834a8a3f39afbbcbf775b71ea8
SHA1

2a88d1871f25c475d5e670c266eb2acc9dc5e7bb
SHA256

0bdc1bf1724e6e265599895c5ef0f0104e4cbb2f8c373abba5ed2111ba77b8af
SHA512

4628cacb7fe7dfe01fdc04bd7c024c90df8a2e42ab54a534316ffbf65c6e6fe13806fb83fbba6dcd664a6daaff18825ee493cb3ed2fa9c3b4f8b9c8ca979e9d5
SSDEEP

1572864:InRkzKSp8K0UNl/Ywrt9E7lzPF5KBBhDIVIbjUp1xDn:vNp8KnAtqBBhDIVNjr

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 15 IoCs

Processes:

LogonUI.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "218"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

Install VALORANT.exeInstall VALORANT.exe

description pid process

Token: SeIncBasePriorityPrivilege 628 Install VALORANT.exe
Token: SeIncBasePriorityPrivilege 2088 Install VALORANT.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

LogonUI.exe

pid process

624 LogonUI.exe

description	pid	process
Token: SeIncBasePriorityPrivilege	628	Install VALORANT.exe
Token: SeIncBasePriorityPrivilege	2088	Install VALORANT.exe

pid	process
624	LogonUI.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Install VALORANT.exe

description	pid	process	target process
PID 628 wrote to memory of 2088	628	Install VALORANT.exe	Install VALORANT.exe
PID 628 wrote to memory of 2088	628	Install VALORANT.exe	Install VALORANT.exe
PID 628 wrote to memory of 2088	628	Install VALORANT.exe	Install VALORANT.exe

C:\Users\Admin\AppData\Local\Temp\Install VALORANT.exe
"C:\Users\Admin\AppData\Local\Temp\Install VALORANT.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:628

C:\Users\Admin\AppData\Local\Temp\Install VALORANT.exe
"C:\Users\Admin\AppData\Local\Temp\Install VALORANT.exe" --agent --riotclient-app-port=49744 --riotclient-auth-token=gEt715UrGv2GZa2l0nVpRg --app-root=C:/Users/Admin/AppData/Local/Temp "--data-root=C:/ProgramData/Riot Games/Metadata" "--update-root=C:/ProgramData/Riot Games/Metadata/Install VALORANT/Update" "--log-root=C:/Users/Admin/AppData/Local/Riot Games/Install VALORANT/Logs" "--user-data-root=C:/Users/Admin/AppData/Local/Riot Games/Install VALORANT" --session-id=15bef23e-8f0c-524e-b18e-5588cc92916c
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2088

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3992855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Riot Games\machine.cfg
Filesize
39B

MD5
437094db3f8034a5e222405e50b00b6d

SHA1
bdc08071be41e8533aadf8d437cee081a07827a4

SHA256
ec1d67cb7abdc589fbbd543b2e487d0843b18b88240009befce4155dec90d830

SHA512
1253ca626a68931d2d53a88f3006c31c422dab4ed5d4e311b9bfaee441e54dc9120e67c2cfd159f2d2eea22bc849055cd4103bd40a10c01570f0b4f5b7e09e68

Download Submit

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads