f1d31ec466ec94df65143dd9a52b57d048ae6a8bbb9daf42c7089219b4f28e17

Analysis

max time kernel
29s
max time network
32s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
04/07/2023, 20:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

challange_Benign_f1d31ec466ec94df65143dd9a52b57d048ae6a8bbb9daf42c7089219b4f28e17.exe
Size

73KB
MD5

c47ee48de54eecd9fa6e843699385e80
SHA1

d5b46faa9fb28daf488596373f6ae16c9a3badb4
SHA256

f1d31ec466ec94df65143dd9a52b57d048ae6a8bbb9daf42c7089219b4f28e17
SHA512

4a624f5953624ee619e1af2d781ce43469b425f0bf946ef571bb3ed65eef3a08789d1fe98ca17136e75bbfa5cb3de820749cbda611dd0a407f229688b2129c4a
SSDEEP

1536:dLXB65939tY6HBg4sXJKxIjVlWmBX6CCtl8S8qcy4rLnVJY:dLk395hYXJK+KpCC/8jy4fnE

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
2244	PogoGamesSetup.exe
748	InstGameInfoHelperPDGC.exe

Loads dropped DLL 7 IoCs

pid	Process
2420	challange_Benign_f1d31ec466ec94df65143dd9a52b57d048ae6a8bbb9daf42c7089219b4f28e17.exe
2420	challange_Benign_f1d31ec466ec94df65143dd9a52b57d048ae6a8bbb9daf42c7089219b4f28e17.exe
2420	challange_Benign_f1d31ec466ec94df65143dd9a52b57d048ae6a8bbb9daf42c7089219b4f28e17.exe
2244	PogoGamesSetup.exe
2244	PogoGamesSetup.exe
2244	PogoGamesSetup.exe
2244	PogoGamesSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 6 IoCs

installer

resource	yara_rule
behavioral1/files/0x0007000000014126-66.dat	nsis_installer_1
behavioral1/files/0x0007000000014126-66.dat	nsis_installer_2
behavioral1/files/0x0007000000014126-69.dat	nsis_installer_1
behavioral1/files/0x0007000000014126-69.dat	nsis_installer_2
behavioral1/files/0x0007000000014126-70.dat	nsis_installer_1
behavioral1/files/0x0007000000014126-70.dat	nsis_installer_2

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2244	2420	challange_Benign_f1d31ec466ec94df65143dd9a52b57d048ae6a8bbb9daf42c7089219b4f28e17.exe	29
PID 2420 wrote to memory of 2244	2420	challange_Benign_f1d31ec466ec94df65143dd9a52b57d048ae6a8bbb9daf42c7089219b4f28e17.exe	29
PID 2420 wrote to memory of 2244	2420	challange_Benign_f1d31ec466ec94df65143dd9a52b57d048ae6a8bbb9daf42c7089219b4f28e17.exe	29
PID 2420 wrote to memory of 2244	2420	challange_Benign_f1d31ec466ec94df65143dd9a52b57d048ae6a8bbb9daf42c7089219b4f28e17.exe	29
PID 2420 wrote to memory of 2244	2420	challange_Benign_f1d31ec466ec94df65143dd9a52b57d048ae6a8bbb9daf42c7089219b4f28e17.exe	29
PID 2420 wrote to memory of 2244	2420	challange_Benign_f1d31ec466ec94df65143dd9a52b57d048ae6a8bbb9daf42c7089219b4f28e17.exe	29
PID 2420 wrote to memory of 2244	2420	challange_Benign_f1d31ec466ec94df65143dd9a52b57d048ae6a8bbb9daf42c7089219b4f28e17.exe	29
PID 2244 wrote to memory of 748	2244	PogoGamesSetup.exe	30
PID 2244 wrote to memory of 748	2244	PogoGamesSetup.exe	30
PID 2244 wrote to memory of 748	2244	PogoGamesSetup.exe	30
PID 2244 wrote to memory of 748	2244	PogoGamesSetup.exe	30
PID 2244 wrote to memory of 748	2244	PogoGamesSetup.exe	30
PID 2244 wrote to memory of 748	2244	PogoGamesSetup.exe	30
PID 2244 wrote to memory of 748	2244	PogoGamesSetup.exe	30

C:\Users\Admin\AppData\Local\Temp\challange_Benign_f1d31ec466ec94df65143dd9a52b57d048ae6a8bbb9daf42c7089219b4f28e17.exe
"C:\Users\Admin\AppData\Local\Temp\challange_Benign_f1d31ec466ec94df65143dd9a52b57d048ae6a8bbb9daf42c7089219b4f28e17.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Users\Admin\AppData\Local\Temp\nsj1E9A.tmp\PogoGamesSetup.exe
  C:\Users\Admin\AppData\Local\Temp\nsj1E9A.tmp\PogoGamesSetup.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2244
- - C:\Users\Admin\AppData\Local\Temp\nse6AF5.tmp\InstGameInfoHelperPDGC.exe
    "C:\Users\Admin\AppData\Local\Temp\nse6AF5.tmp\InstGameInfoHelperPDGC.exe"
    3⤵
    - Executes dropped EXE
    PID:748

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nse6AF5.tmp\InstGameInfoHelperPDGC.exe

Filesize
439KB

MD5
697f994b0b2f77418f4ff7c479b2b419

SHA1
9891834f745d30b73d22180a845289ad94c3a812

SHA256
9c2b9dbe13d6f8901d7609d4a3e2e292e964ad76fcb57a61a16ecea6f86b7513

SHA512
4339ea4daa31d73507bb776254ec9fbca6204ef8ebe7e5f03f6d9ffa3e48bf2544ca98984d12232c70180ab685fc9945bb6e7b6559d6c837773dc8643d0e6e0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse6AF5.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse6AF5.tmp\ftdownload.dat

Filesize
512B

MD5
4064c5db63776770d92559cbe3c76041

SHA1
0e6301c48a3f1bf8f668113cff8e264d85e22d96

SHA256
a575dee81985d073a1aa9db564adde6a2c086144b6eb15eb1b709d7da90cb3c4

SHA512
4cac2cf6e887680255fbea70245165845f31ecfc84c2f94ee399eab20d7d5bea775d650d3228d2d0f84b42245e5ff4d33f2c1c5dadd069b59c5681ee7496e2ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1E9A.tmp\PogoGamesSetup.exe

Filesize
45.6MB

MD5
36005a637bb8ec75ada6b8c18a36d824

SHA1
705df461833c7d3782e035a465e98736be4bc801

SHA256
4ee6bf01aadb0bc90bfce6e80862e20886338dc71114794384d874733873b444

SHA512
f4242a85f8d3204a8cc3acab46df3161d5045ecab2f15a694506fd9aa0603f74f2748fb96ad40df7f793e45795c7fb506b5c988476607a8227a29ce226c6248c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1E9A.tmp\PogoGamesSetup.exe

Filesize
45.6MB

MD5
36005a637bb8ec75ada6b8c18a36d824

SHA1
705df461833c7d3782e035a465e98736be4bc801

SHA256
4ee6bf01aadb0bc90bfce6e80862e20886338dc71114794384d874733873b444

SHA512
f4242a85f8d3204a8cc3acab46df3161d5045ecab2f15a694506fd9aa0603f74f2748fb96ad40df7f793e45795c7fb506b5c988476607a8227a29ce226c6248c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1E9A.tmp\ftdownload.dat

Filesize
512B

MD5
4064c5db63776770d92559cbe3c76041

SHA1
0e6301c48a3f1bf8f668113cff8e264d85e22d96

SHA256
a575dee81985d073a1aa9db564adde6a2c086144b6eb15eb1b709d7da90cb3c4

SHA512
4cac2cf6e887680255fbea70245165845f31ecfc84c2f94ee399eab20d7d5bea775d650d3228d2d0f84b42245e5ff4d33f2c1c5dadd069b59c5681ee7496e2ef

Download Submit
\Users\Admin\AppData\Local\Temp\nse6AF5.tmp\ButtonEvent.dll

Filesize
4KB

MD5
55788069d3fa4e1daf80f3339fa86fe2

SHA1
d64e05c1879a92d5a8f9ff2fd2f1a53e1a53ae96

SHA256
d6e429a063adf637f4d19d4e2eb094d9ff27382b21a1f6dccf9284afb5ff8c7f

SHA512
d3b1eec76e571b657df444c59c48cad73a58d1a10ff463ce9f3acd07acce17d589c3396ad5bdb94da585da08d422d863ffe1de11f64298329455f6d8ee320616

Download Submit
\Users\Admin\AppData\Local\Temp\nse6AF5.tmp\InstGameInfoHelperPDGC.exe

Filesize
439KB

MD5
697f994b0b2f77418f4ff7c479b2b419

SHA1
9891834f745d30b73d22180a845289ad94c3a812

SHA256
9c2b9dbe13d6f8901d7609d4a3e2e292e964ad76fcb57a61a16ecea6f86b7513

SHA512
4339ea4daa31d73507bb776254ec9fbca6204ef8ebe7e5f03f6d9ffa3e48bf2544ca98984d12232c70180ab685fc9945bb6e7b6559d6c837773dc8643d0e6e0d

Download Submit
\Users\Admin\AppData\Local\Temp\nse6AF5.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nse6AF5.tmp\nsExec.dll

Filesize
6KB

MD5
acc2b699edfea5bf5aae45aba3a41e96

SHA1
d2accf4d494e43ceb2cff69abe4dd17147d29cc2

SHA256
168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

SHA512
e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

Download Submit
\Users\Admin\AppData\Local\Temp\nsj1E9A.tmp\NSISdl.dll

Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
\Users\Admin\AppData\Local\Temp\nsj1E9A.tmp\PogoGamesSetup.exe

Filesize
45.6MB

MD5
36005a637bb8ec75ada6b8c18a36d824

SHA1
705df461833c7d3782e035a465e98736be4bc801

SHA256
4ee6bf01aadb0bc90bfce6e80862e20886338dc71114794384d874733873b444

SHA512
f4242a85f8d3204a8cc3acab46df3161d5045ecab2f15a694506fd9aa0603f74f2748fb96ad40df7f793e45795c7fb506b5c988476607a8227a29ce226c6248c

Download Submit
\Users\Admin\AppData\Local\Temp\nsj1E9A.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit