Overview

overview

4

Static

static

3

game.exe

windows10-1703-x64

4

Resubmissions

15/07/2023, 21:08

230715-zy9sgsbh22 4

15/07/2023, 21:04

230715-zw1rsscf91 3

Analysis

  • max time kernel
    114s
  • max time network
    110s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-es
  • resource tags

    arch:x64arch:x86image:win10-20230703-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    15/07/2023, 21:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    game.exe

  • Size

    3.9MB

  • MD5

    6c5d61c870fce57ee036fe10b12a08ef

  • SHA1

    fb768c2ce9bd9f52f8604eaa844e5b4b0e35f461

  • SHA256

    c677aeb112ec0309f13ccb199040394d81829d7a8b7136044deb355d66391f6f

  • SHA512

    149633f46bea056dcc0d7b04b7831af13e54b7d334f2994b02b900dc166b7e49564d4156cc0951bdc6324c207fc082355ba3a30a00e7128cf7db70b4d55dcff3

  • SSDEEP

    49152:8P6aFKkB+h4xKPfLHuiYwUiZMX6paVkUWXHXt4Imo2jGyC4AboTQqt:CkcbVwtXQX

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 4 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies registry class 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\game.exe
    "C:\Users\Admin\AppData\Local\Temp\game.exe"
    1⤵
    • Drops file in Windows directory
    • Checks SCSI registry key(s)
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4588
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start steam://store/1859290
      2⤵
      • Modifies registry class
      PID:4060
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start steam://store/1859290
      2⤵
      • Modifies registry class
      PID:3092
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x3b4
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:196
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3812
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1140

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4588-179-0x00007FF88FBB0000-0x00007FF88FDDA000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/4588-178-0x0000000071000000-0x0000000071017000-memory.dmp

          Filesize

          92KB

          Download

        • memory/4588-180-0x000000006CD00000-0x000000006CD8D000-memory.dmp

          Filesize

          564KB

          Download

        • memory/4588-181-0x0000000062E80000-0x0000000062EA4000-memory.dmp

          Filesize

          144KB

          Download

        • memory/4588-177-0x000000006A880000-0x000000006A8A7000-memory.dmp

          Filesize

          156KB

          Download

        • memory/4588-182-0x0000000068B40000-0x0000000068B7C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/4588-185-0x00007FF88FBB0000-0x00007FF88FDDA000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/4588-191-0x00007FF88FBB0000-0x00007FF88FDDA000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/4588-197-0x00007FF88FBB0000-0x00007FF88FDDA000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/4588-203-0x00007FF88FBB0000-0x00007FF88FDDA000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/4588-209-0x00007FF88FBB0000-0x00007FF88FDDA000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/4588-215-0x00007FF88FBB0000-0x00007FF88FDDA000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/4588-221-0x00007FF88FBB0000-0x00007FF88FDDA000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/4588-227-0x00007FF88FBB0000-0x00007FF88FDDA000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/4588-239-0x00007FF88FBB0000-0x00007FF88FDDA000-memory.dmp

          Filesize

          2.2MB

          Download