459c01ea8ce582cc0e35acad986e0c9f56331fe24e20c59852b6b63a47b68a87

Analysis

max time kernel
149s
max time network
312s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2023 06:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Shotgun.King.The.Final.Checkmate.v1.37/Shotgun.King.The.Final.Checkmate.v1.37/SDL2.dll
Size

1.9MB
MD5

a399b08b541a11c56d88f32881231f4f
SHA1

0467991f887617d288f753557fdc0896b1c9f16f
SHA256

d78456c65b1e8bad7e17ce96ebf9de30bcd6c40ee753a069ee12b1521375d3e5
SHA512

675589736d76c2450bfc6dec627fa92048ce9abcc455781fa6f581de1fe01c028ee6648cdeb7870f91bc26db28aa550c35ad4b2292bed2cd0ec29352a1f19bb9
SSDEEP

24576:EwcQ4fYcT7ixhnD0G8LKGGxn9J3HsGkV/akFnPc2b01NxStlWxwP5uHhC3rzk9pW:tQcn3HsKgp+dtNK4ehmgHdvz

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{03DD4158-F699-4D6F-9974-4351715D4592}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	4960	svchost.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3948 wrote to memory of 1204	3948	rundll32.exe	80
PID 3948 wrote to memory of 1204	3948	rundll32.exe	80
PID 3948 wrote to memory of 1204	3948	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Shotgun.King.The.Final.Checkmate.v1.37\Shotgun.King.The.Final.Checkmate.v1.37\SDL2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Shotgun.King.The.Final.Checkmate.v1.37\Shotgun.King.The.Final.Checkmate.v1.37\SDL2.dll,#1
  2⤵
  PID:1204

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:1208

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4160

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
8c93646e17b1026f625c0beaa1e2e7c6

SHA1
05b684337d9668075f950c14ed31ea5139601496

SHA256
8c2d442e00625844fbdb267612bb729ec47305cc690829b85b73ecba660c549f

SHA512
67a6d09a1338079bf56e16a7cb69718d9785a79eb4ad93fa95540d3b7133568f36c5d590309aee713072dbde45145d6659e54a798a2f6208202fea6eb9dab3d9

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
bbdb34dc3b716212a380ea4dcd71b0e4

SHA1
1f8e43445b52c6b8163574e4463e7427bff17839

SHA256
0267c483dbc0a0076dcd41ea1f0ae7488314e354f8748134e387b2fe0b720c2f

SHA512
9316d37dc3ef6072b003cfbea88b7623b735df2ad07b92cf6ba1d19a8911129d228ec55600af5a3b9f6859c5346e3800b73c4de486cfdbafcc0aef366ad4697e

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
51b76471b06ef356659a9b8b41eaae2d

SHA1
26f7ca60508f02377c10e453f989daf8f527b82c

SHA256
4663858fd7f70df1e71c3ef5ee07d71f68a89727e706ad43e5fe97410949a35c

SHA512
0a9554b42d65f94317eff519e37747f2ff2d2214a59fd88286f28c9d64bb24fed4a4fa5cf8fdac96e6e00780ae0199ccb29ac2217a79699db85189071a2200bc

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
b4a844d8fed81d77a06724a1823860ce

SHA1
a6aa167c96b7ee956bc41b308d920537edd1aa7f

SHA256
9cdf6c4cc9f12325c4e8dd7160c256448bb854fd066b12141fdffc5ec41a64e3

SHA512
fe02f0d495ccfdb57d10679a708181d81ed6da3dc9eecded5c37222f9f65e295fd54badcbafbbcc2ac1ed0cbb2b0b87f78641e413da077e569c3b2afa75afc17

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
35f66ae6438b638ace7ddb859db61603

SHA1
65b39ae66efbf147626861ef3060ecdb628d3dbd

SHA256
d77dfd536d9d9643ba37700122c8f34eb39803b5b81426db354e7849f43ad2fc

SHA512
3e971be386fc74a78b6d58bb92e78ed04b32cd9cd31edbdaf82c9e78b7932a27a53f89306048b56a8781373131d0e1d7085ba0403f5e8f65e308b1b184a0af28

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
9b31a0183d485d1acd21ca268da6ea47

SHA1
5a96c475472cc6f03f2b0a11c564aeb2a4a74521

SHA256
aa0a819a6be527fdcd1ca88a00b4db85bb5700d61281f6e3fb229121dc896a44

SHA512
c694c0b1535cf89f5e5516f05bceb40467a718bca3c686701aecdf68584c7f04764ba94826f2ddc4312f2cd3c38b44af6628ba45f214bc74c77f6b07d1f19434

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
a2ff76dc9c242aae449ef0c8bd8fae3c

SHA1
f7bc17b997454bc97bc8080d951c1168a30231b7

SHA256
a7dee3f52945e76f7b9dbcbaf017422d1e1e6508a573b4bab3e1d386109c61fb

SHA512
18031e0242822a0db4ccc1ac0ee555f42c4a64bc35e249cddab9f29a8d89daf5dc6ae9c2b92627ca0424c5cf7619db1c547c2427ca7a042f3a1c8afba2a33f05

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
317eea3b8dee9dd8a07c754fff2e0fc7

SHA1
ce33a782c0fdd5983f2d70c5a6b1e2ba1c69532a

SHA256
bb7016d7c2d022aa8e72a3b26a7e75669cdbd886701bb170891f9aad4cc1f113

SHA512
bb03b78deea3dcb717dee8569ead156725d214904bcf80ff09dd2b7914754c0548543fc751b0da5cc55784b20a61c5e0412e4c772328cf31de7eccee14f42758

Download Submit
memory/4960-396-0x0000020849640000-0x0000020849650000-memory.dmp

Filesize
64KB

Download
memory/4960-433-0x0000020851AE0000-0x0000020851AE1000-memory.dmp

Filesize
4KB

Download
memory/4960-434-0x0000020851AE0000-0x0000020851AE1000-memory.dmp

Filesize
4KB

Download
memory/4960-435-0x0000020851BF0000-0x0000020851BF1000-memory.dmp

Filesize
4KB

Download
memory/4960-431-0x0000020851AB0000-0x0000020851AB1000-memory.dmp

Filesize
4KB

Download
memory/4960-412-0x0000020849740000-0x0000020849750000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads