0355475b500f6df818c7fdb5516def6b030e6ef663aea8fc372f0e290ef22e7c

Analysis

max time kernel
55s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2023, 15:39

Target

(4K) v1.1_Underground_-_Definitive_Edition/Underground - Definitive Edition Mod/Speed.exe
Size

3.0MB
MD5

22c731fe0c0c41fe14ce80b728b6cbe0
SHA1

0fe57c4f9ecf53fe60cad8a5ce21c6f218bd925d
SHA256

35654f401383be9af0dbff0d11a92220a17579a01030005de6943e63e03f460f
SHA512

23895d66ecec480095a7f1be53147ed3f5100e09b7fcb4135476d42c2db7313c1149f49a3b725a126895271e9d378fc16dac8d7ec4097516adc1ed593c7d0c0b
SSDEEP

49152:UL5aHsJ+Ad6UQYJ4AbWaSzyN2Cjmi4H7CoCbmK1ixBuKcTqiXaPCFCrgdi/U1ZLW:3Ngd5a/UHmmJ1CK35QjN3

Score

6^/10

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4176	3076	WerFault.exe	85

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4176143399-3250363947-192774652-1000\{5B00EA97-9BD4-45CD-8979-2CF752CC6AAF}	svchost.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Suspicious use of SetWindowsHookEx 3 IoCs

C:\Users\Admin\AppData\Local\Temp\(4K) v1.1_Underground_-_Definitive_Edition\Underground - Definitive Edition Mod\Speed.exe
"C:\Users\Admin\AppData\Local\Temp\(4K) v1.1_Underground_-_Definitive_Edition\Underground - Definitive Edition Mod\Speed.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3076
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 2320
  2⤵
  - Program crash
  PID:4176

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:2004

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3076 -ip 3076
1⤵
PID:4512

C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/3076-0-0x0000000000400000-0x0000000000794368-memory.dmp

Filesize
3.6MB

Download
memory/3076-1-0x0000000076DB0000-0x0000000076EA0000-memory.dmp

Filesize
960KB

Download
memory/3076-2-0x0000000000960000-0x0000000000961000-memory.dmp

Filesize
4KB

Download
memory/3076-25-0x0000000076DB0000-0x0000000076EA0000-memory.dmp

Filesize
960KB

Download