Overview

overview

7

Static

static

3

Garrys_Mod.exe

windows7-x64

7

Garrys_Mod.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    590s
  • max time network
    433s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-08-2023 18:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Garrys_Mod.exe

  • Size

    221KB

  • MD5

    2062b3248678ab504f8af316cda9889a

  • SHA1

    f88844f82c1d64b396c3020d5efb76e901efe5fb

  • SHA256

    0b4e8219b7a6e721cfc9eaf3260bc850b2bd0ed35793ea1c70cf81a22b541d19

  • SHA512

    91a91b35b50441d48c971e2cbcb766bd1a888e4e114590928779f2ccc9b4755946abca8d6213ac1b8c5d79c03dbb2dc554eb227624e6c4e4f4d9dcfcf08e9cdc

  • SSDEEP

    3072:LaW+rTUnoRyS6AgJvVR/p4p0OkK/1o8TBziXMjvgXCCHYnfsb7KhFnJf98G:eVTUnObwq5V9

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Garrys_Mod.exe
    "C:\Users\Admin\AppData\Local\Temp\Garrys_Mod.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1404
    • C:\Users\Admin\AppData\Local\Temp\revLoader.exe
      revLoader.exe -launch hl2.exe -steam -game garrysmod -appid 4000 -silent -novid -noworkshop
      2⤵
      • Executes dropped EXE
      PID:4392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\revLoader.exe
    Filesize

    33KB

    MD5

    3289557dda56ebe91f377e0663ede5b6

    SHA1

    ec0ad6e72cec1975e9302becd272c6ebe25a25e0

    SHA256

    562d03c97644c0229b2981d7cd4a0d1f61c2ca08d2c6d4e7b6710337c3063628

    SHA512

    6334af32494d6c590c5eec8ffe28585fc15e2df03de30e8bb674b38585a347c83eeb33648f56e036c8fa6e4c38eaaeb8d7b8f3db9ae66ce34be043fd8c1adb3d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\revLoader.exe
    Filesize

    33KB

    MD5

    3289557dda56ebe91f377e0663ede5b6

    SHA1

    ec0ad6e72cec1975e9302becd272c6ebe25a25e0

    SHA256

    562d03c97644c0229b2981d7cd4a0d1f61c2ca08d2c6d4e7b6710337c3063628

    SHA512

    6334af32494d6c590c5eec8ffe28585fc15e2df03de30e8bb674b38585a347c83eeb33648f56e036c8fa6e4c38eaaeb8d7b8f3db9ae66ce34be043fd8c1adb3d

    Download Submit

  • memory/1404-5-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download