Overview

overview

10

Static

static

10

Dave the D...er.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    150s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230824-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-08-2023 03:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Dave the Diver v1.0-v1.0.0.1023 Plus 20 Trainer.exe

  • Size

    1.9MB

  • MD5

    b023f48f7309d6e566620a6906eb11e4

  • SHA1

    a691739583c30d0c9bf3cf0694c6fc1d28a4bba2

  • SHA256

    28f81a85b89727eb90c6c6d3445022d47964283b39ed069afa47bf585845ecbd

  • SHA512

    f0d31ec956e1f5b8e77e6cc37f7b116d80392329528d560f5981febc0c5c6a9847f43d7349d7f44322e10bd64e806f0632293753e3867ef97cd2810863cd115a

  • SSDEEP

    49152:51tlBBduVc9Qbsnk62zHznhXT5X1H2GNTA1w4:jPObsn+hD5zNTA17

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k netsvcs -p
    1⤵
    • Drops file in System32 directory
    PID:3896
  • C:\Users\Admin\AppData\Local\Temp\Dave the Diver v1.0-v1.0.0.1023 Plus 20 Trainer.exe
    "C:\Users\Admin\AppData\Local\Temp\Dave the Diver v1.0-v1.0.0.1023 Plus 20 Trainer.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3360
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /7
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3360-0-0x00007FF9705C0000-0x00007FF971081000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3360-1-0x00000216D08A0000-0x00000216D08B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3360-2-0x00000216D08A0000-0x00000216D08B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3360-3-0x00000216D08A0000-0x00000216D08B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3360-5-0x00000216D08A0000-0x00000216D08B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3360-8-0x00000216D08A0000-0x00000216D08B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3360-13-0x00000216EE6C0000-0x00000216EE6C8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3360-14-0x00000216EEB40000-0x00000216EEB78000-memory.dmp

    Filesize

    224KB

    Download

  • memory/3360-15-0x00000216EEB10000-0x00000216EEB1E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3360-28-0x00007FF9705C0000-0x00007FF971081000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3360-29-0x00000216D08A0000-0x00000216D08B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3360-30-0x00000216D08A0000-0x00000216D08B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3360-31-0x00000216D08A0000-0x00000216D08B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3360-32-0x00000216D08A0000-0x00000216D08B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3360-33-0x00000216D08A0000-0x00000216D08B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3928-34-0x00000210BBB10000-0x00000210BBB11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3928-35-0x00000210BBB10000-0x00000210BBB11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3928-36-0x00000210BBB10000-0x00000210BBB11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3928-41-0x00000210BBB10000-0x00000210BBB11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3928-40-0x00000210BBB10000-0x00000210BBB11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3928-43-0x00000210BBB10000-0x00000210BBB11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3928-42-0x00000210BBB10000-0x00000210BBB11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3928-44-0x00000210BBB10000-0x00000210BBB11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3928-45-0x00000210BBB10000-0x00000210BBB11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3928-46-0x00000210BBB10000-0x00000210BBB11000-memory.dmp

    Filesize

    4KB

    Download