Overview

overview

7

Static

static

3

WatchDogs2...NG.exe

windows7-x64

7

WatchDogs2...NG.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-10-2023 10:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WatchDogs2+11Tr_LNG/WatchDogs2+11Tr_LNG.exe

  • Size

    4.0MB

  • MD5

    cf87b1724aa43851a6438c7c9fcf997d

  • SHA1

    2950d3a43ce1b8dd38d7be1a4cfde7094c348355

  • SHA256

    b2c080a134d7a3bb188921c5585dd7012ee4ed86fbec18e7bacceb74f19d948f

  • SHA512

    b58e75bd6d9b183673a02b34ead216f5a9e9e59fd2d0718c93efa3927443e5da4626ab9cb1313b97d1c18fabe47ef6ad4f822626ae34024e048c86a0e174d0ea

  • SSDEEP

    98304:mCkvLoYGQlAkxpP2vrXG6AXnBNy9aDGL:6vBGIAkxpuvrXGpNy9AG

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WatchDogs2+11Tr_LNG\WatchDogs2+11Tr_LNG.exe
    "C:\Users\Admin\AppData\Local\Temp\WatchDogs2+11Tr_LNG\WatchDogs2+11Tr_LNG.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1144
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x508 0x518
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\SkinSoft\VisualStyler\2.3.5.0\x64\ssapihook.dll
    Filesize

    66KB

    MD5

    c74d260d388f5ac3d95d8c1c3a27c989

    SHA1

    5da009086036004a7c670d608d5e1e923aead568

    SHA256

    dc1bebb8ce88d59e4b3130c1ff2c4b7f5df2701c7a71b476b8a6f2ed541db628

    SHA512

    6460db8f73806017d267c0e4e112902956a3bc53853c6a893cff66fe44772305b2c158ef8b58e993806d713aceaddcf2efa7ccf625063678444d3fd20b10546a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Bass.Net.dll
    Filesize

    632KB

    MD5

    ddc305fca2a8d80523ad8bc50996480b

    SHA1

    7bee723b565267aa355ad9f7f5cf17c74f2cce1f

    SHA256

    af9e46b70c7739547739ddfcdd56b7b218b5bda6e14c49bed3bbc08c2b867216

    SHA512

    acf2064d1b59d73cc5086f9a8c26a5e1fb7e7909e5460d3427d7681ee36709a568146000bbea9464fb173df474c58bda4f87bbbb759ea06ed2fd71d3c6bc0eea

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Bass.dll
    Filesize

    218KB

    MD5

    82dbc53c4e057ad941eb73aba212956e

    SHA1

    38a582ce5fbe03e8c5f040d82f89b4797e305860

    SHA256

    eda3f66eedc49ff9b9506c1ccf679a7822104c771eaab3afa367f0d6a2c9bbd5

    SHA512

    6f8e9082750c9cc8eb7bcaf7b7442f52ec55e2b712fff29a3a22868218fbfd605b594314e7be2720fd25f5a89d95774481177429de35acb48d023d39a2767781

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Bass.dll
    Filesize

    218KB

    MD5

    82dbc53c4e057ad941eb73aba212956e

    SHA1

    38a582ce5fbe03e8c5f040d82f89b4797e305860

    SHA256

    eda3f66eedc49ff9b9506c1ccf679a7822104c771eaab3afa367f0d6a2c9bbd5

    SHA512

    6f8e9082750c9cc8eb7bcaf7b7442f52ec55e2b712fff29a3a22868218fbfd605b594314e7be2720fd25f5a89d95774481177429de35acb48d023d39a2767781

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tmpBE6E.tmp
    Filesize

    832KB

    MD5

    6aab5c90d7c703ed4aefd5100c97fd22

    SHA1

    b6bb0a5614da9565d5ef2a5a23aa0aaa5bd5b3f0

    SHA256

    1b796196d9ae7b15507546d53a2b5aeae36e5b80e6291f02317f6fedab18d74a

    SHA512

    6c1c1cc6da08f49d15f6cbbadc81bdfaa4251d9ecc9321e0de474141534b42f2bc4c4ada053ace81e07635478f945d2266466f45f9e55c3c924c974d86c26251

    Download Submit

  • memory/1144-23-0x00007FF966DD0000-0x00007FF966DD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-25-0x00007FF9635C0000-0x00007FF9635C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-12-0x00007FF966D20000-0x00007FF966D21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-13-0x00007FF966330000-0x00007FF966331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-14-0x00007FF966D40000-0x00007FF966D41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-15-0x00007FF966D50000-0x00007FF966D51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-16-0x00007FF966DC0000-0x00007FF966DC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-17-0x00007FF966D60000-0x00007FF966D61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-18-0x00007FF966D70000-0x00007FF966D71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-19-0x00007FF966D90000-0x00007FF966D91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-20-0x00007FF966DA0000-0x00007FF966DA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-21-0x00007FF966D80000-0x00007FF966D81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-22-0x00007FF966DB0000-0x00007FF966DB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-0-0x00007FF9C9AC0000-0x00007FF9CA581000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1144-24-0x00007FF963570000-0x00007FF963571000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-11-0x00007FF966D30000-0x00007FF966D31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-26-0x00007FF9635D0000-0x00007FF9635D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-27-0x00007FF9C9AC0000-0x00007FF9CA581000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1144-28-0x000000001B640000-0x000000001B650000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1144-29-0x000000001B640000-0x000000001B650000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1144-30-0x000000001B640000-0x000000001B650000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1144-31-0x000000001B640000-0x000000001B650000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1144-32-0x000000001B640000-0x000000001B650000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1144-36-0x000000001F700000-0x000000001F7A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/1144-6-0x000000001C680000-0x000000001C778000-memory.dmp

    Filesize

    992KB

    Download

  • memory/1144-44-0x000000001F690000-0x000000001F6E8000-memory.dmp

    Filesize

    352KB

    Download

  • memory/1144-5-0x000000001B640000-0x000000001B650000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1144-2-0x000000001B640000-0x000000001B650000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1144-1-0x00000000004F0000-0x00000000008FA000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/1144-50-0x000000001B640000-0x000000001B650000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1144-51-0x000000001B640000-0x000000001B650000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1144-52-0x000000001B640000-0x000000001B650000-memory.dmp

    Filesize

    64KB

    Download