3471f242247c7e374e20e32c0682c3227d78f25726d6c59546b116582a016f64

Analysis

max time kernel
154s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
14-11-2023 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fluster.exe
Size

13KB
MD5

d1bdadd8694a5ea9c1088fac10257416
SHA1

155f8e396f5d60bcf2f76c696429e5f9c1835817
SHA256

3471f242247c7e374e20e32c0682c3227d78f25726d6c59546b116582a016f64
SHA512

0e84e400915dea46a6f00ffb1c9d888686b3eda30ef97ac8fddd23dfb5505bab3d70550eb65a2f52ef69916be3e24a854a55fd6f18a9fda51f31a3169d332896
SSDEEP

192:WU0Ymvv5i9jL3umTjQf4Zv5MlEf6pWNlnJ:WU0Ymn5i9L3zT8f4R5MBpMln

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3712	powershell.exe
3712	powershell.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1744	Fluster.exe
Token: SeDebugPrivilege	3712	powershell.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 3712	1744	Fluster.exe	111
PID 1744 wrote to memory of 3712	1744	Fluster.exe	111
PID 1744 wrote to memory of 3712	1744	Fluster.exe	111

C:\Users\Admin\AppData\Local\Temp\Fluster.exe
"C:\Users\Admin\AppData\Local\Temp\Fluster.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "powershell" -Command Add-AppxPackage -path C:\Fluster\AppxManifest.xml -register
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Fluster\ExtraContent\textures\ui\LuaApp\graphic\shimmer%402x.png

Filesize
71KB

MD5
3fec0191b36b9d9448a73ff1a937a1f7

SHA1
bee7d28204245e3088689ac08da18b43eae531ba

SHA256
1a03e6f6a0de045aa588544c392d671c040b82a5598b4246af04f5a74910dc89

SHA512
a8ab2bc2d937963af36d3255c6ea09cae6ab1599996450004bb18e8b8bdfbdde728821ac1662d8a0466680679011d8f366577b143766838fe91edf08a40353ce

Download Submit
C:\Fluster\ExtraContent\textures\ui\LuaApp\graphic\shimmer.png

Filesize
20KB

MD5
4f8f43c5d5c2895640ed4fdca39737d5

SHA1
fb46095bdfcab74d61e1171632c25f783ef495fa

SHA256
fc57f32c26087eef61b37850d60934eda1100ca8773f08e487191a74766053d1

SHA512
7aebc0f79b2b23a76fb41df8bab4411813ffb1abc5e2797810679c0eaa690e7af7561b8473405694bd967470be337417fa42e30f0318acbf171d8f31620a31aa

Download Submit
C:\Fluster\PlatformContent\pc\textures\ice\normaldetail.dds

Filesize
176B

MD5
f527b5859d7ca6c080ba954f3013883f

SHA1
3d00b598b1fb762ae0921bcc49ca189f05f417d2

SHA256
ff11c95774ee0405666fa313f1e53ebb46b1352bfff3456ac2b2caccdab07b4d

SHA512
e908a29c4316a15f5c16a005c69b402e0525b80e0c3284d6f19074ab8b05d62d079ecf43974b223a68d7c56cbf1789df69ab260553de1aab0edfbdad5e6d654d

Download Submit
C:\Fluster\content\configs\DateTimeLocaleConfigs\zh-cjv.json

Filesize
2KB

MD5
fb6605abd624d1923aef5f2122b5ae58

SHA1
6e98c0a31fa39c781df33628b55568e095be7d71

SHA256
7b993133d329c46c0c437d985eead54432944d7b46db6ad6ea755505b8629d00

SHA512
97a14eda2010033265b379aa5553359293baf4988a4cdde8a40b0315e318a7b30feee7f5e14c68131e85610c00585d0c67e636999e3af9b5b2209e1a27a82223

Download Submit
C:\Fluster\content\configs\DateTimeLocaleConfigs\zh-hant.json

Filesize
2KB

MD5
702c9879f2289959ceaa91d3045f28aa

SHA1
775072f139acc8eafb219af355f60b2f57094276

SHA256
a92a6988175f9c1d073e4b54bf6a31f9b5d3652eebdf6a351fb5e12bda76cbd5

SHA512
815a6bef134c0db7a5926f0cf4b3f7702d71b0b2f13eca9539cd2fc5a61eea81b1884e4c4bc0b3398880589bff809ac8d5df833e7e4aeda4a1244e9a875d1e97

Download Submit
C:\Fluster\content\textures\AvatarImporter\img_window_BG.png

Filesize
247B

MD5
81ce54dfd6605840a1bd2f9b0b3f807d

SHA1
4a3a4c05b9c14c305a8bb06c768abc4958ba2f1c

SHA256
0a6a5cafb4dee0d8c1d182ddec9f68ca0471d7fc820cf8dc2d68f27a35cd3386

SHA512
57069c8ac03dd0fdfd97e2844c19138800ff6f7d508c26e5bc400b30fe78baa0991cc39f0f86fa10cd5d12b6b11b0b09c1a770e5cb2fdca157c2c8986a09e5ff

Download Submit
C:\Fluster\content\textures\CompositorDebugger\clear.png

Filesize
538B

MD5
fa8eaf9266c707e151bb20281b3c0988

SHA1
3ca097ad4cd097745d33d386cc2d626ece8cb969

SHA256
8cf08bf7e50fea7b38f59f162ed956346c55a714ed8a9a8b0a1ada7e18480bc2

SHA512
e29274300eab297c6de895bb39170f73f0a4ffa2a8c3732caeeeac16e2c25fb58bb401fdd5823cc62d9c413ec6c43d7c46861d7e14d52f8d9d8ff632e29f167c

Download Submit
C:\Fluster\content\textures\IBeamCursor.png

Filesize
292B

MD5
464c4983fa06ad6cf235ec6793de5f83

SHA1
8afeb666c8aee7290ab587a2bfb29fc3551669e8

SHA256
99fd7f104948c6ab002d1ec69ffd6c896c91f9accc499588df0980b4346ecbed

SHA512
f805f5f38535fe487b899486c8de6cf630114964e2c3ebc2af7152a82c6f6faef681b4d936a1867b5dff6566b688b5c01105074443cc2086b3fe71f7e6e404b1

Download Submit
C:\Fluster\content\textures\StudioUIEditor\valueBoxRoundedRectangle.png

Filesize
130B

MD5
521fb651c83453bf42d7432896040e5e

SHA1
8fdbf2cc2617b5b58aaa91b94b0bf755d951cad9

SHA256
630303ec4701779eaf86cc9fbf744b625becda53badc7271cbb6ddc56e638d70

SHA512
8fa0a50e52a3c7c53735c7dd7af275ebc9c1843f55bb30ebe0587a85955a8da94ff993822d233f7ed118b1070a7d67718b55ba4a597dc49ed2bf2a3836c696f6

Download Submit
C:\Fluster\content\textures\TerrainTools\checkbox_square.png

Filesize
985B

MD5
2cb16991a26dc803f43963bdc7571e3f

SHA1
12ad66a51b60eeaed199bc521800f7c763a3bc7b

SHA256
c7bae6d856f3bd9f00c122522eb3534d0d198a9473b6a379a5c3458181870646

SHA512
4c9467e5e2d83b778d0fb8b6fd97964f8d8126f07bfd50c5d68c256703f291ceaed56be057e8e2c591b2d2c49f6b7e099a2b7088d0bf5bdd901433459663b1f8

Download Submit
C:\Fluster\content\textures\ui\Controls\XboxController\Thumbstick1%402x.png

Filesize
1KB

MD5
e8c88cf5c5ef7ae5ddee2d0e8376b32f

SHA1
77f2a5b11436d247d1acc3bac8edffc99c496839

SHA256
9607af14604a8e8eb1dec45d3eeca01fed33140c0ccc3e6ef8ca4a1f6219b5dd

SHA512
32f5a1e907705346a56fbddfe0d8841d05415ff7abe28ae9281ba46fedf8270b982be0090b72e2e32de0ce36e21934f80eaf508fd010f7ab132d39f5305fb68f

Download Submit
C:\Fluster\content\textures\ui\Controls\XboxController\Thumbstick1%403x.png

Filesize
1KB

MD5
499333dae156bb4c9e9309a4842be4c8

SHA1
d18c4c36bdb297208589dc93715560acaf761c3a

SHA256
d35a74469f1436f114c27c730a5ec0793073bcf098db37f10158d562a3174591

SHA512
91c64173d2cdabc045c70e0538d45e1022cc74ec04989565b85f0f26fe3e788b700a0956a07a8c91d34c06fc1b7fad43bbdbb41b0c6f15b9881c3e46def8103e

Download Submit
C:\Fluster\content\textures\ui\Controls\XboxController\Thumbstick1.png

Filesize
641B

MD5
2cbe38df9a03133ddf11a940c09b49cd

SHA1
6fb5c191ed8ce9495c66b90aaf53662bfe199846

SHA256
0835a661199a7d8df7249e8ae925987184efcc4fb85d9efac3cc2c1495020517

SHA512
dcef5baccef9fff632456fe7bc3c4f4a403363d9103a8047a55f4bd4c413d0c5f751a2e37385fe9eba7a420dbdb77ca2ff883d47fcdd35af222191cc5bd5c7a9

Download Submit
C:\Fluster\content\textures\ui\Controls\XboxController\Thumbstick2%402x.png

Filesize
1KB

MD5
83e9b7823c0a5c4c67a603a734233dec

SHA1
2eaf04ad636bf71afdf73b004d17d366ac6d333e

SHA256
3b5e06eb1a89975def847101f700f0caa60fe0198f53e51974ef1608c6e1e067

SHA512
e8abb39a1ec340ac5c7d63137f607cd09eae0e885e4f73b84d8adad1b8f574155b92fbf2c9d3013f64ebbb6d55ead5419e7546b0f70dcde976d49e7440743b0f

Download Submit
C:\Fluster\content\textures\ui\Controls\XboxController\Thumbstick2%403x.png

Filesize
1KB

MD5
55b64987636b9740ab1de7debd1f0b2f

SHA1
96f67222ce7d7748ec968e95a2f6495860f9d9c9

SHA256
f4a6bb3347ee3e603ea0b2f009bfa802103bc434ae3ff1db1f2043fa8cace8fc

SHA512
73a88a278747de3fefbaabb3ff90c1c0750c8d6c17746787f17061f4eff933620407336bf9b755f4222b0943b07d8c4d01de1815d42ea65e78e0daa7072591e9

Download Submit
C:\Fluster\content\textures\ui\Controls\XboxController\Thumbstick2.png

Filesize
738B

MD5
a402aacac8be906bcc07d50669d32061

SHA1
9d75c1afbe9fc482983978cae4c553aa32625640

SHA256
62a313b6cc9ffe7dd86bc9c4fcd7b8e8d1f14a15cdf41a53fb69af4ae3416102

SHA512
d11567bcaad8bbd9e2b9f497c3215102c7e7546caf425e93791502d3d2b3f78dec13609796fcd6e1e7f5c7d794bac074d00a74001e7fe943d63463b483877546

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dftsvbcl.igt.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/1744-7-0x00000000062F0000-0x0000000006302000-memory.dmp

Filesize
72KB

Download
memory/1744-6-0x0000000002D10000-0x0000000002D1A000-memory.dmp

Filesize
40KB

Download
memory/1744-4-0x0000000005400000-0x0000000005410000-memory.dmp

Filesize
64KB

Download
memory/1744-3-0x0000000074B20000-0x00000000752D0000-memory.dmp

Filesize
7.7MB

Download
memory/1744-0-0x0000000000940000-0x000000000094A000-memory.dmp

Filesize
40KB

Download
memory/1744-2-0x0000000005400000-0x0000000005410000-memory.dmp

Filesize
64KB

Download
memory/1744-1-0x0000000074B20000-0x00000000752D0000-memory.dmp

Filesize
7.7MB

Download
memory/3712-7918-0x0000000004D70000-0x0000000005398000-memory.dmp

Filesize
6.2MB

Download
memory/3712-7932-0x0000000005BB0000-0x0000000005BCE000-memory.dmp

Filesize
120KB

Download
memory/3712-7917-0x00000000026B0000-0x00000000026C0000-memory.dmp

Filesize
64KB

Download
memory/3712-7915-0x0000000074B20000-0x00000000752D0000-memory.dmp

Filesize
7.7MB

Download
memory/3712-7919-0x0000000005410000-0x0000000005432000-memory.dmp

Filesize
136KB

Download
memory/3712-7920-0x00000000054E0000-0x0000000005546000-memory.dmp

Filesize
408KB

Download
memory/3712-7914-0x00000000025E0000-0x0000000002616000-memory.dmp

Filesize
216KB

Download
memory/3712-7926-0x00000000055C0000-0x0000000005626000-memory.dmp

Filesize
408KB

Download
memory/3712-7931-0x00000000057B0000-0x0000000005B04000-memory.dmp

Filesize
3.3MB

Download
memory/3712-7916-0x00000000026B0000-0x00000000026C0000-memory.dmp

Filesize
64KB

Download
memory/3712-7933-0x0000000005BF0000-0x0000000005C3C000-memory.dmp

Filesize
304KB

Download
memory/3712-7934-0x00000000026B0000-0x00000000026C0000-memory.dmp

Filesize
64KB

Download
memory/3712-7935-0x0000000006190000-0x00000000061C2000-memory.dmp

Filesize
200KB

Download
memory/3712-7936-0x0000000070310000-0x000000007035C000-memory.dmp

Filesize
304KB

Download
memory/3712-7946-0x0000000006D80000-0x0000000006D9E000-memory.dmp

Filesize
120KB

Download
memory/3712-7947-0x0000000006DB0000-0x0000000006E53000-memory.dmp

Filesize
652KB

Download
memory/3712-7948-0x0000000007560000-0x0000000007BDA000-memory.dmp

Filesize
6.5MB

Download
memory/3712-7949-0x0000000006F10000-0x0000000006F2A000-memory.dmp

Filesize
104KB

Download
memory/3712-7950-0x0000000074B20000-0x00000000752D0000-memory.dmp

Filesize
7.7MB

Download