Analysis
-
max time kernel
151s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
18-11-2023 12:06
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
9bdd1157dc5f23851505232152055e00f07bcf7ac47aa8c55e7964f1ad83549d.exe
Resource
win7-20231023-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
9bdd1157dc5f23851505232152055e00f07bcf7ac47aa8c55e7964f1ad83549d.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
9bdd1157dc5f23851505232152055e00f07bcf7ac47aa8c55e7964f1ad83549d.exe
-
Size
3.9MB
-
MD5
92b38863c1352369f9896c27882ad240
-
SHA1
08cd9a0de1c9ed26a50526fec170f63527692728
-
SHA256
9bdd1157dc5f23851505232152055e00f07bcf7ac47aa8c55e7964f1ad83549d
-
SHA512
89ed5b9c7ccbf684817e373fb98a7dad491d1a4f3fae756d1f8fed1094b4cff84da17b384c35791865af73c8a34e4829f8d7205ce79ed9029a622f8fcdbd2e5c
-
SSDEEP
49152:I5nHGDg4rAtexhgKtxkA2C7qJF5LVBFhyzw3Ld7qlV0000Fg:IcE4r/hgW7qJrJ7qb0000q
Score
8/10
Malware Config
Signatures
-
Drops file in Drivers directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\ACE-BASE.sys 9bdd1157dc5f23851505232152055e00f07bcf7ac47aa8c55e7964f1ad83549d.exe File created C:\Windows\SysWOW64\drivers\ACE-GAME.sys 9bdd1157dc5f23851505232152055e00f07bcf7ac47aa8c55e7964f1ad83549d.exe -
Sets service image path in registry 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ACE-GAME\ImagePath = "\\??\\C:\\Windows\\SysWOW64\\drivers\\ACE-GAME.sys" 9bdd1157dc5f23851505232152055e00f07bcf7ac47aa8c55e7964f1ad83549d.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ACE-BASE\ImagePath = "\\??\\C:\\Windows\\SysWOW64\\drivers\\ACE-BASE.sys" 9bdd1157dc5f23851505232152055e00f07bcf7ac47aa8c55e7964f1ad83549d.exe -
Suspicious behavior: LoadsDriver 64 IoCs
pid Process 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2184 9bdd1157dc5f23851505232152055e00f07bcf7ac47aa8c55e7964f1ad83549d.exe 2184 9bdd1157dc5f23851505232152055e00f07bcf7ac47aa8c55e7964f1ad83549d.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\9bdd1157dc5f23851505232152055e00f07bcf7ac47aa8c55e7964f1ad83549d.exe"C:\Users\Admin\AppData\Local\Temp\9bdd1157dc5f23851505232152055e00f07bcf7ac47aa8c55e7964f1ad83549d.exe"1⤵
- Drops file in Drivers directory
- Sets service image path in registry
- Suspicious use of SetWindowsHookEx
PID:2184