Analysis
-
max time kernel
190s -
max time network
203s -
platform
windows11-21h2_x64 -
resource
win11-20231128-en -
resource tags
arch:x64arch:x86image:win11-20231128-enlocale:en-usos:windows11-21h2-x64system -
submitted
04-12-2023 06:46
Behavioral task
behavioral1
Sample
GTA_Toolbox.exe
Resource
win11-20231128-en
windows11-21h2-x64
3 signatures
600 seconds
General
-
Target
GTA_Toolbox.exe
-
Size
143.8MB
-
MD5
f1ec47f064390c85ebc151cbadc2b39d
-
SHA1
566e3f891a9291a7bea61d6e560487721acf7311
-
SHA256
6a4df4cd81c1c7371a194dc94353cdeb8d69a50985c2cdedf72ea8b27d184c51
-
SHA512
d61e2d3e1d79e9cec64e7369a8507fdfc30f87ec284258d51cbaf6dc701af987882fd264c6a1aa3d38f75a7b51d01043e6fd71be63ea9ead25467caa1afab6c1
-
SSDEEP
786432:TwNPt9OyJ4jSQqmvaDuB449Y7BPwxElNtka3JvjprTtLwSTRpf4P1wT1HaVTZq5z:TqPtbJhDuB4TB9RZ7xaVTE5z
Score
6/10
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Enumerates system info in registry 2 TTPs 6 IoCs
Processes:
GTA_Toolbox.exeGTA_Toolbox.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer GTA_Toolbox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion GTA_Toolbox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS GTA_Toolbox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer GTA_Toolbox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion GTA_Toolbox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS GTA_Toolbox.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
GTA_Toolbox.exeGTA_Toolbox.exedescription pid process Token: SeDebugPrivilege 4060 GTA_Toolbox.exe Token: SeDebugPrivilege 5052 GTA_Toolbox.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\GTA_Toolbox.exe"C:\Users\Admin\AppData\Local\Temp\GTA_Toolbox.exe"1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
PID:4060
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2268
-
C:\Users\Admin\AppData\Local\Temp\GTA_Toolbox.exe"C:\Users\Admin\AppData\Local\Temp\GTA_Toolbox.exe"1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
PID:5052