Analysis
-
max time kernel
150s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
26/12/2023, 03:24
Static task
static1
Behavioral task
behavioral1
Sample
50170742d06c54f5b5a96388a08f3ce3.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
50170742d06c54f5b5a96388a08f3ce3.exe
Resource
win10v2004-20231215-en
General
-
Target
50170742d06c54f5b5a96388a08f3ce3.exe
-
Size
69KB
-
MD5
50170742d06c54f5b5a96388a08f3ce3
-
SHA1
4b3bf5c5cbc64ff16ef96e7442dd3693eafb45a8
-
SHA256
7fe55c33879621e4e49ab2f9fd91521bcdd26b711067f0fd1cbc629c355f4d73
-
SHA512
856da2495b79a86653a0155d6948350b24832684f0c545332d395ca03f2e60e1d45ac1c942f82431a44c5e04f3623b7702a8e5f4feed5ba900dca02f1f4f3e78
-
SSDEEP
1536:rnMq9kOQCYwsIPB8yAGVVyLH5GxVkbq1SrsA8K2oBhajSbK:LJfuq8IzyLHIDkbq1SAAdt9bK
Malware Config
Signatures
-
Drops file in Windows directory 18 IoCs
description ioc Process File opened for modification C:\Windows\win32dc\BattleField 1942 serial.exe 50170742d06c54f5b5a96388a08f3ce3.exe File opened for modification C:\Windows\win32dc\UT2004 cdfix.exe 50170742d06c54f5b5a96388a08f3ce3.exe File created C:\Windows\win32dc\UT2004_hack.exe 50170742d06c54f5b5a96388a08f3ce3.exe File created C:\Windows\win32dc\BattleField 1942 serial.exe 50170742d06c54f5b5a96388a08f3ce3.exe File opened for modification C:\Windows\win32dc\Quake3_hack.exe 50170742d06c54f5b5a96388a08f3ce3.exe File opened for modification C:\Windows\win32dc\BattleField 1942_codes.exe 50170742d06c54f5b5a96388a08f3ce3.exe File opened for modification C:\Windows\win32dc\Half-Life 2_serial.exe 50170742d06c54f5b5a96388a08f3ce3.exe File created C:\Windows\win32dc\DAoC(cheat).exe 50170742d06c54f5b5a96388a08f3ce3.exe File created C:\Windows\win32dc\Doom 3(nocd).exe 50170742d06c54f5b5a96388a08f3ce3.exe File created C:\Windows\win32dc\Quake3_hack.exe 50170742d06c54f5b5a96388a08f3ce3.exe File created C:\Windows\win32dc\Counter-Strike + trainer.exe 50170742d06c54f5b5a96388a08f3ce3.exe File opened for modification C:\Windows\win32dc\UT2004_hack.exe 50170742d06c54f5b5a96388a08f3ce3.exe File created C:\Windows\win32dc\Half-Life 2_serial.exe 50170742d06c54f5b5a96388a08f3ce3.exe File opened for modification C:\Windows\win32dc\DAoC(cheat).exe 50170742d06c54f5b5a96388a08f3ce3.exe File created C:\Windows\win32dc\BattleField 1942_codes.exe 50170742d06c54f5b5a96388a08f3ce3.exe File created C:\Windows\win32dc\UT2004 cdfix.exe 50170742d06c54f5b5a96388a08f3ce3.exe File created C:\Windows\win32dc\Counter-Strike + fix.exe 50170742d06c54f5b5a96388a08f3ce3.exe File opened for modification C:\Windows\win32dc\Counter-Strike + fix.exe 50170742d06c54f5b5a96388a08f3ce3.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
69KB
MD55adc6b4ff25f3fc559fd0daa2a06eb7e
SHA1f71058b816598b9a0493833b29ad6423422aa1f6
SHA256304bc128f3144a2fd98d1e6dfbb733ee38f40c8b285860895eb68ddb12eddc4b
SHA51214ea479434b883bb95177cd8b75c90404bb5761817530cb695a4054176e4f0ce32654b9b27492c68c448801ec0b904f964141d59874680e202e563bba8198b1c