47c05af7feb0ac5ec3b4cdc955a5dc276c31fa1d06dbeb4dd88b7b484fa9a53f

General

Target

47c05af7feb0ac5ec3b4cdc955a5dc276c31fa1d06dbeb4dd88b7b484fa9a53f.exe
Size

8.9MB
MD5

b727c4b8da1ee4dd1c17c26aa02d92ac
SHA1

ac3e53f12a05b784cf5d5f8e12701622fcac0c7f
SHA256

47c05af7feb0ac5ec3b4cdc955a5dc276c31fa1d06dbeb4dd88b7b484fa9a53f
SHA512

5bf52a66fdcf7bb59de92485d493c06bea77db945c674047d853da0ad3a2ae36ce772c0fa60414fabf21f16d3a9254bac01ae9d0d05d6c6d161ebf98ce14b2c4
SSDEEP

196608:Oebi/FQ9pwv8A7fmb0cW8X4fx04lZDcteXIncqGZjZjW:O+i/o5A7eMjlZDctBncrj

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3056	gpuz_installer.exe
2992	gpuz_installer.tmp

Loads dropped DLL 4 IoCs

pid	Process
2172	47c05af7feb0ac5ec3b4cdc955a5dc276c31fa1d06dbeb4dd88b7b484fa9a53f.exe
3056	gpuz_installer.exe
2992	gpuz_installer.tmp
2992	gpuz_installer.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2992	gpuz_installer.tmp

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2172	47c05af7feb0ac5ec3b4cdc955a5dc276c31fa1d06dbeb4dd88b7b484fa9a53f.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2172	47c05af7feb0ac5ec3b4cdc955a5dc276c31fa1d06dbeb4dd88b7b484fa9a53f.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 3056	2172	47c05af7feb0ac5ec3b4cdc955a5dc276c31fa1d06dbeb4dd88b7b484fa9a53f.exe	28
PID 2172 wrote to memory of 3056	2172	47c05af7feb0ac5ec3b4cdc955a5dc276c31fa1d06dbeb4dd88b7b484fa9a53f.exe	28
PID 2172 wrote to memory of 3056	2172	47c05af7feb0ac5ec3b4cdc955a5dc276c31fa1d06dbeb4dd88b7b484fa9a53f.exe	28
PID 2172 wrote to memory of 3056	2172	47c05af7feb0ac5ec3b4cdc955a5dc276c31fa1d06dbeb4dd88b7b484fa9a53f.exe	28
PID 2172 wrote to memory of 3056	2172	47c05af7feb0ac5ec3b4cdc955a5dc276c31fa1d06dbeb4dd88b7b484fa9a53f.exe	28
PID 2172 wrote to memory of 3056	2172	47c05af7feb0ac5ec3b4cdc955a5dc276c31fa1d06dbeb4dd88b7b484fa9a53f.exe	28
PID 2172 wrote to memory of 3056	2172	47c05af7feb0ac5ec3b4cdc955a5dc276c31fa1d06dbeb4dd88b7b484fa9a53f.exe	28
PID 3056 wrote to memory of 2992	3056	gpuz_installer.exe	29
PID 3056 wrote to memory of 2992	3056	gpuz_installer.exe	29
PID 3056 wrote to memory of 2992	3056	gpuz_installer.exe	29
PID 3056 wrote to memory of 2992	3056	gpuz_installer.exe	29
PID 3056 wrote to memory of 2992	3056	gpuz_installer.exe	29
PID 3056 wrote to memory of 2992	3056	gpuz_installer.exe	29
PID 3056 wrote to memory of 2992	3056	gpuz_installer.exe	29

C:\Users\Admin\AppData\Local\Temp\47c05af7feb0ac5ec3b4cdc955a5dc276c31fa1d06dbeb4dd88b7b484fa9a53f.exe
"C:\Users\Admin\AppData\Local\Temp\47c05af7feb0ac5ec3b4cdc955a5dc276c31fa1d06dbeb4dd88b7b484fa9a53f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Users\Admin\AppData\Local\Temp\gpuz_installer.exe
  "C:\Users\Admin\AppData\Local\Temp\\gpuz_installer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3056
- - C:\Users\Admin\AppData\Local\Temp\is-7FOPT.tmp\gpuz_installer.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-7FOPT.tmp\gpuz_installer.tmp" /SL5="$80124,721408,721408,C:\Users\Admin\AppData\Local\Temp\gpuz_installer.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: GetForegroundWindowSpam
    PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\GPU-Z.exe

Filesize
1.7MB

MD5
efa531a76843c96edec567adea8f5c08

SHA1
ee5b9b40d4f447c6b32c664a8c372277f9a8587f

SHA256
54c18080e761fd9a61477ff83ab5248b0e3211621ee7ceb8a7f4e6cba607de64

SHA512
be166e764727c7f9e3f99ca33c300e1f22f5dd0227fb758d1349895af68ca0d481e97e8294b508673cc9172ee03a3a6375f099fd0f94a3fb0f5ea153c7d42ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\gpuz_installer.exe

Filesize
1.4MB

MD5
db0fe2fc8b640f81be6103efabb69fc1

SHA1
b8ede445e915c83981ec63b5ba5cf32ec4017f01

SHA256
6cdfac9a6fd83d7a0b652bd8d5a971a753704302e697c3129dcaa5f2de465a44

SHA512
086695eadbc175e1fad454f3aecee927846fc22ad9f99933b89a722e8e48badc1ce0fb77237711aae674086fff0ee9ba875c79c4f67e84800b72723b1426c393

Download Submit
C:\Users\Admin\AppData\Local\Temp\gpuz_installer.exe

Filesize
65KB

MD5
3830c717a212a2d8793fd822c29e2014

SHA1
6a8bd8f4bbfa931aff492645636fc9ed4273f3b1

SHA256
87cebcf562216d02529bcbdd73ef12517eb95b23708f3f999045f8d995351663

SHA512
b7580af5436b4de8b97ac8e867ad2d858810f0b2fbe8d21b87a10e6d897d743830a52db640b1a1867527ecda6dc9b09b351fa76b56b2d16215839c31da791a36

Download Submit
\Users\Admin\AppData\Local\Temp\GPU-Z.exe

Filesize
2.0MB

MD5
f23a376be0343866c7ba8d0b26488e44

SHA1
52ff3e872fa8063aeb79b5cf630a8ebfa7c1c690

SHA256
beb79fc4b91017425419a7bc1e6571e369a2a59fb0e394314129746ba029e9fc

SHA512
88f302f673cf931fe7153cc85e2d70918cc8a60481c6fa87734b7665dde0107936513f704111afdbcafbb26ca0e71c387f2c26c4245ee61c0cc9e61b7eabf588

Download Submit
\Users\Admin\AppData\Local\Temp\GPU-Z.exe

Filesize
1.0MB

MD5
ab4567a61688d9371add0f0cafcfaa04

SHA1
91789b542cb495755ca8ad9c9472dd55bd0ce69d

SHA256
3540fde55f25187c0763692aed0e122c108d31342af87bd99813e582b9f72c16

SHA512
cdea96af06911bfc1f8369bcb4e7cb843300b06e8ff9852acd6064c29173c1f8804d47058ce651707d35370a98c9ae4ec3e20227fbeb7d4efa3a80af255c3caa

Download Submit
\Users\Admin\AppData\Local\Temp\gpuz_installer.exe

Filesize
193KB

MD5
2f14b14321b8a299b82387b70e12d064

SHA1
28a4730fdb2e72d7e66b7ea371ae09d74bc0a668

SHA256
401f0aec777d5b4a5e86847e14240a9784014fd20b3b622d42efcb45319440f4

SHA512
db147eac496fa7589cddd03e4d36ce13adf3095ac44309ef8089c3a0f1e0df3d12f67e511a4d8d26fc6d175ac4adb813b545dfc2ea0cd2e6e9ed5c07b5d828b4

Download Submit
\Users\Admin\AppData\Local\Temp\is-7FOPT.tmp\gpuz_installer.tmp

Filesize
2.4MB

MD5
8e2d270339dcd0a68fbb2f02a65d45dd

SHA1
bfcdb1f71692020858f96960e432e94a4e70c4a4

SHA256
506176b3245de84bb0b7a4da4b8068b9dd289eb9a3a1757d4183c7c3f168c811

SHA512
31eac8aabe8ac83f24d4eba21bc3a52b56105f52402aeb00e505a6be3208cf92cc57529b26f1b29605f554dccdff51e9f28f584268bfda689f53be624f3fd647

Download Submit
memory/2172-2-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/2172-0-0x0000000000400000-0x0000000002C80000-memory.dmp

Filesize
40.5MB

Download
memory/2172-24-0x0000000000400000-0x0000000002C80000-memory.dmp

Filesize
40.5MB

Download
memory/2172-29-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/2172-1-0x0000000000360000-0x0000000000363000-memory.dmp

Filesize
12KB

Download
memory/2172-27-0x0000000000360000-0x0000000000363000-memory.dmp

Filesize
12KB

Download
memory/2992-18-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2992-23-0x0000000003390000-0x0000000005C10000-memory.dmp

Filesize
40.5MB

Download
memory/2992-32-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2992-26-0x0000000000400000-0x0000000000679000-memory.dmp

Filesize
2.5MB

Download
memory/2992-22-0x0000000003390000-0x0000000005C10000-memory.dmp

Filesize
40.5MB

Download
memory/3056-9-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/3056-25-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download

Analysis

Sharing