e179de0543e0024bf3b90de52ad1786e1d10965d2e2520f166f6ec582371d788

Resubmissions

30-12-2023 14:21

231230-rn6zvaafe2 7

30-12-2023 14:08

231230-rf1svsegcn 7

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

kb250irm.zip
Size

8.5MB
MD5

7017c1cbc4277988e3898a71a50765c1
SHA1

b7ea9ec2eaa0421462e98b0ae279d02aa6a864c8
SHA256

e179de0543e0024bf3b90de52ad1786e1d10965d2e2520f166f6ec582371d788
SHA512

72c447adec23637c1370e5df1ef971c77d75be17e39446eae7b65c14f1dfd3d9e59491576251fba624e09dd7d0bcbe98aa7496b9fa995ec33b97b37ba0f6fb4a
SSDEEP

196608:I9hMQC+ctzp9iUaA3/MC6qXYKSLE8EVGMrR2Io+et381d3s/:YhA1r30C6qXYF482rU/38v3s/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2844	Steamless.CLI.exe
2696	Steamless.CLI.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2432	7zG.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeRestorePrivilege	2432	7zG.exe
Token: 35	2432	7zG.exe
Token: SeSecurityPrivilege	2432	7zG.exe
Token: SeRestorePrivilege	2492	7zG.exe
Token: 35	2492	7zG.exe
Token: SeSecurityPrivilege	2492	7zG.exe
Token: SeSecurityPrivilege	2492	7zG.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2432	7zG.exe
2432	7zG.exe
2432	7zG.exe
2492	7zG.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\kb250irm.zip
1⤵
PID:1708

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2392

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" h -scrcSHA256 -i#7zMap19993:74:7zEvent10650
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2432

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\kb250irm\" -spe -an -ai#7zMap6280:74:7zEvent9650
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2492

C:\Users\Admin\Desktop\kb250irm\kb250\stool\Steamless.CLI.exe
"C:\Users\Admin\Desktop\kb250irm\kb250\stool\Steamless.CLI.exe"
1⤵
- Executes dropped EXE
PID:2844

C:\Users\Admin\Desktop\kb250irm\kb250\stool\Steamless.CLI.exe
"C:\Users\Admin\Desktop\kb250irm\kb250\stool\Steamless.CLI.exe"
1⤵
- Executes dropped EXE
PID:2696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\kb250irm\kb250\stool\Plugins\Steamless.API.dll

Filesize
33KB

MD5
2af2cdf92dd30521c983c848f501a067

SHA1
9c0b98627a8d18704dda11fcfdc4d87283cf10c1

SHA256
ef65b553408c2a0cfb226223d28ab248b3449a9699b14f967b51910897a1de17

SHA512
d5c38806d4fdf0ae6a3fdd09b106edbacc32ae296a811c0ae69e4a97c338dbdde4db47dd0cfd79a927f501ccc7325633353ef9ad06a0e0104225481f4494da2b

Download Submit
C:\Users\Admin\Desktop\kb250irm\kb250\stool\Steamless.CLI.exe

Filesize
110KB

MD5
0e18c6c7489ca9abb416a23b31e09782

SHA1
d4ebf9845c3a135a55c7d33ab87c875df39d8941

SHA256
6b78303b21003efbf113e742799eb3dc4bd1c705890f759937d411fac818322f

SHA512
2b961c57bae45f95d50577ba66d59e5ac538a5ad764b4cd6f5edee3775fddbe5ac9bf8fd9806d45542b7d31625ee56c9ec6067029f48e8ba54cfc32774c63745

Download Submit
C:\Users\Admin\Desktop\kb250irm\kb250\stool\Steamless.CLI.exe.config

Filesize
189B

MD5
ef0181de18ef3951806c0ad63b897ba4

SHA1
4b6a4b0f7fbbbd1dceab385e7fac74a35fc132cb

SHA256
e8decc96235b5494880083eb79c22c84c6d9ef312828baf9490bee7782c350ec

SHA512
b1816817e8deaa7b22bc51966e9debed46b254be6463f2ac0204be348baefb751c5d846a5353d43cce66a005a73f6226462b8ec8b59d4e16a54130c327c68b79

Download Submit
memory/2696-34-0x00000000740D0000-0x00000000747BE000-memory.dmp

Filesize
6.9MB

Download
memory/2696-33-0x0000000000E80000-0x0000000000EA2000-memory.dmp

Filesize
136KB

Download
memory/2696-35-0x00000000740D0000-0x00000000747BE000-memory.dmp

Filesize
6.9MB

Download
memory/2844-27-0x00000000009C0000-0x00000000009E2000-memory.dmp

Filesize
136KB

Download
memory/2844-29-0x0000000074090000-0x000000007477E000-memory.dmp

Filesize
6.9MB

Download
memory/2844-30-0x0000000000590000-0x000000000059E000-memory.dmp

Filesize
56KB

Download
memory/2844-31-0x0000000074090000-0x000000007477E000-memory.dmp

Filesize
6.9MB

Download