5a03aff81a2f24155c97814474026da89cf04f9d699aa04badd751df6778a079

Analysis

max time kernel
86s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 20:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

steamcleaner.exe
Size

6.8MB
MD5

1a29fa05de528a1f23a145bbc5babfb5
SHA1

b93f88d5d91e5eaa2302f3b4a393f122f44ed022
SHA256

5a03aff81a2f24155c97814474026da89cf04f9d699aa04badd751df6778a079
SHA512

ec19518d820413e9eb28a19deb7e9a7575ea8e1b16c22a11602b46ab93effe5ed63cec4641a9a5862020ddd91e9044af6b292927abed1348571dbc668253f035
SSDEEP

196608:NWGxbAQvowejuJDUX47dwdW0LBJ1LkTa+kZfX:pxgaUX47d4JiaPfX

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
3660	steamcleaner.exe
3660	steamcleaner.exe
3660	steamcleaner.exe
3660	steamcleaner.exe
3660	steamcleaner.exe
3660	steamcleaner.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1188 wrote to memory of 3660	1188	steamcleaner.exe	88
PID 1188 wrote to memory of 3660	1188	steamcleaner.exe	88
PID 3660 wrote to memory of 388	3660	steamcleaner.exe	90
PID 3660 wrote to memory of 388	3660	steamcleaner.exe	90

C:\Users\Admin\AppData\Local\Temp\steamcleaner.exe
"C:\Users\Admin\AppData\Local\Temp\steamcleaner.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Users\Admin\AppData\Local\Temp\steamcleaner.exe
  "C:\Users\Admin\AppData\Local\Temp\steamcleaner.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3660
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c title Steamcleaner
    3⤵
    PID:388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI11882\VCRUNTIME140.dll

Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11882\VCRUNTIME140.dll

Filesize
83KB

MD5
acf7aadf9f32ac28d16c016194733898

SHA1
0dfa339b8b960b90f55d63a7f9cedfce92246f12

SHA256
b3c01f347618692811929aa510ccf28fd2e109a57f69744d2b350c470c2b5f8e

SHA512
0526aeb9ec7bd22be11642cca019ccd534fea201999f998834ab2d365a24120607078027001080eb64073f6e350edd6772211a7a75991caf4b6f128005973eb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11882\_bz2.pyd

Filesize
82KB

MD5
a8a37ba5e81d967433809bf14d34e81d

SHA1
e4d9265449950b5c5a665e8163f7dda2badd5c41

SHA256
50e21ce62f8d9bab92f6a7e9b39a86406c32d2df18408bb52ffb3d245c644c7b

SHA512
b50f4334acb54a6fba776fc77ca07de4940810da4378468b3ca6f35d69c45121ff17e1f9c236752686d2e269bd0b7bce31d16506d3896b9328671049857ed979

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11882\_ctypes.pyd

Filesize
120KB

MD5
496dcf8821ffc12f476878775999a8f3

SHA1
6b89b8fdd7cd610c08e28c3a14b34f751580cffd

SHA256
b59e103f8ec6c1190ded21eef27bea01579220909c3968eeec37d46d2ed39e80

SHA512
07118f44b83d58f333bc4b853e9be66dffb3f7db8e65e0226975297bf5794ebdaa2c7a51ef84971faf4d4233a68a6b5e9ac02e737d16c0ac19a6cf65fad9443f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11882\_lzma.pyd

Filesize
102KB

MD5
071a4a2f280fd99d3a8577bf8eaf16f3

SHA1
084f8ec3d1e6664ca4bffa1541916910eefe77dd

SHA256
f4f749e26e2f324d231bdeb99768e1c9605db07d30751aec13945fa5472124d9

SHA512
2be214ccb7eac5fa9b3238b458568ba696cac86c8a5a5c797a0b2ed87e592a5c2b7c255ebfc2a5898a437d58a8baad5662a0571def3d675c815abbead4b79462

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11882\_lzma.pyd

Filesize
60KB

MD5
cdc05e7f726e56905223e63a156bb5e6

SHA1
aa6e4f0933c1c27b3b98553395d855791a0cf689

SHA256
3df82a2d8090f51717561b5761ada58b70de42f069964eeda36f812712fd657a

SHA512
ae3d26b48ceb66426bd1e3d6fc2fb5a68992dd9db360f3095cc4d49573bf1a36727d13d1bed326c2fddca6d954724cc4ac8b97b7e3c3d1aea4101fbd0540a781

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11882\base_library.zip

Filesize
103KB

MD5
a4a64f81ed0d5e26aa8595dee48a14b5

SHA1
aff9c35f0507d6503e7a58d38f3b0ba75c501efd

SHA256
f9539d90d05a6334a652fc0810342e303dc70d92b3e27d057d5e1cb43f9be95b

SHA512
a7e1dc5e891bb634f470d74db2a7d1dc0db30989c8a25c2caecefa96d78edaf5cf14a0228e39c9e1f9d8b7822747218f9d7ba18bce2acaeb9f80a3d4e230c4b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11882\libffi-8.dll

Filesize
37KB

MD5
d86a9d75380fab7640bb950aeb05e50e

SHA1
1c61aaf9022cd1f09a959f7b2a65fb1372d187d7

SHA256
68fba9dd89bfad35f8fd657b9af22a8aebda31bffda35058a7f5ae376136e89b

SHA512
18437e64061221be411a1587f634b4b8efa60e661dbc35fd96a6d0e7eff812752de0ada755c01f286efefc47fb5f2daf07953b4cfc4119121b6bee7756c88d0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11882\python311.dll

Filesize
148KB

MD5
d4a6b5ac9f0f345bd13fca67e0afb34a

SHA1
27fd28541295af354bcb5d9061308cadfa22cb38

SHA256
5ad0135049c6854a3453b2777aab011e731bdaab53de4e82bb66df379ff43993

SHA512
4feb1ce63fe13734174a25c0547f91633984da29be3e1bfc836ea0419f3ce9742ad826e44050b01fb1dca6d8e13537a52dc6d157de6b4b4cc1d1877096fedd7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11882\python311.dll

Filesize
531KB

MD5
0ab92b328a328563b96f032aac71abbe

SHA1
0bad7ebe7f3880970e03c4df41005ba108775b04

SHA256
88ec26eee0bbc68fdf792dec89f2f88c30474de644aedd91b5ea3575f6babd05

SHA512
09f54d926b1aa14d786a2b2979933d92ac34a386faaf9a35a01ae2691ba17d3695e4e665be14c7b3bb2f19b1c6151a9297bc92dc2aa1baad774b1b448c8adcac

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads