Overview

overview

8

Static

static

1

Brawl_Star...23.exe

windows7-x64

8

Brawl_Star...23.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    50s
  • max time network
    64s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-01-2024 17:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Brawl_Stars_V2.0.11646.123.exe

  • Size

    9.4MB

  • MD5

    f5e7ba37555932ecea7fbd874108d47e

  • SHA1

    009c388a6e381f502dee72c587f553a03838436c

  • SHA256

    2f6e75e0384b85cbaffbb9947cea5c1b2e4acf4952c3ab6fae919c8a965e1d43

  • SHA512

    7ac31e4e877d4e7058cb7927e63d02e07272ba81c06b23c70734ed91bde435ee77effba5e8ced2dfb2480e4115a3ab735438bdb5e330e6f2c7dddde76cf30ede

  • SSDEEP

    196608:hkb78tqlUgN7AktVweDO8emQmG5eWWi/zio/ia:q+2O84wWrX/

Score
7/10
bootkitdiscoverypersistence

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Brawl_Stars_V2.0.11646.123.exe
    "C:\Users\Admin\AppData\Local\Temp\Brawl_Stars_V2.0.11646.123.exe"
    1⤵
    • Enumerates connected drives
    • Writes to the Master Boot Record (MBR)
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2264
    • C:\Users\Admin\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe
      C:\Users\Admin\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1580
      • C:\Windows\SysWOW64\icacls.exe
        "C:\Windows\System32\icacls.exe" C:\Users\Admin\AppData\Roaming\Tencent\Config\ /t /setintegritylevel low
        3⤵
        • Modifies file permissions
        PID:1572
  • C:\Windows\SysWOW64\werfault.exe
    werfault.exe /h /shared Global\12e69ecdfbd74f9fb28bda4998316ffa /t 4072 /p 2264
    1⤵
      PID:2004

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.dll
      Filesize

      523KB

      MD5

      34431eb1ae2d3ac86e3415d8c3e977a3

      SHA1

      b2eae82dffecdbe02ef877d5a4d28de83b84bd59

      SHA256

      8379e09c7a3a51bdb652418781ceed8067e324b656c7d5a307b9a77c899f0806

      SHA512

      32b1d12630ced494b5168037a1d0899b3576970f603b5e69bf48fd915a4dad51d877e97bc91660929719e3a1395344ec39d5cc5b761111096c4523563d3bdd5e

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe
      Filesize

      167KB

      MD5

      8fb4e336f4c145eb6e379701c3ac59d1

      SHA1

      ad53b732cabd515035784f187aeaab4d8a6b67c7

      SHA256

      d7a59b5ba3f0fb3906ebaa7a67c76088995a1f37652a2ae9893977c19754d9bf

      SHA512

      c83b726e867f47c9fdabaf3151ae74c07e2b74be47f8ec41685fee744eba41c81614faaf473fcd28cabc044545eddcad5cbbaf67e90109d916e109c1b5d6a770

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL_core.dll
      Filesize

      118KB

      MD5

      5ff32f1e9fe4522a5be85082d6549389

      SHA1

      a6e1f44b2d2dbc1949d3d0ddae494cf68ff4badb

      SHA256

      32dce8a0071997d5e211b09bc23d9502db72b3912c0e483e6376433c4cf7af36

      SHA512

      407b1cbd1239b6d45652790a68de1e0b6960a3db9ed729c2b1f5e72fb94f590964365606bdaf512d87b4384cfc0503d90edc1d0d2925275a5922c766615299c8

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL_core.dll
      Filesize

      64KB

      MD5

      da8021999789dd09402f8d684d632ac7

      SHA1

      5d4f234e7c50af8441951deee8d7a8bdd780476e

      SHA256

      5b7302d959b972dffe742d75b5fbca324e5c07d100eb5abeb55a7543c2d29eda

      SHA512

      956b400172c0f861e34702fbe06b7d46df63ad20a2b685234f2d5fb04015d9aabb5eb799a5a43cb82802fb250c5d85bb0c591059cfb81c20946cc653fd18e144

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\dr.dll
      Filesize

      74KB

      MD5

      2814acbd607ba47bdbcdf6ac3076ee95

      SHA1

      50ab892071bed2bb2365ca1d4bf5594e71c6b13b

      SHA256

      5904a7e4d97eeac939662c3638a0e145f64ff3dd0198f895c4bf0337595c6a67

      SHA512

      34c73014ffc8d38d6dd29f4f84c8f4f9ea971bc131f665f65b277f453504d5efc2d483a792cdea610c5e0544bf3997b132dcdbe37224912c5234c15cdb89d498

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\p2papp.dll
      Filesize

      1.5MB

      MD5

      859cace5385b0e4c9288df4fe5311729

      SHA1

      8c38f7fe5f0b43581e3044a0e138e4b819369588

      SHA256

      e66acc26374521d5dcad5759d5bd98bafbf74727ccd3b4ea8056963abdd9980b

      SHA512

      1700ad2aa08094f7e454379c26d371612203788f5b6c3dab459430945ee7b69766124a4a9f8b81f7c4d5f32537b9330d9ca51ddb2946db4044cbea58eea20de1

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\p2papp.dll
      Filesize

      1.2MB

      MD5

      bb042bb57be09dbac15d284acf5def06

      SHA1

      8641326b8d01f019fb8abe19c2c10a6dc68f2580

      SHA256

      413d292ad03d20b3162acc00a313ef00ebc24c597201271bb7b6dfd03f754ebd

      SHA512

      6a13d89175762da5e9baebf48c96d20e7aa1148963ab12b84e8c60730d2248382af9e93456f1efcd594432165edaf75cbe551c25f9cdfdedf0e47a4eb418b3be

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\p2papp.dll
      Filesize

      1.0MB

      MD5

      d3290a809abb73be3f856b429f43d85b

      SHA1

      705e9ea46e84c096b8386df8630aa891a7b23a2e

      SHA256

      f8c010cd38019d05a73f4f220e7f44fa02c4aeb10a57c2fd06a764e4fcc98805

      SHA512

      ac4895332973b4bdd5e00f70e5383598759b87f24eebb09074ae4728f3e45d3bfb63f44219444a65554766b04bfede4b22b916535d09d74b76d401d654f85876

      Download Submit

    • C:\test.tmp
      Filesize

      4B

      MD5

      dc38df5593355fa2fbb7bb9b0eaa963b

      SHA1

      b57763203c99a47e5694bd7a6d60b5a9f6ace04b

      SHA256

      5f478aa2917fb0ccf73997dfd3fda344734d7b0c4f8039fb3c5d00f284543c91

      SHA512

      e5939606e3f14a3af87d40e9fa84c78280af87b5351777eb09f6ded402e592964e44a18b329b69a521c5bbedf74c1edadd3496e9e473ed2a862daab71ac6b181

      Download Submit

    • memory/1580-34-0x0000000002660000-0x000000000294F000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/2264-23-0x0000000003C90000-0x0000000003CA1000-memory.dmp

      Filesize

      68KB

      Download