Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
5Static
static
3Dealers Li...ch.zip
windows7-x64
1Dealers Li...ch.zip
windows10-2004-x64
1Dealers Li...ch.zip
ubuntu-18.04-amd64
Dealers Li...ch.zip
debian-9-armhf
Dealers Li...ch.zip
debian-9-mips
Dealers Li...ch.zip
debian-9-mipsel
Dealers Li...e2.exe
windows7-x64
1Dealers Li...e2.exe
windows10-2004-x64
5Dealers Li...e2.exe
ubuntu-18.04-amd64
Dealers Li...e2.exe
debian-9-armhf
Dealers Li...e2.exe
debian-9-mips
Dealers Li...e2.exe
debian-9-mipsel
Analysis
-
max time kernel
135s -
max time network
166s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
23/01/2024, 09:57
Static task
static1
Behavioral task
behavioral1
Sample
Dealers Life 2 Pablich.zip
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Dealers Life 2 Pablich.zip
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
Dealers Life 2 Pablich.zip
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral4
Sample
Dealers Life 2 Pablich.zip
Resource
debian9-armhf-20231215-en
Behavioral task
behavioral5
Sample
Dealers Life 2 Pablich.zip
Resource
debian9-mipsbe-20231221-en
Behavioral task
behavioral6
Sample
Dealers Life 2 Pablich.zip
Resource
debian9-mipsel-20231215-en
Behavioral task
behavioral7
Sample
Dealers Life 2 Pirata/DealersLife2.exe
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
Dealers Life 2 Pirata/DealersLife2.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
Dealers Life 2 Pirata/DealersLife2.exe
Resource
ubuntu1804-amd64-20231222-en
Behavioral task
behavioral10
Sample
Dealers Life 2 Pirata/DealersLife2.exe
Resource
debian9-armhf-20231215-en
Behavioral task
behavioral11
Sample
Dealers Life 2 Pirata/DealersLife2.exe
Resource
debian9-mipsbe-20231215-en
Behavioral task
behavioral12
Sample
Dealers Life 2 Pirata/DealersLife2.exe
Resource
debian9-mipsel-20231221-en
General
-
Target
Dealers Life 2 Pirata/DealersLife2.exe
-
Size
638KB
-
MD5
4fb6fca79936fa0905f25866b2367a09
-
SHA1
a4303900aeb1f85b434b339a71e365dcb47207ef
-
SHA256
7516f4065f79f4b45c79eea438426e28aa4c444dc0e189cdc245efd5df2b8fbf
-
SHA512
a6c8553e04da25ea26ad4e6baba803ab73ec758d24bea6e279ea91e0685236f03ff54969d1c5064eab38a10be8b5832d81d9f0859c11505364b4ebe4f6ddf687
-
SSDEEP
12288:9oCCAjH828z88p88tn88v88z8A8wgLeHD8T88r888f55o3nzWREXOw:6seLw6AOw
Malware Config
Signatures
-
Drops file in System32 directory 12 IoCs
description ioc Process File opened for modification C:\Windows\system32\kernelbase.pdb DealersLife2.exe File opened for modification C:\Windows\system32\dll\kernelbase.pdb DealersLife2.exe File opened for modification C:\Windows\system32\dll\mono-2.0-bdwgc.pdb DealersLife2.exe File opened for modification C:\Windows\system32\ntdll.pdb DealersLife2.exe File opened for modification C:\Windows\system32\symbols\dll\ntdll.pdb DealersLife2.exe File opened for modification C:\Windows\system32\dll\ntdll.pdb DealersLife2.exe File opened for modification C:\Windows\system32\symbols\dll\kernelbase.pdb DealersLife2.exe File opened for modification C:\Windows\system32\mono-2.0-bdwgc.pdb DealersLife2.exe File opened for modification C:\Windows\system32\symbols\dll\mono-2.0-bdwgc.pdb DealersLife2.exe File opened for modification C:\Windows\system32\kernel32.pdb DealersLife2.exe File opened for modification C:\Windows\system32\DLL\kernel32.pdb DealersLife2.exe File opened for modification C:\Windows\system32\symbols\DLL\kernel32.pdb DealersLife2.exe -
Drops file in Windows directory 12 IoCs
description ioc Process File opened for modification C:\Windows\ntdll.pdb DealersLife2.exe File opened for modification C:\Windows\dll\ntdll.pdb DealersLife2.exe File opened for modification C:\Windows\kernelbase.pdb DealersLife2.exe File opened for modification C:\Windows\symbols\dll\kernelbase.pdb DealersLife2.exe File opened for modification C:\Windows\mono-2.0-bdwgc.pdb DealersLife2.exe File opened for modification C:\Windows\dll\mono-2.0-bdwgc.pdb DealersLife2.exe File opened for modification C:\Windows\symbols\dll\mono-2.0-bdwgc.pdb DealersLife2.exe File opened for modification C:\Windows\symbols\DLL\kernel32.pdb DealersLife2.exe File opened for modification C:\Windows\symbols\dll\ntdll.pdb DealersLife2.exe File opened for modification C:\Windows\dll\kernelbase.pdb DealersLife2.exe File opened for modification C:\Windows\kernel32.pdb DealersLife2.exe File opened for modification C:\Windows\DLL\kernel32.pdb DealersLife2.exe -
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz DealersLife2.exe Key opened \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\HARDWARE\DESCRIPTION\System\CentralProcessor\0 DealersLife2.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 DealersLife2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString DealersLife2.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 3532 DealersLife2.exe 3532 DealersLife2.exe 856 UnityCrashHandler64.exe 856 UnityCrashHandler64.exe 856 UnityCrashHandler64.exe 856 UnityCrashHandler64.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 2852 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2852 AUDIODG.EXE -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3532 DealersLife2.exe 3532 DealersLife2.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3532 wrote to memory of 856 3532 DealersLife2.exe 88 PID 3532 wrote to memory of 856 3532 DealersLife2.exe 88 PID 856 wrote to memory of 4276 856 UnityCrashHandler64.exe 97 PID 856 wrote to memory of 4276 856 UnityCrashHandler64.exe 97
Processes
-
C:\Users\Admin\AppData\Local\Temp\Dealers Life 2 Pirata\DealersLife2.exe"C:\Users\Admin\AppData\Local\Temp\Dealers Life 2 Pirata\DealersLife2.exe"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3532 -
C:\Users\Admin\AppData\Local\Temp\Dealers Life 2 Pirata\UnityCrashHandler64.exe"C:\Users\Admin\AppData\Local\Temp\Dealers Life 2 Pirata\UnityCrashHandler64.exe" --attach 3532 24408796733442⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:856 -
C:\Users\Admin\AppData\Local\Temp\Dealers Life 2 Pirata\UnityCrashHandler64.exe"C:\Users\Admin\AppData\Local\Temp\Dealers Life 2 Pirata\UnityCrashHandler64.exe" "3532" "2440879673344"3⤵PID:4276
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x510 0x51c1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2852
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13KB
MD587d48150cf8f09f360c3f1beae4b4ccd
SHA1b968692b8d370789b9cd657aa3263fc3207a6f29
SHA256ba36f87a595dea10e7feebb3335920a5d0a1fe207569279f29cd2a831a8b0af1
SHA512c71938bfa1d32b967acec7f11346a0207ab90be2218a4023e3e5b9aab680a442489fe86c85601d344a062d04a29e19d6c6bb9fa1f29209fa31711eb6f8758c91