4c0b3dff76ed6ecc97a67ef15baae55756a34cf2e487f9befa3ea9acc5709e85

Analysis

max time kernel
1798s
max time network
1169s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

genius simulator installer.exe
Size

45.6MB
MD5

bdf2747d0e6f4072de954d064f789b18
SHA1

951f68398f9cd207f014174bdb210f7fbb586e98
SHA256

4c0b3dff76ed6ecc97a67ef15baae55756a34cf2e487f9befa3ea9acc5709e85
SHA512

ffb42263e5e29190333293d2284f64f38b2b87a94910e5a78af7fc40ca0f8e7e54b6f71706c8ff79aba440e108e3a80d89dc65b0be6047dd24c77deeb74de700
SSDEEP

786432:m8LP+9bFEpO5/9A5CQe8aXu2N+VczDDNtmm+nhbQBDF9+peNnTujx05kUWHIy:mTzzaEMa+2IVultuh8NFc85qgy

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4792	genius simulator.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Genius games\Genius Simulator\5EF26168_c.bmp.import	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\4020CDFE_c.bmp	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\6E3A21B_c.bmp.import	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\275F399C_c.bmp	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\bobomb battlefeild.obj	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\project.godot	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\5EF26168_c.bmp	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\41A41EE3_c.png	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\StartButton.gd	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\359289F2_c.bmp.import	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\12436720_c.bmp	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\bobomb battlefeild.mtl	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\icon.svg.import	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\Uninstall.exe	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\1B46C8C_c.bmp	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\1B46C8C_c.bmp.import	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\6E3A21B_c.bmp	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\screen.gd	genius simulator installer.exe
File opened for modification	C:\Program Files (x86)\Genius games\Genius Simulator\Uninstall_lang.ifl	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\C1DF883_c.bmp	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\hi.pck	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\3F485258_c.bmp	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\6C631877_c.bmp	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\6dbeceb44495190a9b0a4ec5b10a192b.png	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\10E99677_c.bmp.import	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\.gitignore	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\genius simulator.pck	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\node_2d.tscn	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\Control.gd	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\export_presets.cfg	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\title_screen.tscn	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\6B1A233B_c.bmp	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\6B2D96F_c.bmp	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\6C631877_c.bmp.import	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\C1DF883_c.bmp.import	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\574B138E_c.png	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\Uninstall.dat	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\.gitattributes	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\4020CDFE_c.bmp.import	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\359289F2_c.bmp	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\12436720_c.bmp.import	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\readme.txt	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\Uninstall_lang.ifl	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\1FAAE88D_c.bmp	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\49AC5437_c.bmp.import	genius simulator installer.exe
File opened for modification	C:\Program Files (x86)\Genius games\Genius Simulator\genius simulator.exe	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\PSY - GANGNAM STYLE(강남스타일) M-V.mp3.import	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\Button.gd	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\PSY - GANGNAM STYLE(강남스타일) M-V.mp3	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\TitleScreen.gd	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\49AC5437_c.bmp	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\hello.pck	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\3D49A9D5_c.bmp	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\3D49A9D5_c.bmp.import	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\41A41EE3_c.png.import	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\6dbeceb44495190a9b0a4ec5b10a192b.ico	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\275F399C_c.bmp.import	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\bobomb battlefeild.obj.import	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\level.gd	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\1FAAE88D_c.bmp.import	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\3F485258_c.bmp.import	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\6B1A233B_c.bmp.import	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\6B2D96F_c.bmp.import	genius simulator installer.exe
File created	C:\Program Files (x86)\Genius games\Genius Simulator\MainMenu.tscn	genius simulator installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
988	genius simulator installer.exe
988	genius simulator installer.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4792	genius simulator.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 988 wrote to memory of 4792	988	genius simulator installer.exe	98
PID 988 wrote to memory of 4792	988	genius simulator installer.exe	98

C:\Users\Admin\AppData\Local\Temp\genius simulator installer.exe
"C:\Users\Admin\AppData\Local\Temp\genius simulator installer.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:988
- C:\Program Files (x86)\Genius games\Genius Simulator\genius simulator.exe
  "C:\Program Files (x86)\Genius games\Genius Simulator\genius simulator.exe" ge
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Genius games\Genius Simulator\genius simulator.exe

Filesize
1003KB

MD5
e4ab35b2db70e0ea8c1972cd7fec7fe0

SHA1
2d66146d48d1d511720b093aaddd84a0d7faa2f2

SHA256
cb194a895bc57f19a72180d59684bad5b6e929cb87f13313624b1e2671903983

SHA512
18c5bd265324f002d1c3db65f7d41d063d52ae131220cec90fe74feb3ca99c13ef4cbf7b01f27dd022c1ad4c3b3f230f6bf0e60a40b8be406e2934c3443405e1

Download Submit
C:\Program Files (x86)\Genius games\Genius Simulator\genius simulator.exe

Filesize
832KB

MD5
248dc9e4364efb4c82f938fc5cd44882

SHA1
65b66d7c41e537f619954ecea1e5782c7fbec27e

SHA256
ad317c60ccaf6364b5c210fb82d3f363e415497f7b181a4d3dea143691e6a8de

SHA512
e21cb735d6b671028af3b000c3cc941366a52baa95bcbfb16be0687909e7192d4b40da885e12d93791df77b213fe30f4cb209e4df53651453b4d594669be321d

Download Submit
C:\Users\Admin\AppData\Local\Temp\IF{9FEA8393-87DE-444D-B7B3-C73C9BADD5A8}\default.ifl

Filesize
2KB

MD5
2922d0c758d9c3c10cbdc59f91979d0c

SHA1
feb69bdf58d06cca776db63036811af0764ca013

SHA256
20f6d12eac29bd6ddc6a99dd276c5e200fac25c976ab4293195b58ec164c253f

SHA512
d15e888bae4e23ce5d61becc3c47d9b5f61fbbe4612cf90677314570fe1df1f4fde6c519b789ad46cc50d19c2b3701bc9bd968e85bb618fb7127950d4ae92695

Download Submit
memory/4792-109-0x00007FF7E5170000-0x00007FF7E970C000-memory.dmp

Filesize
69.6MB

Download