Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
01/02/2024, 18:30
General
-
Target
gamelaunchhelper.exe
-
Size
97KB
-
MD5
bcbac3a0f7a38dd4646efc2d5f72d279
-
SHA1
528f37e3f2594931eac9d79318c00b637806de08
-
SHA256
307e6d7c274dd7b3a0922b29e27d8a0bb62591c2d96aeef9d7e9823fdcd1f204
-
SHA512
ba026d1107850ff9a25d1697591c2e8cd373c6ec2218a94a43b8d545790602dd338bd3140e10e9f95c0f0ce1644cd4e04b2d26313f3382d0af349a19b8295366
-
SSDEEP
1536:AXstYNsccJgwYURbOAlQ6wZTtF/PqYUR7SDFLV5JwtuYhVzj:AXstWLWq6YLUR7eNXJwtuYb3
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Downloads MZ/PE file
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 7 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 41 IoCs
-
Suspicious use of AdjustPrivilegeToken 7 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\gamelaunchhelper.exe"C:\Users\Admin\AppData\Local\Temp\gamelaunchhelper.exe"1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.0.294735223\258245229" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0e93b6a-5e55-4558-a6d5-6c4056e37844} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 1960 20913fea158 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.1.1585166683\497522746" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4654c79f-df37-42f2-90b9-15437fd05fe0} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 2364 20913b30858 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.2.1721777555\549198283" -childID 1 -isForBrowser -prefsHandle 3360 -prefMapHandle 3356 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4920995d-850c-49f4-a783-eeda2e6bba8c} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 3008 209180a3658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.3.1937481357\2127688134" -childID 2 -isForBrowser -prefsHandle 3576 -prefMapHandle 3572 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03b53baf-dabe-4ec1-9080-1141e6829d89} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 3588 20907760a58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.4.1762545312\1657006157" -childID 3 -isForBrowser -prefsHandle 4320 -prefMapHandle 4316 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7523725-c387-4a7f-9c81-f177c5800da8} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 4332 209193dc358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.5.1419034611\1865296288" -childID 4 -isForBrowser -prefsHandle 5060 -prefMapHandle 5108 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc6a7cce-601f-42c8-b371-3c157587691d} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 5092 2091859ae58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.7.1927028424\531078633" -childID 6 -isForBrowser -prefsHandle 5408 -prefMapHandle 5412 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd969f3d-4c6d-45cb-868e-97d67373eed8} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 5400 2091a3ba158 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.6.723503122\2043847497" -childID 5 -isForBrowser -prefsHandle 5220 -prefMapHandle 5224 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7f8d909-9518-4212-97c9-ba13f754dd68} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 5208 2091a1eb858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.8.430302266\1535641517" -childID 7 -isForBrowser -prefsHandle 5756 -prefMapHandle 5260 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b357fb36-25eb-4ba6-9513-6c8b0f82c415} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 1640 2091b92a958 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.9.105005860\1379553356" -childID 8 -isForBrowser -prefsHandle 5176 -prefMapHandle 5188 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7edae02-5c5c-4d69-8f79-c14ed9725d92} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 4192 2091ae4eb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.10.623760983\195321085" -childID 9 -isForBrowser -prefsHandle 5596 -prefMapHandle 5612 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed6d873a-e1b0-4324-b0fd-47a16db845cd} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 5420 2091c0e0258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.12.1764045954\2020972472" -childID 11 -isForBrowser -prefsHandle 9544 -prefMapHandle 9540 -prefsLen 26765 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82a22ff8-c82d-4b68-967f-af39b032190d} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 9552 2091d44ad58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.11.947381739\1518228467" -childID 10 -isForBrowser -prefsHandle 9688 -prefMapHandle 9692 -prefsLen 26765 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f936333-b86e-4f16-a2b3-b2f8d2fff20b} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 9680 2091d449258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4988.13.285495158\940775454" -childID 12 -isForBrowser -prefsHandle 9096 -prefMapHandle 9100 -prefsLen 26765 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {870bcdcd-1c08-48b3-a28b-c3f0de91c7af} 4988 "\\.\pipe\gecko-crash-server-pipe.4988" 9088 2091ae15458 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5e0543415cdc2e8cb8acd1297b37194ec
SHA1a21d5d445e73ff03c5763c2e74d43e754b7d598a
SHA25610e002b2b6d3cbbd97cee895553caa6c3dd164ab5d2fd5ab49c51643aea70fa3
SHA5123042be1a6253f9ae2ed216cf5f902be1c4a72d79c2130a8122283384b8e4b985e7100c316eeab074780f97c578d29d4eb0ec16b048a2d6dea0891e7c4f498d1d
-
Filesize
746B
MD50d62f4b944d930f5b8d0f050295859ba
SHA1f7099f1015d210d0bacd16958cab4ffa1af418c9
SHA256c0a9317394b0bc510da8f9fa09d3ab321da4e65b0b4e5ec12fb77dd12bd7198f
SHA512739b81077ecb5553fd4d7874bc9a59d34488477f448111c7670a23e944276ef062de0dae349f1c5e9fd4e998f99a04f0651756f8cf0b72165886e067ee05fdf5
-
Filesize
10KB
MD5405abdaba1e7dfe59e11794e341adc78
SHA18c68687ef62cd98b614d99b6f94a3b9bd496f840
SHA256ab99c5fa2e68d9c5cce767af986ca7cfeb96d2ea4bd8938b699d423173bb19e3
SHA5124229d6aa4a62887a0215c33ba9ba7c5b9863e0a44a01c133fefe6831876c2e22afd8a37ed8101563d8fecc2702871de9ed540abd3182e9063b1b008bb241ce43
-
Filesize
6KB
MD515b2b5e1801f12b3b284620d51cd8a4a
SHA14fe5f829ad8234f8c4497cc9cdc48ec62707c4fb
SHA2561f786146b4150b6377fef681a544711685078575964dac376ea55f67c49b81c4
SHA512962e3d12ddada9ccb183b6979f957f73c66dff7b742f76387db8d3f4e77a2caf1cae6f093e3e5064e6432e21e2399e4dce868101f54c4a9f72c704a41e10d7c4
-
Filesize
6KB
MD502007e69ddc8953eee01bf76789553af
SHA1b3caa20e870e1e2a394b6c2ae40b05bf3df223c4
SHA256c5d604dcffc236a316c757328d156c4deeee35e7a7046b19cfcfa82bde83bd0e
SHA5122ebe956fd041becaf71b1edafe60acff62b43ea9299a227f8f43300e8bc83f4e0971ef3fa2784312a5f27d1212120149864b2d3480b9512e5c400f21fc34f5ae
-
Filesize
987B
MD5aca131a7652236851dbe8cba3e3a80c6
SHA192560651a184d37b8ec91f4458bce9bab8a18f8a
SHA256d21f3ea1b6352782d7e79bf521e67860ae0fe52e0da690e443e4121965bb54fa
SHA51249a5794c0f68686398374e7a8e5768f815d715facf60c333c5bde64efe795c74dabf159b93d86234ff0815378b50f4e1812ab473350a5d1b85e9100e53444303
-
Filesize
5KB
MD5483c7343e64f17ce7821a26cc18fc641
SHA11f88d352352e5ac0101dc3ef3a4c5e45340e5b3c
SHA2566a65368e61bed52390d58ef098aa51ff74d69532cf39a77ad11212eeed1f0531
SHA512b294713d3140a3c9c7b93a6357ad9e3de6e7cd3e686e6c04141c0d4144515a3ae926bbd282b2f8004efce45e368175a78b979f0b335bc88f7e2a48db86a9eb3c
-
Filesize
4KB
MD505352059283921dc4c40767af47349a6
SHA16e87120d838e04ec216b5a1a2f99794f30f1eed5
SHA256064f0db8c7a90a1f60a88f8da03da169233417244e838b1b36c26199d8d9025d
SHA512c96ba9cc86c86dfd8f8600ca641348df777ff91e1fa75f4c611c9f391148000f69eee1cc11491e503ebe67d6b1ecfaa7de76049e7250499f4f0b441fddb613ea
-
Filesize
8KB
MD56c36970f1ba1e70d76efe18f118a0571
SHA19588df7ea461e1d885962d03bc56421d151d67fd
SHA2566ba2c26098aad61a5b47ccdb9f927830334df7a147b14551846c5707850e4f72
SHA5128724282100fbe8ec759f22c690fcd74094b12201dc9a16f66e8db5cc24c639ba69674bb7e371ea5c135d509b6de01057c1d9567d8f97295de5a43322deb85b6c
-
Filesize
184KB
MD5b4e248b8f969358a7bfa32c68bda5789
SHA1201120599bc3a747d419adc989473b524b7bc56c
SHA25653bba6be73ce1c9b4ae9b1810a5225aaa7dfa9abd0ac1eb3e9b9bff37b266443
SHA512bd21e656c602c09e140eb153225054a947e3b446927d8bbe0720e2e6cfeff0b237e0a5deea5d575ee170479e0b8472799f19c553cf3955982123e32cca006c35
-
Filesize
3.2MB
MD54a153479306a555cb9beb9470d27bd5a
SHA14155ed95567f82794139082c69a5ba11adb23df5
SHA2566be57c14f7eddb30fe38329c3b1ad89f5936ba7ebc7ad9a5f5a5529a0929622b
SHA512142540c8579aa59f60b1db078ba20e509d3d131ab714a52f06d2b1daf96a2dda6cd7c234b3e7facb3aa012998a9b751a09599204a9ef20222de0f6a9dadb5ee1
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB