Overview

overview

9

Static

static

9

Awesomium.dll

windows11-21h2-x64

3

AwesomiumProcess.exe

windows11-21h2-x64

1

Core.dll

windows11-21h2-x64

1

D3DDrv.dll

windows11-21h2-x64

1

D3DX9_40.dll

windows11-21h2-x64

3

DSETUP.dll

windows11-21h2-x64

7

Engine.dll

windows11-21h2-x64

1

Fire.dll

windows11-21h2-x64

1

L2.exe

windows11-21h2-x64

7

clmods.dll

windows11-21h2-x64

5

en-US.dll

windows11-21h2-x64

1

l2.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    450s
  • max time network
    454s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231222-en
  • resource tags

    arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    06-02-2024 00:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    l2.exe

  • Size

    46.7MB

  • MD5

    9298113e7d18e48ce3b3bc0cc554dc7f

  • SHA1

    14b671255042c817a27927afac5b45eeeb217923

  • SHA256

    60fd97945e88b164a339c7da323c1b1966e17c4d6e280c8f726e62f50f783275

  • SHA512

    536db1d539a3040b6a1401bf071a7d4a1b4ee07f12440b9e39789e4f0d0d4106574a5c96174c978884d3f025d2125506f15b1f2e4732e1a22c54432396717761

  • SSDEEP

    786432:hD8AnHDKXqzE8D5zHop+4OA7dgtlnborjSPsNo+7kR5mojqjn:hNW6zJzOOAhOlnbk+PsNoEk+oGb

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Unexpected DNS network traffic destination 2 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\l2.exe
    "C:\Users\Admin\AppData\Local\Temp\l2.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:4888
  • C:\Users\Admin\AppData\Local\Temp\ActiveAnticheat\aaerrport.exe
    C:\Users\Admin\AppData\Local\Temp\ActiveAnticheat\aaerrport.exe
    1⤵
    • Executes dropped EXE
    PID:3992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ActiveAnticheat\aaerrport.exe
    Filesize

    221KB

    MD5

    e8fda4356557802fef6a25f431aa7094

    SHA1

    344d6bb8229feb675986d678b608e767700c2f8c

    SHA256

    a6386f798834b6dbf90ff99a77443a5be1fe7b723e24259266c34849dc55ffad

    SHA512

    9f4d57c4fc4bf975dcde46f612b615d41dad068970eb33218f394e4122af3acddf6068d6f8069cfab478ad934daaffa8234dbbae757aba3b90bd67f74593ccfb

    Download Submit
  • memory/4888-12-0x0000000005300000-0x0000000005301000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4888-29-0x0000000000400000-0x00000000032B5000-memory.dmp
    Filesize

    46.7MB

    Download
  • memory/4888-11-0x00000000052F0000-0x00000000052F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4888-3-0x0000000005270000-0x0000000005271000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4888-5-0x0000000005290000-0x0000000005291000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4888-8-0x00000000052B0000-0x00000000052B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4888-7-0x0000000000400000-0x00000000032B5000-memory.dmp
    Filesize

    46.7MB

    Download
  • memory/4888-6-0x00000000052A0000-0x00000000052A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4888-10-0x00000000052D0000-0x00000000052D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4888-14-0x0000000005320000-0x0000000005321000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4888-4-0x0000000005280000-0x0000000005281000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4888-2-0x0000000005250000-0x0000000005251000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4888-9-0x00000000052C0000-0x00000000052C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4888-13-0x0000000005310000-0x0000000005311000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4888-20-0x0000000005380000-0x0000000005381000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4888-19-0x0000000005370000-0x0000000005371000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4888-18-0x0000000005360000-0x0000000005361000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4888-17-0x0000000005350000-0x0000000005351000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4888-16-0x0000000005340000-0x0000000005341000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4888-15-0x0000000005330000-0x0000000005331000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4888-21-0x0000000000400000-0x00000000032B5000-memory.dmp
    Filesize

    46.7MB

    Download
  • memory/4888-0-0x00000000034D0000-0x00000000034D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4888-1-0x0000000005240000-0x0000000005241000-memory.dmp
    Filesize

    4KB

    Download