Overview
overview
6Static
static
3SteamSetup.exe
windows11-21h2-x64
6$PLUGINSDI...ls.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDI...gs.dll
windows11-21h2-x64
3$PLUGINSDI...ec.dll
windows11-21h2-x64
3$PLUGINSDI...ss.dll
windows11-21h2-x64
3Steam.exe
windows11-21h2-x64
1bin/SteamService.exe
windows11-21h2-x64
1uninstall.exe
windows11-21h2-x64
4$PLUGINSDI...LL.dll
windows11-21h2-x64
3$PLUGINSDI...nk.dll
windows11-21h2-x64
3$PLUGINSDI...ec.dll
windows11-21h2-x64
3Analysis
-
max time kernel
30s -
max time network
30s -
platform
windows11-21h2_x64 -
resource
win11-20231215-en -
resource tags
arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system -
submitted
12-02-2024 18:31
Static task
static1
Behavioral task
behavioral1
Sample
SteamSetup.exe
Resource
win11-20231215-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win11-20231215-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win11-20231215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win11-20231215-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsExec.dll
Resource
win11-20231222-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win11-20231215-en
Behavioral task
behavioral7
Sample
Steam.exe
Resource
win11-20231215-en
Behavioral task
behavioral8
Sample
bin/SteamService.exe
Resource
win11-20231215-en
Behavioral task
behavioral9
Sample
uninstall.exe
Resource
win11-20231215-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win11-20231215-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/ShellLink.dll
Resource
win11-20231215-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsExec.dll
Resource
win11-20231215-en
General
-
Target
Steam.exe
-
Size
4.1MB
-
MD5
b4411620a3551834e4f699cc5a9b27e6
-
SHA1
5093960cc86613e310d13770b5adef00fe93f3eb
-
SHA256
3caf4a246169b2d30c6bf18fa0b7a4a01bbe933cfb781f3da4c6b3cb67b59d04
-
SHA512
47dde07212c2d5eea548d7794fc6bb9d86ced9a0848aaeab81fa8844fc5cab7eac58e386e96a81c663b914c85c0a7116033e2b2cfd18559d40aa6c83f9a6c024
-
SSDEEP
98304:dDokH1WPirCS6Ijt91p2GWNzSC34g2FiiIk:ttHSiJXGNNiE/k
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
Steam.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz Steam.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Steam.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_
Filesize15KB
MD5577b7286c7b05cecde9bea0a0d39740e
SHA1144d97afe83738177a2dbe43994f14ec11e44b53
SHA256983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824
SHA5128cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0