Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows11-21h2_x64 -
resource
win11-20240214-en -
resource tags
arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system -
submitted
19-02-2024 16:41
Static task
static1
Behavioral task
behavioral1
Sample
GTAVLauncher.exe
Resource
win11-20240214-en
windows11-21h2-x64
10 signatures
150 seconds
General
-
Target
GTAVLauncher.exe
-
Size
305KB
-
MD5
f2f49e5e1c99c56799d1a2c54caa3e1c
-
SHA1
440f1c6d12db857eff930026a3849104d2a56dc3
-
SHA256
64102b944e57da33e4b86efa237e8f8e380c38969caa40187672e9bc7fdd573a
-
SHA512
71f0a33dd9911feb9e70e0c803d5008fa970d69fdcfb02aaa17b935021bfa7173cc021472098d81c9ea90e139d28192812fc5d1b13f7e427de1bcfc9e8df6a0f
-
SSDEEP
6144:bDtyZnXEMZwtFKKplMtyyhNrXATQgEIb8svpKwDlzEG/4J1zuFSkD:bDWEMZaFFSpHKNRRP
Score
1/10
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 taskmgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString taskmgr.exe -
Modifies data under HKEY_USERS 15 IoCs
description ioc Process Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "4" LogonUI.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-579863200-1180944266-3450597144-1000_Classes\Local Settings taskmgr.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe -
Suspicious behavior: LoadsDriver 64 IoCs
pid Process 4028 Process not Found 2232 Process not Found 2524 Process not Found 3236 Process not Found 2016 Process not Found 2128 Process not Found 2968 Process not Found 3928 Process not Found 4392 Process not Found 3828 Process not Found 580 Process not Found 724 Process not Found 2284 Process not Found 2080 Process not Found 2156 Process not Found 2456 Process not Found 3436 Process not Found 752 Process not Found 660 Process not Found 3440 Process not Found 1708 Process not Found 1724 Process not Found 1860 Process not Found 1964 Process not Found 2668 Process not Found 1432 Process not Found 3748 Process not Found 2360 Process not Found 900 Process not Found 3000 Process not Found 1820 Process not Found 4116 Process not Found 4132 Process not Found 3940 Process not Found 4128 Process not Found 4660 Process not Found 4664 Process not Found 4668 Process not Found 4896 Process not Found 2012 Process not Found 3084 Process not Found 864 Process not Found 904 Process not Found 1928 Process not Found 2472 Process not Found 4812 Process not Found 1608 Process not Found 2256 Process not Found 4868 Process not Found 3604 Process not Found 2248 Process not Found 8 Process not Found 1096 Process not Found 1184 Process not Found 1528 Process not Found 2632 Process not Found 3020 Process not Found 1924 Process not Found 4500 Process not Found 2900 Process not Found 4596 Process not Found 4788 Process not Found 4988 Process not Found 236 Process not Found -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 2152 taskmgr.exe Token: SeSystemProfilePrivilege 2152 taskmgr.exe Token: SeCreateGlobalPrivilege 2152 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe 2152 taskmgr.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4012 LogonUI.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\GTAVLauncher.exe"C:\Users\Admin\AppData\Local\Temp\GTAVLauncher.exe"1⤵PID:4388
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:1468
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2152
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4444
-
C:\Windows\System32\aluf8l.exe"C:\Windows\System32\aluf8l.exe"1⤵PID:3400
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x0 /state0:0xa39d0855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4012