Overview

overview

3

Static

static

3

MyNewGame.exe

windows10-2004-x64

Resubmissions

20/02/2024, 12:44

240220-pyvy8aha67 3

20/02/2024, 12:42

240220-pxqm4sha35 3

Analysis

  • max time kernel
    37s
  • max time network
    43s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/02/2024, 12:44

Sharing

Copy URL Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    MyNewGame.exe

  • Size

    10KB

  • MD5

    522ffd2add4bb7d9b0e8588f76799789

  • SHA1

    eb27b51f13b07be7c265d273adf854c1b562f3d5

  • SHA256

    c0ea7e696bb5ccc0950e59fb711f7e97ee6556f82fd7707a5916dd375ffe22b7

  • SHA512

    ab81d7f08807b6a2ed3eecc1da52d61e2766004e6e9f28b41d72d36e3868d06429c5be6bea9bbc7900bf17ce7b1ca7ec62b650c40b0ded7ebabbec4c33086fa4

  • SSDEEP

    192:wb9fq9zgleJepF8RM/1kil3Q5tfMcmmET:k9fq9z5kCRM/1P3N

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 15 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\MyNewGame.exe
    "C:\Users\Admin\AppData\Local\Temp\MyNewGame.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1200
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c shutdown /s /f
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2348
      • C:\Windows\system32\shutdown.exe
        shutdown /s /f
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1748
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3788
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4488
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4488.0.1622222260\1271269824" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {362ea1aa-e7c8-48f8-9cf9-a5db0f5b0ae7} 4488 "\\.\pipe\gecko-crash-server-pipe.4488" 1976 1c6a51d7858 gpu
        3⤵
          PID:644
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4488.1.970186563\213425379" -parentBuildID 20221007134813 -prefsHandle 2340 -prefMapHandle 2336 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28431622-b7f9-4a49-a3b3-0da1044630b5} 4488 "\\.\pipe\gecko-crash-server-pipe.4488" 2376 1c6a4eef258 socket
          3⤵
            PID:2648
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4488.2.184334006\440215579" -childID 1 -isForBrowser -prefsHandle 2936 -prefMapHandle 3044 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0264db8-66c1-4ff5-9f2f-2e25f27e6474} 4488 "\\.\pipe\gecko-crash-server-pipe.4488" 3012 1c6a909c158 tab
            3⤵
              PID:4572
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4488.3.839306376\154921545" -childID 2 -isForBrowser -prefsHandle 3544 -prefMapHandle 3540 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f96c0138-996e-4d03-87b3-9b7c8962d861} 4488 "\\.\pipe\gecko-crash-server-pipe.4488" 3556 1c698767b58 tab
              3⤵
                PID:776
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4488.4.168943256\2023771267" -childID 3 -isForBrowser -prefsHandle 4596 -prefMapHandle 4592 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e777e8d9-5e74-4979-8133-20e88a8eb8c4} 4488 "\\.\pipe\gecko-crash-server-pipe.4488" 4520 1c6aa789758 tab
                3⤵
                  PID:4348
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4488.5.173417384\897778344" -childID 4 -isForBrowser -prefsHandle 4108 -prefMapHandle 2928 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89a8704c-fbf5-4ea4-ba21-1dc2784596c3} 4488 "\\.\pipe\gecko-crash-server-pipe.4488" 5204 1c6a8012358 tab
                  3⤵
                    PID:2544
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4488.7.1568694280\1622214943" -childID 6 -isForBrowser -prefsHandle 5504 -prefMapHandle 5508 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {068314ea-93a4-4f5b-9803-80d2eb843eff} 4488 "\\.\pipe\gecko-crash-server-pipe.4488" 5492 1c6ab860558 tab
                    3⤵
                      PID:2368
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4488.6.1035997824\1103029711" -childID 5 -isForBrowser -prefsHandle 5376 -prefMapHandle 5436 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a3dc5e1-0d92-44dc-b173-c3b335c7bb76} 4488 "\\.\pipe\gecko-crash-server-pipe.4488" 5424 1c6ab85f058 tab
                      3⤵
                        PID:4876
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4488.8.1997681908\1555563088" -childID 7 -isForBrowser -prefsHandle 5908 -prefMapHandle 5904 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1100 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c2f905b-207c-45ce-a712-6def11796334} 4488 "\\.\pipe\gecko-crash-server-pipe.4488" 5916 1c6ace43558 tab
                        3⤵
                          PID:5176
                    • C:\Windows\system32\LogonUI.exe
                      "LogonUI.exe" /flags:0x4 /state0:0xa398f855 /state1:0x41c64e6d
                      1⤵
                      • Modifies data under HKEY_USERS
                      • Suspicious use of SetWindowsHookEx
                      PID:5572

                    Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\datareporting\glean\db\data.safe.bin
                            Filesize

                            2KB

                            MD5

                            4738d008ae8a5c4d43de36dafb079774

                            SHA1

                            abffc222b69078f79f1a209f7182522919f018ff

                            SHA256

                            34dd2a533c0d4301500f6cedb61f0b02ab051d7068dcbb4f79df25910c7b8dcc

                            SHA512

                            df2585ae04e497f224f4584d69faf4914c32c2149c7065fd681e41766812d2839cb744e21d0df2f9a812d662d19499a23f3c65004240c576fb903a6c512ac929

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\datareporting\glean\pending_pings\035862fa-2b1a-4533-b574-2171f9762dbf
                            Filesize

                            11KB

                            MD5

                            8ff8e08f8e41563bf7cb498b8bb05fbf

                            SHA1

                            a4beca710616155c7a01fa6c044d5176e41e8ce1

                            SHA256

                            43c4a9378a215c7737e708e6e8cd806e61c9aa738ca4209c222d90a9e91f5747

                            SHA512

                            ef03020f7324f4a96306a84647936e3607ef4eab300edbd8922a2be457e105898e0db0337e52d7e396f0e92e24be3a8cbadd5f424039fbe1dfed63787c74ec5e

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\datareporting\glean\pending_pings\70b4d0be-a862-432d-9234-9bf29b16e904
                            Filesize

                            746B

                            MD5

                            d54d185969e6a5abee6082e8fe052d27

                            SHA1

                            1c123583982073d73d816e51bb0d0f8c6f9a9245

                            SHA256

                            0d3927f383f69dba2892da274fef451d98e96f59cb86441f9ed2684debeb7c28

                            SHA512

                            0f58bfd51cc9c70119d57132436cbfb48943ee4356d235e7c0012b9f8adcf5f202f4c20ea9c06fe00201f0931068ce35d7a9aa0f97d8caa61420bcbd82e11799

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\prefs-1.js
                            Filesize

                            6KB

                            MD5

                            13d6a813ec4012959875ffec9910a870

                            SHA1

                            5a45b1f4f968b2417e97b0cf67d31c958c6ed150

                            SHA256

                            34cee0f2491cf27390d817259a07e072a1d993573cd1d910bc7090340d223fec

                            SHA512

                            cd0a242b6da8adca1718aa21ff122623975768cf77d3f60a4928f860e5535625f15384a67035621a13eabf8d5583a2958c70b224ea0bd5495183ddb173ef01d2

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\prefs.js
                            Filesize

                            6KB

                            MD5

                            f865c8e9d9397a1553d91f791478fe8d

                            SHA1

                            e5f484536dc9a4a19d435fb5f9e1ff6c1976ef77

                            SHA256

                            7c865e2cb569714acf687dd3423d5d895db7546bf6ea6290064f980030dc9c1c

                            SHA512

                            b0b4b72912a11dc6c0d22d4d16ef5ae7dc58f068cc19b67ae3977e44acba128f1587611bf2c81b52a63540ac103884ae2254bd1d2a75743cf7b63959eae72ef9

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\prefs.js
                            Filesize

                            6KB

                            MD5

                            3a4ad44888262b60fa02ad688630b671

                            SHA1

                            4f636f41b84173a337f5c259cc28e70847c521a5

                            SHA256

                            7366a1c261df547b6df17631a4ae82033225e6375931b0e344ab3f22871b2c18

                            SHA512

                            67b8b6fb4d18522c540c155f94672c46582cec2cd6d2d0a5c985636344d82f107b060dad5a69bc96ea8768fcd482b3b7c6f1b67e4f2cfac91d0a7d0a9ae185f2

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\sessionCheckpoints.json.tmp
                            Filesize

                            259B

                            MD5

                            c8dc58eff0c029d381a67f5dca34a913

                            SHA1

                            3576807e793473bcbd3cf7d664b83948e3ec8f2d

                            SHA256

                            4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

                            SHA512

                            b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            3KB

                            MD5

                            c1cebaacbceff85bc9ca844e97fe768e

                            SHA1

                            5cd5202e92880bfd04d97503a2af8ffbd9b08333

                            SHA256

                            2ee81f92e9c53b46065b0fb6ded3af31e00e2d2b62ec5752a937dbd870fd38f6

                            SHA512

                            65a223396fd7790b272e6dc99a9599983871dd6ae7c9593f52506ada7f5a04a7766b3fc556ee938979b5141e53cfd8fad415d9903e1df704584cd21f38213de3

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\sessionstore.jsonlz4
                            Filesize

                            3KB

                            MD5

                            481a52a40fc7aa02e4496c58b260e8a0

                            SHA1

                            f7c38115dc6338b976105960f22586159bd98a12

                            SHA256

                            71ac8d0943465d2bc53d7b2c566b836e9a54b4a8ffd20b9c5aa295d9bdd05c8b

                            SHA512

                            0c7a305899e9d51c33d156cf23de2dd058e8d7546e61e33452abbee9f9e876ce5d57f36bd32261a1ff497dfda830860bef7bcef9b431650ed9fcbe5d55250a30

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                            Filesize

                            184KB

                            MD5

                            04e8d4cd05f13cad34bdaaf316e82fac

                            SHA1

                            0b7dcba772163f11312e109aadf3c22ad5c47f84

                            SHA256

                            ddea663f2d5201d0bf480347961832b1fd655ecf9353db327fb5ed708ff13436

                            SHA512

                            47180e3d2758f2c69ff8d2445c40b62a265c85f59053f45620f64d60082acac0d3beb9b33277b9fe02c709979390cc41f1c62cb0af9c9ebf3ff7fb1144b85a4a

                            Download Submit