Malware Analysis Report

2025-08-11 06:04

Sample ID 240222-xhwvksed27
Target Setup_GameBoost.exe
SHA256 316ae70e71476b940ec4cfd360987ccf79eadd816f5d2dc99ccb03c45931cf1b
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

316ae70e71476b940ec4cfd360987ccf79eadd816f5d2dc99ccb03c45931cf1b

Threat Level: Shows suspicious behavior

The file Setup_GameBoost.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Executes dropped EXE

Checks installed software on the system

Enumerates connected drives

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 18:51

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 18:51

Reported

2024-02-22 18:52

Platform

win11-20240221-en

Max time kernel

23s

Max time network

23s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Setup_GameBoost.exe"

Signatures

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\T: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\svchost.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Toolwiz GameBoost FREE\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-9G6EV.tmp\Setup_GameBoost.tmp N/A
File created C:\Program Files (x86)\Toolwiz GameBoost FREE\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-9G6EV.tmp\Setup_GameBoost.tmp N/A
File created C:\Program Files (x86)\Toolwiz GameBoost FREE\is-NLRD5.tmp C:\Users\Admin\AppData\Local\Temp\is-9G6EV.tmp\Setup_GameBoost.tmp N/A
File created C:\Program Files (x86)\Toolwiz GameBoost FREE\is-B1RO6.tmp C:\Users\Admin\AppData\Local\Temp\is-9G6EV.tmp\Setup_GameBoost.tmp N/A

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A
Token: 33 N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9G6EV.tmp\Setup_GameBoost.tmp N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Setup_GameBoost.exe

"C:\Users\Admin\AppData\Local\Temp\Setup_GameBoost.exe"

C:\Users\Admin\AppData\Local\Temp\is-9G6EV.tmp\Setup_GameBoost.tmp

"C:\Users\Admin\AppData\Local\Temp\is-9G6EV.tmp\Setup_GameBoost.tmp" /SL5="$6024C,442874,54272,C:\Users\Admin\AppData\Local\Temp\Setup_GameBoost.exe"

C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe

"C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe"

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp

Files

memory/3184-0-0x0000000000400000-0x0000000000414000-memory.dmp

memory/3184-2-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-9G6EV.tmp\Setup_GameBoost.tmp

MD5 f0ccfb46f867443700d31c969bdcf552
SHA1 f2474d5d7a906de3bc3381ca79bb1ea60f0d6697
SHA256 54bb849d30567d5f10ac359f8b503732a3fcd76ad7cc72007eab843b784367bb
SHA512 71c7de53d1db03f1149c3e82fd92842cbd284d17c981267b20290f8d54baf2b578f7830f64eb5308c82cf4aff4f1937586624c2769da74a463c8d4ebdcbe45ee

memory/4552-9-0x00000000006D0000-0x00000000006D1000-memory.dmp

C:\Program Files (x86)\Toolwiz GameBoost FREE\GameBoost.exe

MD5 a01a5c9d8c996cd201d846788bbce1c6
SHA1 6ad4e979cc65eea905b10209a6d9a5bab62c0f3f
SHA256 e346c2e946c71199e5f189d6ac0aeddfbe6d218e9d90fdde3dcab70f54af9c30
SHA512 1b7f3a378a59f3931e8cc720fce3201d5084bf83e913d082d9c4b59a407d9a9d84b2c3caa8d68d83dc900e1b819fb87e082b6e564e3269a302d12bfdcdffd51c

memory/4552-30-0x0000000000400000-0x00000000004BD000-memory.dmp

memory/3184-32-0x0000000000400000-0x0000000000414000-memory.dmp

memory/3204-31-0x00000000024F0000-0x00000000024F1000-memory.dmp

memory/3204-33-0x0000000000400000-0x000000000055A000-memory.dmp

memory/3204-34-0x0000000000400000-0x000000000055A000-memory.dmp