Resubmissions
25-02-2024 11:53
240225-n2n5eaah36 10Analysis
-
max time kernel
29s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25-02-2024 11:53
Static task
static1
Behavioral task
behavioral1
Sample
EulenFiveM-main/Loader.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
EulenFiveM-main/Loader.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral3
Sample
EulenFiveM-main/license.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
EulenFiveM-main/license.dll
Resource
win10v2004-20240221-en
General
-
Target
EulenFiveM-main/Loader.exe
-
Size
690KB
-
MD5
9ed99bd8432a2265d1f5fb611213168b
-
SHA1
e215f6bfcbc91ed8828ef54cb6840eae1dc72cd0
-
SHA256
dde02744526968833651a9f70be666ceec221599b03272c9c5fc5d729667dd72
-
SHA512
f75b9ad6823ae8c4e4f5c84202893ba60c9256853d8b3924d47d59a1668e979e485a920b43414b470c5e5fd02975ff81edea3c9a2ed3a16140c13170224f2f28
-
SSDEEP
12288:snlipr+FaVITo35RRLyAuilkjA/xZGHr9W8aSt2kTNvif8jedCLLA2Z:QipJIg5GFAp/St2qif8jMCLL1
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1544 2188 WerFault.exe Loader.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 2548 chrome.exe 2548 chrome.exe -
Suspicious use of AdjustPrivilegeToken 42 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe Token: SeShutdownPrivilege 2548 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
Processes:
chrome.exepid process 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
Processes:
chrome.exepid process 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe 2548 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
Loader.exechrome.exedescription pid process target process PID 2188 wrote to memory of 1544 2188 Loader.exe WerFault.exe PID 2188 wrote to memory of 1544 2188 Loader.exe WerFault.exe PID 2188 wrote to memory of 1544 2188 Loader.exe WerFault.exe PID 2188 wrote to memory of 1544 2188 Loader.exe WerFault.exe PID 2548 wrote to memory of 2640 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2640 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2640 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2672 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2420 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2420 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2420 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2476 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2476 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2476 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2476 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2476 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2476 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2476 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2476 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2476 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2476 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2476 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2476 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2476 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2476 2548 chrome.exe chrome.exe PID 2548 wrote to memory of 2476 2548 chrome.exe chrome.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\EulenFiveM-main\Loader.exe"C:\Users\Admin\AppData\Local\Temp\EulenFiveM-main\Loader.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2188 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 962⤵
- Program crash
PID:1544
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2548 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6a89758,0x7fef6a89768,0x7fef6a897782⤵PID:2640
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1348,i,14288858164836152055,12136714845820714931,131072 /prefetch:22⤵PID:2672
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1348,i,14288858164836152055,12136714845820714931,131072 /prefetch:82⤵PID:2420
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1348,i,14288858164836152055,12136714845820714931,131072 /prefetch:82⤵PID:2476
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1348,i,14288858164836152055,12136714845820714931,131072 /prefetch:12⤵PID:2724
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2344 --field-trial-handle=1348,i,14288858164836152055,12136714845820714931,131072 /prefetch:12⤵PID:616
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1448 --field-trial-handle=1348,i,14288858164836152055,12136714845820714931,131072 /prefetch:22⤵PID:1516
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3236 --field-trial-handle=1348,i,14288858164836152055,12136714845820714931,131072 /prefetch:12⤵PID:2756
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 --field-trial-handle=1348,i,14288858164836152055,12136714845820714931,131072 /prefetch:82⤵PID:1948
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4000 --field-trial-handle=1348,i,14288858164836152055,12136714845820714931,131072 /prefetch:12⤵PID:1912
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:992
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2608
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
195KB
MD5873734b55d4c7d35a177c8318b0caec7
SHA1469b913b09ea5b55e60098c95120cc9b935ddb28
SHA2564ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d
SHA51224f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
1KB
MD52c90941127e004fedd5f961d5405d3ec
SHA1cb79875da16c63016af49ca5052b1385e0fecd74
SHA256ab12fef34a045999772fe1d18468c5fcae093757d1b812e03ec459ddafc34566
SHA512d451f3f5b4e0f899f7f8e881a2b6e90b34dc20c17b9424ca911d2c9f5fc70c7317573c86ea967a8d5f0b6560e09a529c22a16ed71fd4f7555649b79ed7e6d7e7
-
Filesize
359B
MD5903316a011cc3b3a138d006f8ce37993
SHA1f4f27402bead548da88246c8fb137767105c9418
SHA256c9d0e9616d8563079136ef6a8f136aa04a14cbc57f9c62f361281a5464ee937d
SHA512c46639038b3c289dde5028c44ab80518551e0fa1559b6935a41034025be99cdc374a03d1ff8cdbb530814889c47a23f96ba1513faf09e66eb46709dd2c32b93c
-
Filesize
4KB
MD5e99435b205d4fcb3b85a3ca1a2435e2f
SHA160a12838101b681be6b044e5e2cc91ad6a4f759e
SHA25618acae0222fb134209715b307328f7f6f7d21d9a26ca526d2dc00ea42627bcbf
SHA512387818a90449f8d8f49deadcb2ded24c65ddd40da3d5723718e273c331314884537a8b974d952a7d34243b741ababb3545f1a55fe954919823c73fdbab3627ce
-
Filesize
4KB
MD5dcee4a2809dea72c4bd6d1ba18b20199
SHA168d29f8c83fec7760fbdbcc4199c0a15db4fa1fb
SHA2562ff4bbbac45ffa7c3e9df7bbcd49660ca9ccddd1ecd2be40d3a3e28cc60b31e4
SHA512e2866611301bdb907687b930a389b867702223b590650d38f646dbce53cef602d1187157ebc8e08657caa59073df1b9950e71a5d1f7ae4b47b4a625de6d7daa3
-
Filesize
4KB
MD59a1cf880ba90db9ed16657b37ef72a14
SHA189df6e88d79990fbab0a8687cfc9df61e990a1ef
SHA2560fb9b4e7473675a4f7af543b1f892bc17472563a78ddb42466f637dd19b1a68b
SHA512e88fae0c63d1d6b1a3f58af2713615feaf644f046b30697b9c23710d3c364425fb4591036fb87de07acaa00116b73b1970512a30563d64fe1b7c36c32f121200
-
Filesize
4KB
MD5f5470dd6885ef3c3048c6c6218d8c477
SHA173635194f2e615765f57616066f187ed254a0a9b
SHA256255e502a0a7b07737e6361e6988927bf2bf2d42d6030c9b4defcd4babbc4e1d7
SHA512f41f606929c12f9065f593295d71b3b67efdf2c628cb64fab854fe38952124b15e89837feee8d2e2c85c07b0490beddeeaaccd1d8769c6e665cd8907c293d640
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e