Resubmissions
25-02-2024 11:53
240225-n2n5eaah36 10Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
25-02-2024 11:53
Static task
static1
Behavioral task
behavioral1
Sample
EulenFiveM-main/Loader.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
EulenFiveM-main/Loader.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral3
Sample
EulenFiveM-main/license.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
EulenFiveM-main/license.dll
Resource
win10v2004-20240221-en
General
-
Target
EulenFiveM-main/Loader.exe
-
Size
690KB
-
MD5
9ed99bd8432a2265d1f5fb611213168b
-
SHA1
e215f6bfcbc91ed8828ef54cb6840eae1dc72cd0
-
SHA256
dde02744526968833651a9f70be666ceec221599b03272c9c5fc5d729667dd72
-
SHA512
f75b9ad6823ae8c4e4f5c84202893ba60c9256853d8b3924d47d59a1668e979e485a920b43414b470c5e5fd02975ff81edea3c9a2ed3a16140c13170224f2f28
-
SSDEEP
12288:snlipr+FaVITo35RRLyAuilkjA/xZGHr9W8aSt2kTNvif8jedCLLA2Z:QipJIg5GFAp/St2qif8jMCLL1
Malware Config
Extracted
lumma
https://gemcreedarticulateod.shop/api
https://secretionsuitcasenioise.shop/api
https://claimconcessionrebe.shop/api
https://liabilityarrangemenyit.shop/api
Signatures
Processes
-
C:\Users\Admin\AppData\Local\Temp\EulenFiveM-main\Loader.exe"C:\Users\Admin\AppData\Local\Temp\EulenFiveM-main\Loader.exe"1⤵PID:1756
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 10842⤵
- Program crash
PID:2020
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1756 -ip 17561⤵PID:824
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1560
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService1⤵PID:3432