Analysis

  • max time kernel
    181s
  • max time network
    189s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    04-03-2024 19:27

General

  • Target

    SteamConverter.exe

  • Size

    7.2MB

  • MD5

    cb83c73931c0fb473d873c7a970af0c9

  • SHA1

    4469b1edc2de72525ecedef6b8d19787c5253560

  • SHA256

    c10e6644c3ce7477a8f423d8d18a30798c5f3b4a4cdab531e247b73c0572d2f6

  • SHA512

    9dfcedf7f070189fac5bc979e82f5ef8070060f9361198c2b0aa291f3cb0582d242d977c43acbedcd8ee581f5289c1eeedac1e18026fbea6301045cd11e6e323

  • SSDEEP

    196608:TlobhCUWwXi/MFXBbIsNsuj+R226yrpxFD:psh2yi/yBUO+UtyFxF

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Obfuscated with Agile.Net obfuscator 34 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SteamConverter.exe
    "C:\Users\Admin\AppData\Local\Temp\SteamConverter.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    PID:368
  • C:\Windows\SysWOW64\werfault.exe
    werfault.exe /h /shared Global\cbfa946cbb0a4344845191f0572140d6 /t 352 /p 368
    1⤵
      PID:3728

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Local\Temp\b6e2897f-c180-459a-bb92-bbb942070e0b\BunifuDotNetRT.dll

      Filesize

      135KB

      MD5

      a20aa843d4c7d0509757dea2788cfbde

      SHA1

      31ca5e73c12613b2dc0c1ec383c76dd264786935

      SHA256

      b43ab8d1d08c773f443399f8610a433308a1857c89741e85b42adbb351c47c86

      SHA512

      f0a4a10d6b85380f875721137823a3314e53685d94d063c3d44377b40883eb9e6a50e77b94289ae1bf30d06c252b9318817674126fb9a555a17dc4a553e2d52d

    • memory/368-0-0x00000000732C0000-0x00000000739AE000-memory.dmp

      Filesize

      6.9MB

    • memory/368-1-0x0000000000630000-0x0000000000D6A000-memory.dmp

      Filesize

      7.2MB

    • memory/368-2-0x0000000005C90000-0x000000000618E000-memory.dmp

      Filesize

      5.0MB

    • memory/368-3-0x0000000005790000-0x0000000005822000-memory.dmp

      Filesize

      584KB

    • memory/368-4-0x0000000005780000-0x0000000005790000-memory.dmp

      Filesize

      64KB

    • memory/368-5-0x0000000005870000-0x000000000587A000-memory.dmp

      Filesize

      40KB

    • memory/368-6-0x0000000005990000-0x0000000005A34000-memory.dmp

      Filesize

      656KB

    • memory/368-14-0x000000006FF40000-0x000000006FF77000-memory.dmp

      Filesize

      220KB

    • memory/368-15-0x0000000071D30000-0x0000000071DB0000-memory.dmp

      Filesize

      512KB

    • memory/368-17-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-16-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-19-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-21-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-23-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-25-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-27-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-31-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-29-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-33-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-35-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-37-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-39-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-41-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-43-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-45-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-47-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-49-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-51-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-53-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-55-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-57-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-59-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-61-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-63-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-65-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-67-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-69-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-71-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-73-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-75-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-77-0x0000000005990000-0x0000000005A2D000-memory.dmp

      Filesize

      628KB

    • memory/368-2386-0x0000000006300000-0x0000000006366000-memory.dmp

      Filesize

      408KB

    • memory/368-2387-0x0000000005C70000-0x0000000005C86000-memory.dmp

      Filesize

      88KB

    • memory/368-2388-0x0000000005780000-0x0000000005790000-memory.dmp

      Filesize

      64KB

    • memory/368-2389-0x0000000005780000-0x0000000005790000-memory.dmp

      Filesize

      64KB

    • memory/368-2390-0x0000000009EB0000-0x000000000A04A000-memory.dmp

      Filesize

      1.6MB

    • memory/368-2765-0x00000000732C0000-0x00000000739AE000-memory.dmp

      Filesize

      6.9MB

    • memory/368-3085-0x0000000005780000-0x0000000005790000-memory.dmp

      Filesize

      64KB

    • memory/368-3400-0x000000006FF40000-0x000000006FF77000-memory.dmp

      Filesize

      220KB

    • memory/368-4967-0x0000000005780000-0x0000000005790000-memory.dmp

      Filesize

      64KB

    • memory/368-5319-0x0000000005780000-0x0000000005790000-memory.dmp

      Filesize

      64KB

    • memory/368-8948-0x000000000B2B0000-0x000000000B872000-memory.dmp

      Filesize

      5.8MB

    • memory/368-8949-0x0000000007140000-0x000000000715A000-memory.dmp

      Filesize

      104KB

    • memory/368-8950-0x0000000007170000-0x00000000071A6000-memory.dmp

      Filesize

      216KB

    • memory/368-8951-0x000000000BA80000-0x000000000BA88000-memory.dmp

      Filesize

      32KB

    • memory/368-8952-0x000000000BA90000-0x000000000BA9A000-memory.dmp

      Filesize

      40KB