Malware Analysis Report

2024-11-30 19:22

Sample ID 240304-x59pysbh54
Target SteamConverter.exe
SHA256 c10e6644c3ce7477a8f423d8d18a30798c5f3b4a4cdab531e247b73c0572d2f6
Tags
agilenet
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

c10e6644c3ce7477a8f423d8d18a30798c5f3b4a4cdab531e247b73c0572d2f6

Threat Level: Shows suspicious behavior

The file SteamConverter.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

agilenet

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Unsigned PE

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-03-04 19:27

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-04 19:27

Reported

2024-03-04 19:30

Platform

win10-20240221-en

Max time kernel

181s

Max time network

189s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SteamConverter.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SteamConverter.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SteamConverter.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\SteamConverter.exe

"C:\Users\Admin\AppData\Local\Temp\SteamConverter.exe"

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\cbfa946cbb0a4344845191f0572140d6 /t 352 /p 368

Network

Country Destination Domain Proto
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
GB 23.214.154.77:443 api.steampowered.com tcp
DE 162.254.197.38:27018 tcp
US 8.8.8.8:53 77.154.214.23.in-addr.arpa udp
US 8.8.8.8:53 38.197.254.162.in-addr.arpa udp
US 8.8.8.8:53 67.112.168.52.in-addr.arpa udp
US 8.8.8.8:53 198.178.17.96.in-addr.arpa udp

Files

memory/368-0-0x00000000732C0000-0x00000000739AE000-memory.dmp

memory/368-1-0x0000000000630000-0x0000000000D6A000-memory.dmp

memory/368-2-0x0000000005C90000-0x000000000618E000-memory.dmp

memory/368-3-0x0000000005790000-0x0000000005822000-memory.dmp

memory/368-4-0x0000000005780000-0x0000000005790000-memory.dmp

memory/368-5-0x0000000005870000-0x000000000587A000-memory.dmp

memory/368-6-0x0000000005990000-0x0000000005A34000-memory.dmp

\Users\Admin\AppData\Local\Temp\b6e2897f-c180-459a-bb92-bbb942070e0b\BunifuDotNetRT.dll

MD5 a20aa843d4c7d0509757dea2788cfbde
SHA1 31ca5e73c12613b2dc0c1ec383c76dd264786935
SHA256 b43ab8d1d08c773f443399f8610a433308a1857c89741e85b42adbb351c47c86
SHA512 f0a4a10d6b85380f875721137823a3314e53685d94d063c3d44377b40883eb9e6a50e77b94289ae1bf30d06c252b9318817674126fb9a555a17dc4a553e2d52d

memory/368-14-0x000000006FF40000-0x000000006FF77000-memory.dmp

memory/368-15-0x0000000071D30000-0x0000000071DB0000-memory.dmp

memory/368-17-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-16-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-19-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-21-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-23-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-25-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-27-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-31-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-29-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-33-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-35-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-37-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-39-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-41-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-43-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-45-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-47-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-49-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-51-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-53-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-55-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-57-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-59-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-61-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-63-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-65-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-67-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-69-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-71-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-73-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-75-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-77-0x0000000005990000-0x0000000005A2D000-memory.dmp

memory/368-2386-0x0000000006300000-0x0000000006366000-memory.dmp

memory/368-2387-0x0000000005C70000-0x0000000005C86000-memory.dmp

memory/368-2388-0x0000000005780000-0x0000000005790000-memory.dmp

memory/368-2389-0x0000000005780000-0x0000000005790000-memory.dmp

memory/368-2390-0x0000000009EB0000-0x000000000A04A000-memory.dmp

memory/368-2765-0x00000000732C0000-0x00000000739AE000-memory.dmp

memory/368-3085-0x0000000005780000-0x0000000005790000-memory.dmp

memory/368-3400-0x000000006FF40000-0x000000006FF77000-memory.dmp

memory/368-4967-0x0000000005780000-0x0000000005790000-memory.dmp

memory/368-5319-0x0000000005780000-0x0000000005790000-memory.dmp

memory/368-8948-0x000000000B2B0000-0x000000000B872000-memory.dmp

memory/368-8949-0x0000000007140000-0x000000000715A000-memory.dmp

memory/368-8950-0x0000000007170000-0x00000000071A6000-memory.dmp

memory/368-8951-0x000000000BA80000-0x000000000BA88000-memory.dmp

memory/368-8952-0x000000000BA90000-0x000000000BA9A000-memory.dmp