ed0d06600261ca8d38795327291be69b5cf207f40f3e3b8953f0009a9e384342

Analysis

max time kernel
37s
max time network
47s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 12:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

x64/Release/GeforceNOW.exe
Size

1.0MB
MD5

0ad8838e095c6ed115489c977136bc64
SHA1

85b069abf0e39edaec2b82cc81e2f13954913145
SHA256

512ddbec83294b7417d335acdd7d220a86584e9bfe26338592cc2d584215f772
SHA512

bc742a2862d8097440c069a99bb06c2ab5bd595def1dd7b42a33de3ddafddb3910d6dfffb68c1d31fceb832e6c073bb8c0c58f82bd1a93b39c2080cd555c273e
SSDEEP

24576:0l3V88HeknV7j1oUVcxMX1bunErjO1sUX:0l3VRP1RbX1inEr9UX

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2828	OpenWith.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4264 wrote to memory of 532	4264	GeforceNOW.exe	101
PID 4264 wrote to memory of 532	4264	GeforceNOW.exe	101

C:\Users\Admin\AppData\Local\Temp\x64\Release\GeforceNOW.exe
"C:\Users\Admin\AppData\Local\Temp\x64\Release\GeforceNOW.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4264
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\1317163320-1144508047-26571154-1359645537.tmp
  2⤵
  - Modifies registry class
  PID:532

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads