Overview

overview

7

Static

static

3

GTA IV The...ed.exe

windows7-x64

7

GTA IV The...ed.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/03/2024, 13:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GTA IV The Lost and Damned.exe

  • Size

    17.7MB

  • MD5

    b79928e0e62e6380e3260b53b6e19810

  • SHA1

    93c069b48add9db641ae0c4b810757ee3a530bb7

  • SHA256

    2a3b5c7827f35397d3f0179a103a5afcd30516108611b8f422bd9e2a56ddcabb

  • SHA512

    26b09c044f24b9e2e10fdc1d6ff78a5ca23624b4eba72224d278b38a5ed9d72cc24d63ae382abfda3afdff5bfa01716eafbba02b3cfd3febb6b97688eb929325

  • SSDEEP

    393216:sF4DiwTvZ/DBCNxCnV7H3JnW2VIHdINMZudaXJQSmKDCaq8JaU4YjC:sF4DiwTvZ0KwRI2M46yvd2

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GTA IV The Lost and Damned.exe
    "C:\Users\Admin\AppData\Local\Temp\GTA IV The Lost and Damned.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1160
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x310 0x490
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2772
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1424 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1524

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\mrt858.tmp\cctrans.dll
      Filesize

      64KB

      MD5

      a20165b7e7dfee46a59e48c175523af0

      SHA1

      6ed627806753d11e1a121689369668294d15be74

      SHA256

      cba1c0fa69bc6b106408d06878390a5699cd2b25adfed1a2610ee01ae2524cbe

      SHA512

      a9295b814fe77aa4ba4dec5cbed790858852f775799fe9da01bf07d67fa294d4ca1c5a68c9255c3fb716d0dbeb8b5a5ea38b8ec72263f40957beafe7bf323cd4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\mrt858.tmp\mmf2d3d9.dll
      Filesize

      1.1MB

      MD5

      22284d6bb382967ff72363f828050e13

      SHA1

      5c98e25d24aacafffded9353c9526be0128c6dbd

      SHA256

      9eaa342059785bd584df956574c637e6d0e6016a099221a56e0397f8c86cd93f

      SHA512

      2e5a5bf115b1d2a07d0647b6f4925ab84301ca6354e3f3beb8d44f51900ff21b06b97b23128160fd94dfd33116d03094ca47c49143ae98473eaaed441f9705b2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\mrt858.tmp\mmfs2.dll
      Filesize

      459KB

      MD5

      4cf7bb74d8104280b7e986f4df21109d

      SHA1

      edc21a43136afddbf4786593e84b934d40591b74

      SHA256

      c0d56cefb509e5600ac6b430adcaf53b81881d3fff4e62b7ede158d66d826622

      SHA512

      2bbac48354657659795697e67508d777ee595348e1fb3d4b6c65d8618c346b3be0052b1e2e2fe669dcca19c3c00d59d1833acc21d88a97efbde2694935e3c292

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\mrt858.tmp\mp3flt.sft
      Filesize

      24KB

      MD5

      7beafd3ec0c36a1422387c43c49f68ff

      SHA1

      240e7d8534ed25dffb902a969826f4300a88dde6

      SHA256

      cd5bd7cc59eaf42bc0edf418ce6f077f9db369d5e3c414107b82492a877a6176

      SHA512

      44101803bd757bb7a84577aa1c087472a619da732dcdb3947b683cd7a7df30931e4c9973e06532859f9654c4ad3635db205e41fc7214a0f52537be91e87b2734

      Download Submit

    • memory/1160-27-0x0000000006970000-0x0000000006980000-memory.dmp

      Filesize

      64KB

      Download