Overview

overview

6

Static

static

1

Install-Go...ta.exe

windows7-x64

4

Install-Go...ta.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    1561s
  • max time network
    1562s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    18/04/2024, 17:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Install-GooglePlayGames-Beta.exe

  • Size

    10.5MB

  • MD5

    ee33d017b5fafcd463c5660fcc5de8dc

  • SHA1

    a1285ecdcfd1c46877a751aaea49b476bb9f4cb5

  • SHA256

    953920dc9b464887366366b0a8e1fb63ee819c880ed0a34a31b7e8ef21833371

  • SHA512

    f99a4bd76a07465b12e138c563557ec88e28698249d48268e53849fa50ae21787d3ac66e86cdcadf399aefd87bc9d33eca602ea932ff4ce11fbf16e85fa980ba

  • SSDEEP

    196608:dCJBYlzkSIEc+waFvtCK4BbCSC3qzF1/goaSZzpBM:cUzkSU+FvV47Ccz/goa03

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Install-GooglePlayGames-Beta.exe
    "C:\Users\Admin\AppData\Local\Temp\Install-GooglePlayGames-Beta.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Users\Admin\AppData\Local\Temp\pwce0fyg.f4d\crashpad_handler.exe
      C:\Users\Admin\AppData\Local\Temp\pwce0fyg.f4d\crashpad_handler.exe --no-rate-limit "--database=C:\Users\Admin\AppData\Local\Google\Play Games\CrashReporting\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Battlestar --annotation=ver=24.1.1687.0 --initial-client-data=0x418,0x41c,0x420,0x3e4,0x424,0x7fef13452c8,0x7fef13452d8,0x7fef13452e8
      2⤵
      • Executes dropped EXE
      PID:2644

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\pwce0fyg.f4d\CrashReporting.dll
          Filesize

          961KB

          MD5

          7b3f74266ca7cc7329eac63f8368db65

          SHA1

          db49159afcdf3676d6a6bc791f8f7c26ceeeb145

          SHA256

          9335fe5ed02defb1395ab3e02926edbf90205c40d2e8bfb6247df102307ba557

          SHA512

          930c4f1eeba8b1daf62ea3a29458dbcdd58c30c924d4e5ed5dc16073fafa7a8e2887c2e9627f970d197f848637f58b8cca6bd298a066e78c5d8eab7e0995bbb1

          Download Submit

        • \Users\Admin\AppData\Local\Temp\pwce0fyg.f4d\crashpad_handler.exe
          Filesize

          1.1MB

          MD5

          168e890d04cfee8b8420c90d1d229364

          SHA1

          442f93cb1272b93cc3073f8eeb0732a3c60bc5c9

          SHA256

          f37ed95b97a9c6d6d48c2675defaa53e68b487d271e78294d1af3a431ac25b91

          SHA512

          29d4d3d3a880c70c8c44ea1496f09f4ca1bcbe071dd81e8c700a53d070d8240d0d819a9fe356f175554075a089f6945d7f6390fb1dcf4a152c064a71df3fa48a

          Download Submit

        • \Users\Admin\AppData\Local\Temp\pwce0fyg.f4d\recorder_delegate_lib.dll
          Filesize

          4.5MB

          MD5

          28f06bc35021d85a98539a035b2c9a71

          SHA1

          8d36ecb2b9e5270c1c5ac81bcd9bf858e9f61a8c

          SHA256

          231014af8dbc27ac20b222a00a2c3dfda4e0aa111fb710d7315b5b19e47a2f57

          SHA512

          cfec5eadc5cca9bc48006a80bca181ecf7949a2b9582ff5ca3ea577ec5892a10a8d4897fbc3e6eeb5b4a1b2de3d42d703cd2dae4c982668f93968e2de2e8599e

          Download Submit

        • memory/2360-14-0x0000000000880000-0x000000000088A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2360-20-0x00000000027D0000-0x00000000027D8000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2360-5-0x0000000000160000-0x000000000016A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2360-6-0x0000000000C70000-0x0000000000C92000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2360-7-0x000000001C180000-0x000000001C28E000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2360-8-0x0000000000180000-0x000000000018E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/2360-9-0x0000000000C90000-0x0000000000CB4000-memory.dmp

          Filesize

          144KB

          Download

        • memory/2360-10-0x0000000000CB0000-0x0000000000D28000-memory.dmp

          Filesize

          480KB

          Download

        • memory/2360-11-0x0000000002720000-0x00000000027A8000-memory.dmp

          Filesize

          544KB

          Download

        • memory/2360-12-0x0000000002690000-0x0000000002698000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2360-13-0x0000000000880000-0x000000000088A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2360-0-0x0000000000D40000-0x0000000000FF0000-memory.dmp

          Filesize

          2.7MB

          Download

        • memory/2360-15-0x000000001BCA0000-0x000000001BD20000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2360-4-0x0000000000150000-0x000000000015A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2360-21-0x000000001BCA0000-0x000000001BD20000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2360-3-0x00000000009A0000-0x0000000000A56000-memory.dmp

          Filesize

          728KB

          Download

        • memory/2360-2-0x000000001BCA0000-0x000000001BD20000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2360-34-0x000000001BCA0000-0x000000001BD20000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2360-35-0x000000001BC40000-0x000000001BC66000-memory.dmp

          Filesize

          152KB

          Download

        • memory/2360-1-0x000007FEF5C60000-0x000007FEF664C000-memory.dmp

          Filesize

          9.9MB

          Download

        • memory/2360-38-0x000007FEF5C60000-0x000007FEF664C000-memory.dmp

          Filesize

          9.9MB

          Download

        • memory/2360-39-0x000000001BCA0000-0x000000001BD20000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2360-40-0x0000000000880000-0x000000000088A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2360-41-0x0000000000880000-0x000000000088A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2360-42-0x000000001BCA0000-0x000000001BD20000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2360-43-0x000000001BCA0000-0x000000001BD20000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2360-44-0x000000001BCA0000-0x000000001BD20000-memory.dmp

          Filesize

          512KB

          Download