Overview

overview

3

Static

static

3

Forza-Mods-AIO.exe

windows11-21h2-x64

1

Analysis

  • max time kernel
    90s
  • max time network
    94s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25-04-2024 18:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Forza-Mods-AIO.exe

  • Size

    9.1MB

  • MD5

    8492a03f3405e820cf601bba39e65e13

  • SHA1

    254c4bf345719d239033bd0a2b623f5923d96538

  • SHA256

    753d72ebbf5b257b77b27d2bcc097f1fa1476c21d15a18cf482b8dd30916efa4

  • SHA512

    2662c2fd998290a4330aab1093d52937b6a04319607d68f12b457be530a31279c862062047a7589ed88f2ad47b4f94f86fa1fb4fee2558aa0ee56cef2facdddd

  • SSDEEP

    49152:wYIJB/b53as1gM2bq7mTv+iru2ICLt/YUdj/g5t2gQlX03yEFNR3hIhwkm2vysyv:y151MysDlXV2phIME9o4QP7XW/sN

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 40 IoCs
  • Suspicious use of SendNotifyMessage 40 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Forza-Mods-AIO.exe
    "C:\Users\Admin\AppData\Local\Temp\Forza-Mods-AIO.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2412
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1912
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
      1⤵
        PID:4196
      • C:\Windows\system32\taskmgr.exe
        "C:\Windows\system32\taskmgr.exe" /0
        1⤵
        • Checks SCSI registry key(s)
        • Checks processor information in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1832

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1832-2-0x00000223E4BF0000-0x00000223E4BF1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1832-1-0x00000223E4BF0000-0x00000223E4BF1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1832-0-0x00000223E4BF0000-0x00000223E4BF1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1832-6-0x00000223E4BF0000-0x00000223E4BF1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1832-8-0x00000223E4BF0000-0x00000223E4BF1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1832-7-0x00000223E4BF0000-0x00000223E4BF1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1832-9-0x00000223E4BF0000-0x00000223E4BF1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1832-11-0x00000223E4BF0000-0x00000223E4BF1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1832-10-0x00000223E4BF0000-0x00000223E4BF1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1832-12-0x00000223E4BF0000-0x00000223E4BF1000-memory.dmp

        Filesize

        4KB

        Download