4bfc4e3ef60c89fefdf173ece3d3e6e969cb0ba3d17f350778522fa5a7cbd89f | Triage

Submit
Reports

Overview

overview

Static

static

7

gameguard.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

gameguard.exe
Size

6.6MB
Sample

240426-v5nflshd8x
MD5

ba1fc250e9260dd77270c8ad02e6c9d3
SHA1

82f9498fb4d9e51385912cd6837005caaaf59c97
SHA256

4bfc4e3ef60c89fefdf173ece3d3e6e969cb0ba3d17f350778522fa5a7cbd89f
SHA512

f2f1725962599512d77e98f27d78b3d3a6803aa5f0828a3f79fa18a7313c903d81bd3b88e7b6ce8ccd63e88fe3ecc4d436faa50e298dba480707c6ec55a9c62c
SSDEEP

98304:gTeYcXsfRfz2ZOxUip5DPektRoTY7zj/2jrrWc63eCIE3BtUwzdBg4unZWXODavx:78fRb+OxU0xj7/2jrU3euvE4uZGOOPXx

Score

10^/10

evasion persistence themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

gameguard.exe

Resource

win10v2004-20240419-en

evasion persistence themida trojan

windows10-2004-x64

16 signatures

600 seconds

Malware Config

Targets

- Target
  
  gameguard.exe
- Size
  
  6.6MB
- MD5
  
  ba1fc250e9260dd77270c8ad02e6c9d3
- SHA1
  
  82f9498fb4d9e51385912cd6837005caaaf59c97
- SHA256
  
  4bfc4e3ef60c89fefdf173ece3d3e6e969cb0ba3d17f350778522fa5a7cbd89f
- SHA512
  
  f2f1725962599512d77e98f27d78b3d3a6803aa5f0828a3f79fa18a7313c903d81bd3b88e7b6ce8ccd63e88fe3ecc4d436faa50e298dba480707c6ec55a9c62c
- SSDEEP
  
  98304:gTeYcXsfRfz2ZOxUip5DPektRoTY7zj/2jrrWc63eCIE3BtUwzdBg4unZWXODavx:78fRb+OxU0xj7/2jrU3euvE4uZGOOPXx
Score

10^/10

evasion persistence themida trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies Windows Defender notification settings
  evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Modifies Windows Firewall
  evasion
- Stops running service(s)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Modifies WinLogon
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistencethemidatrojan

© 2018-2025

Terms | Privacy