1075b632bd8201d415c9311b4c84ae951904523efd76583f4b9a2259d86bdd3c

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/04/2024, 21:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GameOf15Installer.7z
Size

12.5MB
MD5

81f28f18e82f7197c194bca71ad40e3e
SHA1

0dff872da5a8ec94790589187e670dbdce237fb6
SHA256

1075b632bd8201d415c9311b4c84ae951904523efd76583f4b9a2259d86bdd3c
SHA512

f7a7d32103191b5594ba25b41ac629f242d32e58f722169c74f6c6ba8311010fa1434a6489f80ff098dd445e7e6f6f2fd9492e97611bac93a707b53de556bf6b
SSDEEP

393216:yvnpGMlAompLF0zDrcaCp7B2pZYGlldnF+kBkR+Q8x5K6LZ:2npGbomZFernZ1lpF+kWR+Q8y+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2436	PackageSetup.exe
2772	PackageSetup.exe
2340	PackageSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	2056	7zFM.exe
Token: 35	2056	7zFM.exe
Token: SeSecurityPrivilege	2056	7zFM.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2056	7zFM.exe
2056	7zFM.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 2056	2768	cmd.exe	29
PID 2768 wrote to memory of 2056	2768	cmd.exe	29
PID 2768 wrote to memory of 2056	2768	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\GameOf15Installer.7z
1⤵
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\GameOf15Installer.7z"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2056

C:\Users\Admin\Desktop\GameOf15Installer\PackageSetup.exe
"C:\Users\Admin\Desktop\GameOf15Installer\PackageSetup.exe"
1⤵
- Executes dropped EXE
PID:2436

C:\Users\Admin\Desktop\GameOf15Installer\PackageSetup.exe
"C:\Users\Admin\Desktop\GameOf15Installer\PackageSetup.exe"
1⤵
- Executes dropped EXE
PID:2772

C:\Users\Admin\Desktop\GameOf15Installer\PackageSetup.exe
"C:\Users\Admin\Desktop\GameOf15Installer\PackageSetup.exe"
1⤵
- Executes dropped EXE
PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\GameOf15Installer\PackageSetup.exe

Filesize
882KB

MD5
4d4862de2968202444a01288c196b2be

SHA1
9cafcfe680c38c27319177d55999cde5454b250c

SHA256
a826cc979c861d7e9ad2daff88dc7ceb3d9e77bf3ce4972ae69ba33038707987

SHA512
e9c146ba017c44b8a8410b645505b1960ab764ff2a400c019efad2c8ff521c902e5aa01cd958a307728078387c6b1714a86f6219256daa5838a2e915a47c8045

Download Submit