Overview

overview

5

Static

static

1

SteamSetup.exe

windows7-x64

4

SteamSetup.exe

windows10-2004-x64

4

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

Steam.exe

windows7-x64

Steam.exe

windows10-2004-x64

bin/SteamService.exe

windows7-x64

1

bin/SteamService.exe

windows10-2004-x64

1

uninstall.exe

windows7-x64

4

uninstall.exe

windows10-2004-x64

4

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...nk.dll

windows7-x64

3

$PLUGINSDI...nk.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Resubmissions

08-05-2024 20:14

240508-y1cebsfh84 5

08-05-2024 20:11

240508-yygw2afg78 6

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    08-05-2024 20:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SteamSetup.exe

  • Size

    2.3MB

  • MD5

    b1f4bc644f535c745341de0303631d9c

  • SHA1

    8d66e30416004cc2e98334a276c181ae1e67be55

  • SHA256

    5d8d697707c89466cfe203bde7e242680d020646bd5e49edaabd67fc6a7d6321

  • SHA512

    e3fc8eed9061dd8c555a26c29436c7c5218c6409096e37d11b34edcab448d5c3e9f7dff5e5c5ab2a0e3ee96da666b3be7f2b3f028fc122f35f74c51518aa0d44

  • SSDEEP

    49152:GDJvIRwCA97eXdXY1/aq95f9zRsBON2VGabSV9MbHv2XR3fHuc7ZEG5:vWC2KX5Y1X95VzvwpWVKrJW

Score
4/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2316

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsdCBF.tmp\System.dll
    Filesize

    22KB

    MD5

    a36fbe922ffac9cd85a845d7a813f391

    SHA1

    f656a613a723cc1b449034d73551b4fcdf0dcf1a

    SHA256

    fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

    SHA512

    1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsdCBF.tmp\nsDialogs.dll
    Filesize

    20KB

    MD5

    4e5bc4458afa770636f2806ee0a1e999

    SHA1

    76dcc64af867526f776ab9225e7f4fe076487765

    SHA256

    91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

    SHA512

    b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

    Download Submit