Resubmissions

08/05/2024, 20:14

240508-y1cebsfh84 5

08/05/2024, 20:11

240508-yygw2afg78 6

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    08/05/2024, 20:14

Errors

Reason
Machine shutdown

General

  • Target

    Steam.exe

  • Size

    4.2MB

  • MD5

    7c2056e7337a5f29d2e5d3c67830745f

  • SHA1

    d502f5c22895a859056930a5489192873cd04673

  • SHA256

    3f321dbbc60371a585d60b17e3f67386bf1792b430d20071ca0e3efd9dbae99d

  • SHA512

    c729dbee4d528d05d2a6d25ea105d8f34bb9087b9151c0b31a59337e444e4bccb1f3e49fce122fb3dd7b65132a15a0c8b5618c853287fecbe5427376200b2495

  • SSDEEP

    98304:+bgwm93udfvBtp0vrjT/KFdGRv/SrbeJo7P0:utm81pjWzEfbe27P0

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Steam.exe
    "C:\Users\Admin\AppData\Local\Temp\Steam.exe"
    1⤵
    • Checks processor information in registry
    • Modifies system certificate store
    PID:2208
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:2736
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x58c
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2712
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:1104

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\[email protected]_

        Filesize

        15KB

        MD5

        577b7286c7b05cecde9bea0a0d39740e

        SHA1

        144d97afe83738177a2dbe43994f14ec11e44b53

        SHA256

        983aa3928f15f5154266be7063a75e1fce87238bbe81a910219dea01d5376824

        SHA512

        8cd55264a6e973bb6683c6f376672b74a263b48b087240df8296735fd7ae6274ee688fdb16d7febad14288a866ea47e78b114c357a9b03471b1e72df053ebcb0

      • C:\Users\Admin\AppData\Local\Temp\package\tmp\graphics\icon_button_news_mousedown.tga_

        Filesize

        20KB

        MD5

        00bf35778a90f9dfa68ce0d1a032d9b5

        SHA1

        de6a3d102de9a186e1585be14b49390dcb9605d6

        SHA256

        cab3a68b64d8bf22c44080f12d7eab5b281102a8761f804224074ab1f6130fe2

        SHA512

        342c9732ef4185dee691c9c8657a56f577f9c90fc43a4330bdc173536750cee1c40af4adac4f47ac5aca6b80ab347ebe2d31d38ea540245b38ab72ee8718a041

      • C:\Users\Admin\AppData\Local\Temp\package\tmp\resource\filter_clean_bulgarian.txt.gz_

        Filesize

        23B

        MD5

        836dd6b25a8902af48cd52738b675e4b

        SHA1

        449347c06a872bedf311046bca8d316bfba3830b

        SHA256

        6feb83ca306745d634903cf09274b7baf0ac38e43c6b3fab1a608be344c3ef64

        SHA512

        6ab1e4a7fa9da6d33cee104344ba2ccb3e85cd2d013ba3e4c6790fd7fd482c85f5f76e9ae38c5190cdbbe246a48dae775501f7414bec4f6682a05685994e6b80

      • memory/1104-5983-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

        Filesize

        4KB

      • memory/2736-5982-0x0000000002E10000-0x0000000002E11000-memory.dmp

        Filesize

        4KB