a470adb6cf33e829f7510afd928d11533c70bb5bab847facc136e0d14ec3ad08

Analysis

max time kernel
139s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 15:24

Target

game (3).exe
Size

898KB
MD5

dabbb3545c8a2fa2b046d34364a5cedc
SHA1

d2798e9425045fc573a942f0b8b651ea77dc367e
SHA256

a470adb6cf33e829f7510afd928d11533c70bb5bab847facc136e0d14ec3ad08
SHA512

f3e4e7eb1de344eff4d47b99b900d7a5c488d62b3b5637ab80072787d6816e9323fd276d9f500fe45df41304a03bf31d8d0eb4fffae7a84c17d87fe204a7a815
SSDEEP

12288:JFSNj4/ccbDT7zrow/9LXDWfTSu1mmCMP:rSNj4/ccbv7gCXDWbPC

Score

5^/10

Drops file in System32 directory 11 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	mspaint.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4092	mspaint.exe
4092	mspaint.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4092	mspaint.exe
3188	OpenWith.exe

C:\Users\Admin\AppData\Local\Temp\game (3).exe
"C:\Users\Admin\AppData\Local\Temp\game (3).exe"
1⤵
PID:3036

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:1284

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3188

memory/1284-1-0x000001BFCBBB0000-0x000001BFCBBC0000-memory.dmp

Filesize
64KB

Download
memory/1284-5-0x000001BFCC560000-0x000001BFCC570000-memory.dmp

Filesize
64KB

Download
memory/1284-12-0x000001BFD4840000-0x000001BFD4841000-memory.dmp

Filesize
4KB

Download
memory/1284-14-0x000001BFD48C0000-0x000001BFD48C1000-memory.dmp

Filesize
4KB

Download
memory/1284-16-0x000001BFD48C0000-0x000001BFD48C1000-memory.dmp

Filesize
4KB

Download
memory/1284-17-0x000001BFD4950000-0x000001BFD4951000-memory.dmp

Filesize
4KB

Download
memory/1284-18-0x000001BFD4950000-0x000001BFD4951000-memory.dmp

Filesize
4KB

Download
memory/1284-19-0x000001BFD4960000-0x000001BFD4961000-memory.dmp

Filesize
4KB

Download
memory/1284-20-0x000001BFD4960000-0x000001BFD4961000-memory.dmp

Filesize
4KB

Download
memory/3036-0-0x00007FF602410000-0x00007FF6024F6000-memory.dmp

Filesize
920KB

Download