54dad801958518339d3b5dd19a4b1d759c0645f6dd4055164d06bd6dada95496

Analysis

max time kernel
146s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
26/05/2024, 04:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Free Fire.exe
Size

10.5MB
MD5

d4c186863eabd97d590273223ca616a0
SHA1

a21424f88cd8d53296aec934b9b5f3dd755612fd
SHA256

54dad801958518339d3b5dd19a4b1d759c0645f6dd4055164d06bd6dada95496
SHA512

c3a54bd219afd4460c5f543aebc35a041342d04452ef2a70f605f3c077a76e4354f2b1794e9f2a3aae46a5e51c7371d2eaa9f4f9b29ab56fb92d2dd568aa2823
SSDEEP

196608:dCJBYlzkSIEc+waFvtCK4BbCSC3qzF1/goaSZzpBM:cUzkSU+FvV47Ccz/goa03

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3868	crashpad_handler.exe

Loads dropped DLL 2 IoCs

pid	Process
4652	Free Fire.exe
4652	Free Fire.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4652	Free Fire.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4652 wrote to memory of 3868	4652	Free Fire.exe	81
PID 4652 wrote to memory of 3868	4652	Free Fire.exe	81

C:\Users\Admin\AppData\Local\Temp\Free Fire.exe
"C:\Users\Admin\AppData\Local\Temp\Free Fire.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4652
- C:\Users\Admin\AppData\Local\Temp\1pxoetcf.b4u\crashpad_handler.exe
  C:\Users\Admin\AppData\Local\Temp\1pxoetcf.b4u\crashpad_handler.exe --no-rate-limit "--database=C:\Users\Admin\AppData\Local\Google\Play Games\CrashReporting\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Battlestar --annotation=ver=24.1.1687.0 --initial-client-data=0x694,0x698,0x69c,0x674,0x6a0,0x7ffde7b552c8,0x7ffde7b552d8,0x7ffde7b552e8
  2⤵
  - Executes dropped EXE
  PID:3868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1pxoetcf.b4u\CrashReporting.dll

Filesize
961KB

MD5
7b3f74266ca7cc7329eac63f8368db65

SHA1
db49159afcdf3676d6a6bc791f8f7c26ceeeb145

SHA256
9335fe5ed02defb1395ab3e02926edbf90205c40d2e8bfb6247df102307ba557

SHA512
930c4f1eeba8b1daf62ea3a29458dbcdd58c30c924d4e5ed5dc16073fafa7a8e2887c2e9627f970d197f848637f58b8cca6bd298a066e78c5d8eab7e0995bbb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\1pxoetcf.b4u\crashpad_handler.exe

Filesize
1.1MB

MD5
168e890d04cfee8b8420c90d1d229364

SHA1
442f93cb1272b93cc3073f8eeb0732a3c60bc5c9

SHA256
f37ed95b97a9c6d6d48c2675defaa53e68b487d271e78294d1af3a431ac25b91

SHA512
29d4d3d3a880c70c8c44ea1496f09f4ca1bcbe071dd81e8c700a53d070d8240d0d819a9fe356f175554075a089f6945d7f6390fb1dcf4a152c064a71df3fa48a

Download Submit
C:\Users\Admin\AppData\Local\Temp\1pxoetcf.b4u\recorder_delegate_lib.dll

Filesize
4.5MB

MD5
28f06bc35021d85a98539a035b2c9a71

SHA1
8d36ecb2b9e5270c1c5ac81bcd9bf858e9f61a8c

SHA256
231014af8dbc27ac20b222a00a2c3dfda4e0aa111fb710d7315b5b19e47a2f57

SHA512
cfec5eadc5cca9bc48006a80bca181ecf7949a2b9582ff5ca3ea577ec5892a10a8d4897fbc3e6eeb5b4a1b2de3d42d703cd2dae4c982668f93968e2de2e8599e

Download Submit
memory/4652-18-0x000001CE7E710000-0x000001CE7E718000-memory.dmp

Filesize
32KB

Download
memory/4652-2-0x000001CE7E120000-0x000001CE7E1D6000-memory.dmp

Filesize
728KB

Download
memory/4652-6-0x000001CE64080000-0x000001CE640A2000-memory.dmp

Filesize
136KB

Download
memory/4652-5-0x000001CE64050000-0x000001CE6405A000-memory.dmp

Filesize
40KB

Download
memory/4652-7-0x000001CE7E320000-0x000001CE7E42E000-memory.dmp

Filesize
1.1MB

Download
memory/4652-8-0x000001CE64060000-0x000001CE6406E000-memory.dmp

Filesize
56KB

Download
memory/4652-9-0x000001CE640A0000-0x000001CE640C4000-memory.dmp

Filesize
144KB

Download
memory/4652-10-0x000001CE7E430000-0x000001CE7E4A8000-memory.dmp

Filesize
480KB

Download
memory/4652-11-0x000001CE7E4B0000-0x000001CE7E538000-memory.dmp

Filesize
544KB

Download
memory/4652-12-0x000001CE64150000-0x000001CE64158000-memory.dmp

Filesize
32KB

Download
memory/4652-13-0x000001CE7E790000-0x000001CE7E84A000-memory.dmp

Filesize
744KB

Download
memory/4652-0-0x00007FFDEFC33000-0x00007FFDEFC35000-memory.dmp

Filesize
8KB

Download
memory/4652-3-0x00007FFDEFC30000-0x00007FFDF06F2000-memory.dmp

Filesize
10.8MB

Download
memory/4652-4-0x000001CE64040000-0x000001CE6404A000-memory.dmp

Filesize
40KB

Download
memory/4652-28-0x000001CE7E780000-0x000001CE7E788000-memory.dmp

Filesize
32KB

Download
memory/4652-30-0x000001CE7F780000-0x000001CE7F78E000-memory.dmp

Filesize
56KB

Download
memory/4652-29-0x000001CE7F7C0000-0x000001CE7F7F8000-memory.dmp

Filesize
224KB

Download
memory/4652-31-0x00007FFDEFC30000-0x00007FFDF06F2000-memory.dmp

Filesize
10.8MB

Download
memory/4652-32-0x000001CE038B0000-0x000001CE038D6000-memory.dmp

Filesize
152KB

Download
memory/4652-1-0x000001CE63970000-0x000001CE63C20000-memory.dmp

Filesize
2.7MB

Download
memory/4652-35-0x00007FFDEFC30000-0x00007FFDF06F2000-memory.dmp

Filesize
10.8MB

Download
memory/4652-36-0x000001CE7FE10000-0x000001CE7FF98000-memory.dmp

Filesize
1.5MB

Download
memory/4652-37-0x00007FFDEFC30000-0x00007FFDF06F2000-memory.dmp

Filesize
10.8MB

Download
memory/4652-38-0x000001CE03A50000-0x000001CE03A56000-memory.dmp

Filesize
24KB

Download
memory/4652-39-0x00007FFDEFC33000-0x00007FFDEFC35000-memory.dmp

Filesize
8KB

Download
memory/4652-40-0x00007FFDEFC30000-0x00007FFDF06F2000-memory.dmp

Filesize
10.8MB

Download
memory/4652-41-0x00007FFDEFC30000-0x00007FFDF06F2000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads