50da484e58a0ab599a1327a1349ae9c8e335bdfb2ec4b5b197dc96a8b486576b

Analysis

max time kernel
135s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 16:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50da484e58a0ab599a1327a1349ae9c8e335bdfb2ec4b5b197dc96a8b486576b.exe
Size

10.5MB
MD5

e44561ea93ea5e6ce33ef385a7e9a08a
SHA1

2525468e49491029367333c6e9b2a61382c815af
SHA256

50da484e58a0ab599a1327a1349ae9c8e335bdfb2ec4b5b197dc96a8b486576b
SHA512

bbb6fa5373f436439f4180b32d21cfc98146b91638c57ac62ce04d6e4d7e78b96964985e684a487d50e6b0198eee25e3598b737b5fbf3f3e62b47f07200e8a45
SSDEEP

196608:dCJBYlzkSIEc+waFvtCK4BbCSC3qzF1/goaSZzpBM:cUzkSU+FvV47Ccz/goa03

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3752	crashpad_handler.exe

Loads dropped DLL 2 IoCs

pid	Process
888	50da484e58a0ab599a1327a1349ae9c8e335bdfb2ec4b5b197dc96a8b486576b.exe
888	50da484e58a0ab599a1327a1349ae9c8e335bdfb2ec4b5b197dc96a8b486576b.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 888 wrote to memory of 3752	888	50da484e58a0ab599a1327a1349ae9c8e335bdfb2ec4b5b197dc96a8b486576b.exe	86
PID 888 wrote to memory of 3752	888	50da484e58a0ab599a1327a1349ae9c8e335bdfb2ec4b5b197dc96a8b486576b.exe	86

C:\Users\Admin\AppData\Local\Temp\50da484e58a0ab599a1327a1349ae9c8e335bdfb2ec4b5b197dc96a8b486576b.exe
"C:\Users\Admin\AppData\Local\Temp\50da484e58a0ab599a1327a1349ae9c8e335bdfb2ec4b5b197dc96a8b486576b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:888
- C:\Users\Admin\AppData\Local\Temp\424ccpvi.eyt\crashpad_handler.exe
  C:\Users\Admin\AppData\Local\Temp\424ccpvi.eyt\crashpad_handler.exe --no-rate-limit "--database=C:\Users\Admin\AppData\Local\Google\Play Games\CrashReporting\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Battlestar --annotation=ver=24.1.1687.0 --initial-client-data=0x6a0,0x6a4,0x6a8,0x640,0x6ac,0x7ff8a9b152c8,0x7ff8a9b152d8,0x7ff8a9b152e8
  2⤵
  - Executes dropped EXE
  PID:3752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\424ccpvi.eyt\CrashReporting.dll

Filesize
961KB

MD5
7b3f74266ca7cc7329eac63f8368db65

SHA1
db49159afcdf3676d6a6bc791f8f7c26ceeeb145

SHA256
9335fe5ed02defb1395ab3e02926edbf90205c40d2e8bfb6247df102307ba557

SHA512
930c4f1eeba8b1daf62ea3a29458dbcdd58c30c924d4e5ed5dc16073fafa7a8e2887c2e9627f970d197f848637f58b8cca6bd298a066e78c5d8eab7e0995bbb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\424ccpvi.eyt\crashpad_handler.exe

Filesize
1.1MB

MD5
168e890d04cfee8b8420c90d1d229364

SHA1
442f93cb1272b93cc3073f8eeb0732a3c60bc5c9

SHA256
f37ed95b97a9c6d6d48c2675defaa53e68b487d271e78294d1af3a431ac25b91

SHA512
29d4d3d3a880c70c8c44ea1496f09f4ca1bcbe071dd81e8c700a53d070d8240d0d819a9fe356f175554075a089f6945d7f6390fb1dcf4a152c064a71df3fa48a

Download Submit
C:\Users\Admin\AppData\Local\Temp\424ccpvi.eyt\recorder_delegate_lib.dll

Filesize
4.5MB

MD5
28f06bc35021d85a98539a035b2c9a71

SHA1
8d36ecb2b9e5270c1c5ac81bcd9bf858e9f61a8c

SHA256
231014af8dbc27ac20b222a00a2c3dfda4e0aa111fb710d7315b5b19e47a2f57

SHA512
cfec5eadc5cca9bc48006a80bca181ecf7949a2b9582ff5ca3ea577ec5892a10a8d4897fbc3e6eeb5b4a1b2de3d42d703cd2dae4c982668f93968e2de2e8599e

Download Submit
memory/888-18-0x0000021EA34B0000-0x0000021EA34B8000-memory.dmp

Filesize
32KB

Download
memory/888-2-0x0000021EA2030000-0x0000021EA20E6000-memory.dmp

Filesize
728KB

Download
memory/888-6-0x00007FF8AF060000-0x00007FF8AFB21000-memory.dmp

Filesize
10.8MB

Download
memory/888-7-0x0000021EA22F0000-0x0000021EA23FE000-memory.dmp

Filesize
1.1MB

Download
memory/888-8-0x0000021E88040000-0x0000021E8804E000-memory.dmp

Filesize
56KB

Download
memory/888-4-0x0000021E88030000-0x0000021E8803A000-memory.dmp

Filesize
40KB

Download
memory/888-9-0x0000021E89930000-0x0000021E89954000-memory.dmp

Filesize
144KB

Download
memory/888-10-0x0000021EA3260000-0x0000021EA32D8000-memory.dmp

Filesize
480KB

Download
memory/888-11-0x0000021EA32E0000-0x0000021EA3368000-memory.dmp

Filesize
544KB

Download
memory/888-12-0x0000021EA20F0000-0x0000021EA20F8000-memory.dmp

Filesize
32KB

Download
memory/888-13-0x0000021EA3530000-0x0000021EA35EA000-memory.dmp

Filesize
744KB

Download
memory/888-0-0x00007FF8AF063000-0x00007FF8AF065000-memory.dmp

Filesize
8KB

Download
memory/888-3-0x0000021E88010000-0x0000021E8801A000-memory.dmp

Filesize
40KB

Download
memory/888-5-0x0000021E89910000-0x0000021E89932000-memory.dmp

Filesize
136KB

Download
memory/888-28-0x0000021EA3B30000-0x0000021EA3B38000-memory.dmp

Filesize
32KB

Download
memory/888-31-0x0000021EA3B50000-0x0000021EA3B5E000-memory.dmp

Filesize
56KB

Download
memory/888-30-0x0000021EA7860000-0x0000021EA7898000-memory.dmp

Filesize
224KB

Download
memory/888-29-0x00007FF8AF060000-0x00007FF8AFB21000-memory.dmp

Filesize
10.8MB

Download
memory/888-32-0x00007FF8AF060000-0x00007FF8AFB21000-memory.dmp

Filesize
10.8MB

Download
memory/888-33-0x00007FF8AF060000-0x00007FF8AFB21000-memory.dmp

Filesize
10.8MB

Download
memory/888-34-0x0000021EA8B10000-0x0000021EA8B36000-memory.dmp

Filesize
152KB

Download
memory/888-1-0x0000021E87940000-0x0000021E87BF0000-memory.dmp

Filesize
2.7MB

Download
memory/888-37-0x00007FF8AF063000-0x00007FF8AF065000-memory.dmp

Filesize
8KB

Download
memory/888-38-0x00007FF8AF060000-0x00007FF8AFB21000-memory.dmp

Filesize
10.8MB

Download
memory/888-39-0x00007FF8AF060000-0x00007FF8AFB21000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads