d1132df2f76ce5a708ccf760732953f04f7922aecb2b86e9a5b1dd35494da72c

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 00:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GameMemoryOpt_x64.dll
Size

611KB
MD5

3e0dc4db77e7a5feaa7d6be62592a9d6
SHA1

21b968369a2881386fdf2109a84e1f05dbdb76df
SHA256

83119bcea617e27954fdc545ff07c826eeded29a4283d1daca9116a647ad1f6b
SHA512

3c0eb32826069a8fca17488fb2d8f768f2160a2a11b0ded06cf12e87d0bacfe6cceff44322c5ef8d44a9ead101734e3aee7f2adc644d519233bffbf6cb47e43d
SSDEEP

12288:50/Cc8xSbBAXHqCU4EfuRZiCwAQoyfAXD:50/C1SbBKqCwWR83AtyfAXD

Score

4^/10

persistence

Malware Config

Signatures

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Processes:

regsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E18ACF9-8A61-4A6C-A770-6F739037317F}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E18ACF9-8A61-4A6C-A770-6F739037317F}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\GameMemoryOpt_x64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E18ACF9-8A61-4A6C-A770-6F739037317F}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe

Modifies registry class 7 IoCs

Processes:

regsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E18ACF9-8A61-4A6C-A770-6F739037317F}\ = "Ludashi GameMaster"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E18ACF9-8A61-4A6C-A770-6F739037317F}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E18ACF9-8A61-4A6C-A770-6F739037317F}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\GameMemoryOpt_x64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E18ACF9-8A61-4A6C-A770-6F739037317F}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E18ACF9-8A61-4A6C-A770-6F739037317F}\Implemented Categories	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E18ACF9-8A61-4A6C-A770-6F739037317F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2E18ACF9-8A61-4A6C-A770-6F739037317F}	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\GameMemoryOpt_x64.dll
1⤵
- Registers COM server for autorun
- Modifies registry class
PID:1312

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1312-0-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads