Overview

overview

7

Static

static

3

7c351dbf29...18.exe

windows7-x64

7

7c351dbf29...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...se.rtf

windows7-x64

4

$PLUGINSDI...se.rtf

windows10-2004-x64

1

$PLUGINSDI...tn.dll

windows7-x64

3

$PLUGINSDI...tn.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...oc.dll

windows7-x64

3

$PLUGINSDI...oc.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$_47_/Web/error.html

windows7-x64

1

$_47_/Web/error.html

windows10-2004-x64

1

Accelerator.dll

windows7-x64

1

Accelerator.dll

windows10-2004-x64

1

Basicsurvey.exe

windows7-x64

1

Basicsurvey.exe

windows10-2004-x64

1

BoxDoctor.exe

windows7-x64

1

BoxDoctor.exe

windows10-2004-x64

1

MouseHook.dll

windows7-x64

1

MouseHook.dll

windows10-2004-x64

1

Socks.dll

windows7-x64

1

Socks.dll

windows10-2004-x64

1

gamebox.exe

windows7-x64

6

gamebox.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-05-2024 07:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gamebox.exe

  • Size

    2.8MB

  • MD5

    b165f9c47b5ce6d45bdf892a3bc1bdcc

  • SHA1

    17c112a2267deb9e84dcd20c6d9cc5018073eb4f

  • SHA256

    31b07b764a2990629b0072e8d5148cfb8f731a38a13477629994e41d881c2130

  • SHA512

    32134928bf1a1ddf9a0b4fa9c80c9bb43d28921edb074653cdbd721f91eef28f03bd8f9aa508f97d9adfcdd5447cff9a60c232064e3fd4375bba6d9386f1f7bb

  • SSDEEP

    49152:vRLoo8J+cSPDzOKjTrJM/I31lQND4Aml8bee5WmL7iTPDTNXH+Set69mzSed:vJV2+cSr6Kjq/IAND91Ce5vXeXH+Su

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious behavior: EnumeratesProcesses 62 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\gamebox.exe
    "C:\Users\Admin\AppData\Local\Temp\gamebox.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:4700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\37games\gamebox\Lander.ini
    Filesize

    87B

    MD5

    5d7d89bfb483aa69c9ff39e2d46c8b8c

    SHA1

    8a95724c1bce2fdbb12acb194d2ca6e562d54394

    SHA256

    13e9400b6a2207239cca16aa02cf25e569d5b8ae21e6e52bdddc97872c98a56f

    SHA512

    32bc32209a6c4cae43e94a623e0c2578c85f7f231c86d2897a50987011686701050a5c8b2744713321a078d9bde1dcf113bdec618aa1023eecefe44f483984a3

    Download Submit

  • memory/4700-10-0x00000000005E0000-0x00000000005E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4700-18-0x0000000002670000-0x0000000002671000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4700-3-0x0000000000040000-0x0000000000041000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4700-4-0x0000000000050000-0x0000000000051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4700-5-0x0000000000060000-0x0000000000061000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4700-6-0x0000000000070000-0x0000000000071000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4700-7-0x0000000000080000-0x0000000000081000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4700-11-0x0000000000E20000-0x0000000000E21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4700-1-0x0000000000020000-0x0000000000021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4700-2-0x0000000000030000-0x0000000000031000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4700-8-0x0000000000090000-0x0000000000091000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4700-12-0x0000000000E30000-0x0000000000E31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4700-13-0x0000000000E40000-0x0000000000E41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4700-14-0x0000000000E50000-0x0000000000E51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4700-15-0x0000000000E60000-0x0000000000E61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4700-16-0x0000000000E70000-0x0000000000E71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4700-17-0x0000000000E80000-0x0000000000E81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4700-0-0x0000000000010000-0x0000000000011000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4700-19-0x0000000002680000-0x0000000002681000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4700-9-0x00000000000A0000-0x00000000000A1000-memory.dmp

    Filesize

    4KB

    Download