Overview

overview

7

Static

static

3

SteamAchie...25.zip

windows10-2004-x64

1

SteamAchie...25.zip

windows11-21h2-x64

1

LICENSE.txt

windows10-2004-x64

1

LICENSE.txt

windows11-21h2-x64

3

SAM.API.dll

windows10-2004-x64

1

SAM.API.dll

windows11-21h2-x64

1

SAM.Game.exe

windows10-2004-x64

7

SAM.Game.exe

windows11-21h2-x64

3

SAM.Picker.exe

windows10-2004-x64

6

SAM.Picker.exe

windows11-21h2-x64

1

git-log.txt

windows10-2004-x64

1

git-log.txt

windows11-21h2-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    203s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    30-05-2024 10:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SAM.Picker.exe

  • Size

    48KB

  • MD5

    2f414a5e3e0fe635d0b600c6cc4748ec

  • SHA1

    1bd4a146053c0e880e8e830836e9f3dbc762a823

  • SHA256

    3160d13693ca78a2b2d34308ea592e4c6a9616963cc94ad1319db8880748c02e

  • SHA512

    9eafe5c11169cb49d9b40cafc057a0dc2415949740cf50dd628b4eb7031f86d131df0d604f4ad985aa0e87059181fdf6b4e4ea0176e84b8a5a9cc34d78a0abcb

  • SSDEEP

    768:rnQUAsgG9p0i8p6h6X0n0PehcwXFwJ+PxFdKvs:zQpn6wSuehc7Mxas

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 33 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SAM.Picker.exe
    "C:\Users\Admin\AppData\Local\Temp\SAM.Picker.exe"
    1⤵
      PID:1408
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /0
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3572

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1408-0-0x000000007506E000-0x000000007506F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1408-1-0x00000000000F0000-0x0000000000102000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1408-2-0x0000000004AB0000-0x0000000004ABE000-memory.dmp

      Filesize

      56KB

      Download

    • memory/1408-3-0x0000000005440000-0x00000000059E6000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/1408-4-0x0000000004F90000-0x0000000005022000-memory.dmp

      Filesize

      584KB

      Download

    • memory/3572-6-0x000001B81D9E0000-0x000001B81D9E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3572-7-0x000001B81D9E0000-0x000001B81D9E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3572-8-0x000001B81D9E0000-0x000001B81D9E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3572-12-0x000001B81D9E0000-0x000001B81D9E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3572-13-0x000001B81D9E0000-0x000001B81D9E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3572-18-0x000001B81D9E0000-0x000001B81D9E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3572-17-0x000001B81D9E0000-0x000001B81D9E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3572-16-0x000001B81D9E0000-0x000001B81D9E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3572-15-0x000001B81D9E0000-0x000001B81D9E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3572-14-0x000001B81D9E0000-0x000001B81D9E1000-memory.dmp

      Filesize

      4KB

      Download