Overview
overview
9Static
static
3l3oo/SC 1....ds.exe
windows7-x64
1l3oo/SC 1....ds.exe
windows10-2004-x64
1l3oo/SC 1.4.6/DMP.exe
windows7-x64
9l3oo/SC 1.4.6/DMP.exe
windows10-2004-x64
9l3oo/SC 1....uf.dll
windows7-x64
1l3oo/SC 1....uf.dll
windows10-2004-x64
1l3oo/SC 1....ts.dll
windows7-x64
1l3oo/SC 1....ts.dll
windows10-2004-x64
1l3oo/SC 1....rk.dll
windows7-x64
1l3oo/SC 1....rk.dll
windows10-2004-x64
1l3oo/SC 1....ta.dll
windows7-x64
1l3oo/SC 1....ta.dll
windows10-2004-x64
1l3oo/SC 1....er.exe
windows7-x64
1l3oo/SC 1....er.exe
windows10-2004-x64
1l3oo/SC 1....at.exe
windows7-x64
6l3oo/SC 1....at.exe
windows10-2004-x64
6l3oo/SC 1....er.exe
windows7-x64
3l3oo/SC 1....er.exe
windows10-2004-x64
3l3oo/SC 1....on.dll
windows7-x64
1l3oo/SC 1....on.dll
windows10-2004-x64
1Analysis
-
max time kernel
138s -
max time network
165s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 03:52
Static task
static1
Behavioral task
behavioral1
Sample
l3oo/SC 1.4.6/ActiveThreads.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
l3oo/SC 1.4.6/ActiveThreads.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
l3oo/SC 1.4.6/DMP.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
l3oo/SC 1.4.6/DMP.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
l3oo/SC 1.4.6/Google.Protobuf.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
l3oo/SC 1.4.6/Google.Protobuf.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
l3oo/SC 1.4.6/MetroFramework.Fonts.dll
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
l3oo/SC 1.4.6/MetroFramework.Fonts.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
l3oo/SC 1.4.6/MetroFramework.dll
Resource
win7-20240419-en
Behavioral task
behavioral10
Sample
l3oo/SC 1.4.6/MetroFramework.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
l3oo/SC 1.4.6/MySql.Data.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
l3oo/SC 1.4.6/MySql.Data.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
l3oo/SC 1.4.6/ProcessHacker.exe
Resource
win7-20240215-en
Behavioral task
behavioral14
Sample
l3oo/SC 1.4.6/ProcessHacker.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
l3oo/SC 1.4.6/SearchCheat.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
l3oo/SC 1.4.6/SearchCheat.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
l3oo/SC 1.4.6/Updater.exe
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
l3oo/SC 1.4.6/Updater.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
l3oo/SC 1.4.6/appExtension.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
l3oo/SC 1.4.6/appExtension.dll
Resource
win10v2004-20240426-en
General
-
Target
l3oo/SC 1.4.6/Updater.exe
-
Size
5KB
-
MD5
2405418539258e33534b687a1b773d5d
-
SHA1
5fb8e138d1686fd121b6020510c055667115c3ab
-
SHA256
5778e21d26b03fa45e77bdb3de448dd0121852a335df451681d164e3ecbda3c1
-
SHA512
ed7b13cc96afa59efe1c3791f05ad52876030a9d6fa15a50285b61e50184a0d66ddfeed88e4bfb875e04618e540d96cb5196d5a4d34e453b77f4d8e77081231e
-
SSDEEP
48:673VTRxOsWOrixhaOkG8bNMe+NQb9XO+zkYx0LmZsFtR7l+oIfFipfbNtm:ETxOoEhaj+N+zkYGLwozzNt
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3648 2388 WerFault.exe 90 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2388 Updater.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\l3oo\SC 1.4.6\Updater.exe"C:\Users\Admin\AppData\Local\Temp\l3oo\SC 1.4.6\Updater.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2388 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 14522⤵
- Program crash
PID:3648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3792 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:81⤵PID:3928
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2388 -ip 23881⤵PID:3192