Overview

overview

7

Static

static

3

95a9f7060d...18.exe

windows7-x64

7

95a9f7060d...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...se.rtf

windows7-x64

4

$PLUGINSDI...se.rtf

windows10-2004-x64

1

$PLUGINSDI...tn.dll

windows7-x64

3

$PLUGINSDI...tn.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...oc.dll

windows7-x64

3

$PLUGINSDI...oc.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$_47_/Web/error.html

windows7-x64

1

$_47_/Web/error.html

windows10-2004-x64

1

Accelerator.dll

windows7-x64

1

Accelerator.dll

windows10-2004-x64

1

Basicsurvey.exe

windows7-x64

1

Basicsurvey.exe

windows10-2004-x64

1

MouseHook.dll

windows7-x64

1

MouseHook.dll

windows10-2004-x64

1

Socks.dll

windows7-x64

1

Socks.dll

windows10-2004-x64

1

gamebox.exe

windows7-x64

6

gamebox.exe

windows10-2004-x64

6

tabGame.exe

windows7-x64

1

tabGame.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    129s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    04-06-2024 17:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gamebox.exe

  • Size

    2.1MB

  • MD5

    3bd4dd9dcef8070bf4a5c63eaf4e4fbb

  • SHA1

    3b478334cab0fdd4dfa3e204f3abdc82f74e0a5b

  • SHA256

    5fe2cb5db88b8c33b6f92add6b352b67e9a73797afa13d0da17a84aff38c2c14

  • SHA512

    7e55667839027b489c22b5666c736f38aea6b727c0078c52e064fec88e4fa3cba0ab55ab08d07f09678f00bc8bd8a3fbd8d7d2b0d3c373c6cca6063769861728

  • SSDEEP

    49152:DK0tPwL/4j8uHjFI4RiXiVUvThPBXH++kSteD5D121C7:ub4j8uRpRi7XH++kSU

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 31 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\gamebox.exe
    "C:\Users\Admin\AppData\Local\Temp\gamebox.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2272

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\37games\gamebox\Lander.ini
    Filesize

    87B

    MD5

    ecf65039fe6cc652303cd9f42659d2da

    SHA1

    632ec56c89baeb7011a075b265978b66ff6aeca7

    SHA256

    423062853777187d0734b672b8c15f7948e855623feb94aafcffcdea44ea8431

    SHA512

    26eb1a6432cb209d5775c734efc73f9667cb3411e07966ad694e9596a8b3083f42d689b1f978a51843251e45211d8190592468443a0969b122fdca3a618c045b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\37games\gamebox\Upgrade\app.ini
    Filesize

    211B

    MD5

    7e24410c1cc00eef38e7ed4b881f31b1

    SHA1

    bbb6241907bcd611a881211d120020d3efbdb592

    SHA256

    b6b3083ff0b1d428f92e176510b3a7a1e5274d9a4ffef0174f1f4e30f4ed2d31

    SHA512

    93c9c45971a42324b3fe0c445d86bae756a248f7e9e9c9ecc60bf1765432978282b2fc814c6071cd5b65946eb5c9b95cc2d45d021eaa6ce5a998d2f55f78154f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\37games\gamebox\option.ini
    Filesize

    847B

    MD5

    a3aed3f395c042f131a76390f74b3c9d

    SHA1

    d490a5319cbac06f8a06293f085e1c961a42dea6

    SHA256

    dcd6680bfd400614819793b8cae17f47e6dd91b228bbf89230f09a543be5d258

    SHA512

    c7f3a4c50982aa298fa634d30c874f510d124ba448a1251531d6ad50a0e0a3b783d63a5a90730d219ffbf5ef5c2a881bbc54217a5fed99a43985ea39ada05033

    Download Submit

  • memory/2272-11-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-12-0x0000000000400000-0x0000000000401000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-8-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-5-0x0000000000290000-0x0000000000291000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-1-0x0000000000110000-0x0000000000111000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-0-0x0000000000100000-0x0000000000101000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-9-0x00000000003D0000-0x00000000003D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-4-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-10-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-7-0x00000000003B0000-0x00000000003B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-13-0x0000000000410000-0x0000000000411000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-14-0x0000000000420000-0x0000000000421000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-15-0x0000000000430000-0x0000000000431000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-16-0x0000000000440000-0x0000000000441000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-18-0x0000000000460000-0x0000000000461000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-17-0x0000000000450000-0x0000000000451000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-19-0x0000000000470000-0x0000000000471000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-6-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-2-0x0000000000120000-0x0000000000121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-3-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download