97f6ce221fb5921c55164697f09176f76f65a234f517196cdba347dac1570ee4

Analysis

max time kernel
0s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07/06/2024, 08:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/OWInstaller.exe
Size

298KB
MD5

bbac8c6550a77b63e858f50173d43e95
SHA1

a4b400e8538248b33b49e2d483be44f906d37b2a
SHA256

185e840fda52ea7ea3ae4e4f895be58f4c922469e59c472b1065efe7f5eb9b09
SHA512

f3e602e9e187fce546cb71929f07d299958c3411486d39668cc4374fba88acf375b6c6fd1436843f75b944944a663b46c9ba3cd2338ed3fa708dbe4bf55922d9
SSDEEP

6144:WpatEos7K0ICLs17TUOgFR5bu09bFyoSIm900lzq2lSlplKWcme:WpatqK0c7IOgF7qFoSU0vS8/

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3560	OWInstaller.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3560	OWInstaller.exe

C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\OWInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\OWInstaller.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3560
- C:\Windows\System32\DxDiag.exe
  "C:\Windows\System32\DxDiag.exe" /tC:\Users\Admin\AppData\Local\Overwolf\Temp\DxDiagOutput.txt
  2⤵
  PID:3180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Overwolf\Log\InstallerTrace_2024-06-07_08-56_3560.log

Filesize
462B

MD5
cf609e5685373f7a5857ef6e81e30c2e

SHA1
56e15a85268ad422330a70b74d5986da6f94e174

SHA256
f9d024b3f7e032d32bcae294fb888e15a5f0679ebec948a9dd14399f28625605

SHA512
282672369b45f0a91da9248dad5e9a6a9b605902544bc7153ea860bd4ec4bea094e7a9c4b3a11af79eca2d62a078203629dff97edc82f97dcec87f0679319a5d

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Settings\SettingsPageBasic.xml

Filesize
752B

MD5
c1b6577cf06c7a909a3a3aa6b9ad4e47

SHA1
9dab0dd166fb3c37ef94f5e53fca794172702f5a

SHA256
7c5558117a12587a4945f625adf0a3a82a09f55963062d44ae59e1e70d8ac3c4

SHA512
73ba5d3f42cde8947e0423e43dddbffd9fe437e1fbfdc3babd89bcf33e7761f12b99743c82b6f935ea1533415195a84ab3264c1fdbef1592c60853845d32341e

Download Submit
memory/3180-58-0x000002A823FE0000-0x000002A823FE1000-memory.dmp

Filesize
4KB

Download
memory/3180-61-0x000002A823FE0000-0x000002A823FE1000-memory.dmp

Filesize
4KB

Download
memory/3180-50-0x000002A823FE0000-0x000002A823FE1000-memory.dmp

Filesize
4KB

Download
memory/3180-51-0x000002A823FE0000-0x000002A823FE1000-memory.dmp

Filesize
4KB

Download
memory/3180-56-0x000002A823FE0000-0x000002A823FE1000-memory.dmp

Filesize
4KB

Download
memory/3180-57-0x000002A823FE0000-0x000002A823FE1000-memory.dmp

Filesize
4KB

Download
memory/3180-59-0x000002A823FE0000-0x000002A823FE1000-memory.dmp

Filesize
4KB

Download
memory/3180-60-0x000002A823FE0000-0x000002A823FE1000-memory.dmp

Filesize
4KB

Download
memory/3180-62-0x000002A823FE0000-0x000002A823FE1000-memory.dmp

Filesize
4KB

Download
memory/3180-52-0x000002A823FE0000-0x000002A823FE1000-memory.dmp

Filesize
4KB

Download
memory/3560-49-0x00007FF8B91A0000-0x00007FF8B9C61000-memory.dmp

Filesize
10.8MB

Download
memory/3560-48-0x0000024C64440000-0x0000024C64BE6000-memory.dmp

Filesize
7.6MB

Download
memory/3560-43-0x00007FF8B91A0000-0x00007FF8B9C61000-memory.dmp

Filesize
10.8MB

Download
memory/3560-0-0x00007FF8B91A3000-0x00007FF8B91A5000-memory.dmp

Filesize
8KB

Download
memory/3560-40-0x0000024460EA0000-0x0000024460EC2000-memory.dmp

Filesize
136KB

Download
memory/3560-2-0x0000024460940000-0x00000244609E4000-memory.dmp

Filesize
656KB

Download
memory/3560-1-0x0000024446500000-0x000002444654C000-memory.dmp

Filesize
304KB

Download
memory/3560-14-0x0000024460F00000-0x0000024460FB0000-memory.dmp

Filesize
704KB

Download
memory/3560-8-0x0000024448110000-0x0000024448128000-memory.dmp

Filesize
96KB

Download
memory/3560-3-0x0000024460FF0000-0x0000024461518000-memory.dmp

Filesize
5.2MB

Download
memory/3560-11-0x00007FF8B91A0000-0x00007FF8B9C61000-memory.dmp

Filesize
10.8MB

Download
memory/3560-4-0x00000244609F0000-0x0000024460A36000-memory.dmp

Filesize
280KB

Download