Analysis
-
max time kernel
51s -
max time network
53s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 23:42
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
PG3DInjector.exe
Resource
win10v2004-20240508-en
2 signatures
120 seconds
General
-
Target
PG3DInjector.exe
-
Size
76.1MB
-
MD5
666d27360a5154c9797e3644f22a4a67
-
SHA1
31b8aa2ef6eb33dbbb2fd1305114c806b854be35
-
SHA256
f4055022c94103087ce5fe4ee8493bc11e6fb9c788134fc732aa9ff5d05cb765
-
SHA512
042e32431b62d45a09b13f94f0699ec1d94b60c88705ca23ccbea9e939010bb99f98df437672694aa19e47a26aeb8f865a60053475b18d833ec6015b263dedbd
-
SSDEEP
393216:lQeufzJiVWHIFrrmsx5lv8QshCe9dlkEBO2/w0XzN2FX7RIMnBZ1IQ0P543WbtZV:l5utHUrrm2DEQshjlYPDA5UUVIa2Q
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 232 PG3DInjector.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 232 PG3DInjector.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\PG3DInjector.exe"C:\Users\Admin\AppData\Local\Temp\PG3DInjector.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:232
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:720