48fb197c4729a0355dd805266a2fb4dba95343d95a74ec26568b61953195d9ad

Analysis

max time kernel
148s
max time network
145s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
12/06/2024, 03:38 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/OWInstaller.exe
Size

325KB
MD5

d2d62837efe824f9df4e51c3aa7da8b6
SHA1

ca2c1f1a002d0a94d068f16ea812813acd28262a
SHA256

7373ae1e5aa96890b0d57a8208d69026b6dd4e6f7c96449b976b4ec723f72b32
SHA512

65d732a101bf9058cc89069f5ea1a8d95b7bb8c85e481180893746a0dfca587c64a1446a6dda023fca52f5cd595d4895776e16da438877caaa92be7d09cd3e59
SSDEEP

6144:huKDH8Zo5zUVQ5vvzL9baFoSpm9whNK632I6pbgvcp:huvGPN2oS1NRm

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.app.log	dxdiag.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	OWInstaller.exe

Modifies registry class 34 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID\ = "DxDiag.DxDiagClassObject"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\ = "DxDiagProvider Class"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\CLSID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CLSID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\ = "DxDiagProvider Class"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\ProgID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\ = "DxDiagClassObject Class"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ = "C:\\Windows\\SysWOW64\\dxdiagn.dll"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ = "DxDiagClassObject Class"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\VersionIndependentProgID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\ = "DxDiagClassObject Class"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove\ = "Programmable"	dxdiag.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
1700	OWInstaller.exe
1700	OWInstaller.exe
1700	OWInstaller.exe
1700	OWInstaller.exe
1700	OWInstaller.exe
2652	dxdiag.exe
2652	dxdiag.exe
1700	OWInstaller.exe
1700	OWInstaller.exe
1700	OWInstaller.exe
1700	OWInstaller.exe
1700	OWInstaller.exe
1700	OWInstaller.exe
1700	OWInstaller.exe
1700	OWInstaller.exe
1700	OWInstaller.exe
1700	OWInstaller.exe
1700	OWInstaller.exe
1700	OWInstaller.exe
1700	OWInstaller.exe
1700	OWInstaller.exe
1700	OWInstaller.exe
1700	OWInstaller.exe
1700	OWInstaller.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	1700	OWInstaller.exe
Token: SeRestorePrivilege	2652	dxdiag.exe
Token: SeRestorePrivilege	2652	dxdiag.exe
Token: SeRestorePrivilege	2652	dxdiag.exe
Token: SeRestorePrivilege	2652	dxdiag.exe
Token: SeRestorePrivilege	2652	dxdiag.exe
Token: SeRestorePrivilege	2652	dxdiag.exe
Token: SeRestorePrivilege	2652	dxdiag.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1700	OWInstaller.exe
1700	OWInstaller.exe
1700	OWInstaller.exe
2652	dxdiag.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 2496	1700	OWInstaller.exe	29
PID 1700 wrote to memory of 2496	1700	OWInstaller.exe	29
PID 1700 wrote to memory of 2496	1700	OWInstaller.exe	29
PID 2496 wrote to memory of 2652	2496	DxDiag.exe	30
PID 2496 wrote to memory of 2652	2496	DxDiag.exe	30
PID 2496 wrote to memory of 2652	2496	DxDiag.exe	30
PID 2496 wrote to memory of 2652	2496	DxDiag.exe	30

C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\OWInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\OWInstaller.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Windows\System32\DxDiag.exe
  "C:\Windows\System32\DxDiag.exe" /tC:\Users\Admin\AppData\Local\Overwolf\Temp\DxDiagOutput.txt
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2496
- - C:\Windows\SysWOW64\dxdiag.exe
    "C:\Windows\SysWOW64\dxdiag.exe" /tC:\Users\Admin\AppData\Local\Overwolf\Temp\DxDiagOutput.txt
    3⤵
    - Drops file in Windows directory
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:2652

Network

DNS

cdn.mxpnl.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

cdn.mxpnl.com

IN A
DNS

cdn.mxpnl.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

cdn.mxpnl.com

IN A
DNS

cdn.mxpnl.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

cdn.mxpnl.com

IN A
DNS

cdn.mxpnl.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

cdn.mxpnl.com

IN A
DNS

cdn.mxpnl.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

cdn.mxpnl.com

IN A
DNS

crl.microsoft.com

dxdiag.exe

Remote address:

8.8.8.8:53

Request

crl.microsoft.com

IN A
DNS

crl.microsoft.com

dxdiag.exe

Remote address:

8.8.8.8:53

Request

crl.microsoft.com

IN A
DNS

crl.microsoft.com

dxdiag.exe

Remote address:

8.8.8.8:53

Request

crl.microsoft.com

IN A
DNS

crl.microsoft.com

dxdiag.exe

Remote address:

8.8.8.8:53

Request

crl.microsoft.com

IN A
DNS

crl.microsoft.com

dxdiag.exe

Remote address:

8.8.8.8:53

Request

crl.microsoft.com

IN A
DNS

content.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

content.overwolf.com

IN A
DNS

content.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

content.overwolf.com

IN A
DNS

content.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

content.overwolf.com

IN A
DNS

content.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

content.overwolf.com

IN A
DNS

content.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

content.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

www.microsoft.com

dxdiag.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A
DNS

www.microsoft.com

dxdiag.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A
DNS

www.microsoft.com

dxdiag.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A
DNS

www.microsoft.com

dxdiag.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A
DNS

www.microsoft.com

dxdiag.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A
DNS

content.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

content.overwolf.com

IN A
DNS

content.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

content.overwolf.com

IN A
DNS

content.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

content.overwolf.com

IN A
DNS

content.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

content.overwolf.com

IN A
DNS

content.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

content.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A
DNS

analyticsnew.overwolf.com

OWInstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A

No results found

8.8.8.8:53

cdn.mxpnl.com

dns

OWInstaller.exe

295 B
5

DNS Request

cdn.mxpnl.com

DNS Request

cdn.mxpnl.com

DNS Request

cdn.mxpnl.com

DNS Request

cdn.mxpnl.com

DNS Request

cdn.mxpnl.com
8.8.8.8:53

crl.microsoft.com

dns

dxdiag.exe

315 B
5

DNS Request

crl.microsoft.com

DNS Request

crl.microsoft.com

DNS Request

crl.microsoft.com

DNS Request

crl.microsoft.com

DNS Request

crl.microsoft.com
8.8.8.8:53

content.overwolf.com

dns

OWInstaller.exe

330 B
5

DNS Request

content.overwolf.com

DNS Request

content.overwolf.com

DNS Request

content.overwolf.com

DNS Request

content.overwolf.com

DNS Request

content.overwolf.com
8.8.8.8:53

analyticsnew.overwolf.com

dns

OWInstaller.exe

355 B
5

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com
8.8.8.8:53

www.microsoft.com

dns

dxdiag.exe

315 B
5

DNS Request

www.microsoft.com

DNS Request

www.microsoft.com

DNS Request

www.microsoft.com

DNS Request

www.microsoft.com

DNS Request

www.microsoft.com
8.8.8.8:53

content.overwolf.com

dns

OWInstaller.exe

330 B
5

DNS Request

content.overwolf.com

DNS Request

content.overwolf.com

DNS Request

content.overwolf.com

DNS Request

content.overwolf.com

DNS Request

content.overwolf.com
8.8.8.8:53

analyticsnew.overwolf.com

dns

OWInstaller.exe

355 B
5

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com
8.8.8.8:53

analyticsnew.overwolf.com

dns

OWInstaller.exe

355 B
5

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com
8.8.8.8:53

analyticsnew.overwolf.com

dns

OWInstaller.exe

355 B
5

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com
8.8.8.8:53

analyticsnew.overwolf.com

dns

OWInstaller.exe

355 B
5

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com
8.8.8.8:53

analyticsnew.overwolf.com

dns

OWInstaller.exe

355 B
5

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com
8.8.8.8:53

analyticsnew.overwolf.com

dns

OWInstaller.exe

355 B
5

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com
8.8.8.8:53

analyticsnew.overwolf.com

dns

OWInstaller.exe

355 B
5

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com
8.8.8.8:53

analyticsnew.overwolf.com

dns

OWInstaller.exe

355 B
5

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com
8.8.8.8:53

analyticsnew.overwolf.com

dns

OWInstaller.exe

355 B
5

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com
8.8.8.8:53

analyticsnew.overwolf.com

dns

OWInstaller.exe

355 B
5

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com
8.8.8.8:53

analyticsnew.overwolf.com

dns

OWInstaller.exe

355 B
5

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

DNS Request

analyticsnew.overwolf.com

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Overwolf\Settings\SettingsPageBasic.xml

Filesize
202B

MD5
f066b38b3c10f5e4e756b62f73b29b7c

SHA1
49b2cf3ace3f048f8ab70c859422ae92ca285d32

SHA256
7f400843913514d7840c225444f844b9dde3ffea841929fa174e937395fd79bf

SHA512
aa4885733d0311ecf451d898f5f9a9cf00c24ab8236039997612ec93e302cab89c4100b266b60305d503e50c2b90d45cf11e26e308dbc8e4c1fe996ffe4912cd

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Temp\DxDiagOutput.txt

Filesize
15KB

MD5
a623777cbbd0c0bb1904f5ca020a1d81

SHA1
4477381e94adb5c286cbab6dc8e93866913be12b

SHA256
3feea5433542018306a25c433fe8ad1daffd5f7c515674a2956bbd56804682ef

SHA512
199574b0b7eaeca7743a4f64ee1111cacf64d4f30cc7bd43ad5912913b91383fa7ea0627335fcbdbea0419d005103811cb274e8a036ee0e9657c29d736c21c86

Download Submit
memory/1700-65-0x000007FEF5690000-0x000007FEF607C000-memory.dmp

Filesize
9.9MB

Download
memory/1700-0-0x000007FEF5693000-0x000007FEF5694000-memory.dmp

Filesize
4KB

Download
memory/1700-4-0x000007FEF5690000-0x000007FEF607C000-memory.dmp

Filesize
9.9MB

Download
memory/1700-5-0x0000000000B20000-0x0000000000B38000-memory.dmp

Filesize
96KB

Download
memory/1700-13-0x000000001BE00000-0x000000001BEB0000-memory.dmp

Filesize
704KB

Download
memory/1700-2-0x00000000006A0000-0x0000000000732000-memory.dmp

Filesize
584KB

Download
memory/1700-38-0x0000000025D70000-0x0000000026516000-memory.dmp

Filesize
7.6MB

Download
memory/1700-1-0x000000013F240000-0x000000013F292000-memory.dmp

Filesize
328KB

Download
memory/1700-62-0x000007FEF5693000-0x000007FEF5694000-memory.dmp

Filesize
4KB

Download
memory/1700-3-0x0000000000A50000-0x0000000000A96000-memory.dmp

Filesize
280KB

Download
memory/2652-73-0x00000000005A0000-0x00000000005A5000-memory.dmp

Filesize
20KB

Download
memory/2652-39-0x00000000005A0000-0x00000000005AA000-memory.dmp

Filesize
40KB

Download
memory/2652-40-0x00000000005A0000-0x00000000005AA000-memory.dmp

Filesize
40KB

Download
memory/2652-64-0x0000000002530000-0x000000000258C000-memory.dmp

Filesize
368KB

Download
memory/2652-67-0x0000000002530000-0x000000000258C000-memory.dmp

Filesize
368KB

Download
memory/2652-68-0x00000000005A0000-0x00000000005AA000-memory.dmp

Filesize
40KB

Download
memory/2652-66-0x0000000002530000-0x000000000258C000-memory.dmp

Filesize
368KB

Download
memory/2652-61-0x0000000001DB0000-0x0000000001DBA000-memory.dmp

Filesize
40KB

Download
memory/2652-72-0x0000000002350000-0x000000000237A000-memory.dmp

Filesize
168KB

Download
memory/2652-71-0x0000000002350000-0x000000000237A000-memory.dmp

Filesize
168KB

Download
memory/2652-69-0x00000000005A0000-0x00000000005AA000-memory.dmp

Filesize
40KB

Download
memory/2652-60-0x0000000001DB0000-0x0000000001DBA000-memory.dmp

Filesize
40KB

Download
memory/2652-63-0x0000000002530000-0x000000000258C000-memory.dmp

Filesize
368KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request