Analysis
-
max time kernel
20s -
max time network
20s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
16-06-2024 16:38
Behavioral task
behavioral1
Sample
Gamesense (1).exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
Gamesense (1).exe
-
Size
18.5MB
-
MD5
0adc1b44d971f3f1dea4b70bd8e47f6f
-
SHA1
3955ef751f91bf0283877dc52c27dbe9a1dbd736
-
SHA256
2097b50fc84922fe4e6bbc4cb80ad01b631e8f4eefdffabc80df08979141bf95
-
SHA512
94fae545b96c234ba4710d4f5e7a5cc2c29f2595df2ff4e4b52e0c759680262043e46e9162f0e82c01d563f36674bdd421f42e20fc3d6fe4440dff5354895808
-
SSDEEP
393216:ZSLpLFG0zW0zkV8GP870Qj3+thpvLpTWwim72/kpW8wxUm:ZSLBz1ABUj3+vpvLpTLim7KiQl
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
Gamesense (1).exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Gamesense (1).exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
Gamesense (1).exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion Gamesense (1).exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion Gamesense (1).exe -
Processes:
resource yara_rule behavioral2/memory/604-1-0x00007FF6EF780000-0x00007FF6F290D000-memory.dmp themida behavioral2/memory/604-0-0x00007FF6EF780000-0x00007FF6F290D000-memory.dmp themida behavioral2/memory/604-2-0x00007FF6EF780000-0x00007FF6F290D000-memory.dmp themida behavioral2/memory/604-3-0x00007FF6EF780000-0x00007FF6F290D000-memory.dmp themida behavioral2/memory/604-4-0x00007FF6EF780000-0x00007FF6F290D000-memory.dmp themida behavioral2/memory/604-5-0x00007FF6EF780000-0x00007FF6F290D000-memory.dmp themida behavioral2/memory/604-6-0x00007FF6EF780000-0x00007FF6F290D000-memory.dmp themida behavioral2/memory/604-7-0x00007FF6EF780000-0x00007FF6F290D000-memory.dmp themida -
Processes:
Gamesense (1).exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Gamesense (1).exe