Overview

overview

10

Static

static

10

PC Buildin...er.exe

windows11-21h2-x64

4

PC Buildin...er.exe

macos-10.15-amd64

Analysis

  • max time kernel
    1778s
  • max time network
    1788s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    26-06-2024 21:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PC Building Simulator 2 v1.0-v1.6 Plus 9 Trainer.exe

  • Size

    1.5MB

  • MD5

    ac432710be3034102b6e8c410cef68d0

  • SHA1

    e3860c3c4ad0e5cada323c0ea3da16ff8345b8a9

  • SHA256

    6d24667f79a928f9c78e96ca0050113590d21dbd0180be145b88cd9f0e6855bb

  • SHA512

    058932076551c3b73beb99c99055bd49de0d9063de645c0a8a9fce86d279dbff1fe1b2244c60f18fac1e981f9b8502ec4fa3f51b90584e4e26e17b69cf06e050

  • SSDEEP

    24576:49l/xuBpt6eBtKWxSvwR8FQ8NQo0wngODSVXT5Xwdsrya3AWOE:Ulit68K4Sv+8TQ1XT5X4sr1w4

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PC Building Simulator 2 v1.0-v1.6 Plus 9 Trainer.exe
    "C:\Users\Admin\AppData\Local\Temp\PC Building Simulator 2 v1.0-v1.6 Plus 9 Trainer.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3360
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
    1⤵
      PID:4808
    • C:\Windows\System32\oobe\UserOOBEBroker.exe
      C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
      1⤵
      • Drops file in Windows directory
      PID:2412
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
      C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
      1⤵
        PID:2000
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k netsvcs -s LxpSvc
        1⤵
          PID:4792
        • C:\Windows\system32\cmd.exe
          "C:\Windows\system32\cmd.exe"
          1⤵
          • Suspicious use of WriteProcessMemory
          PID:1448
          • C:\Windows\system32\net.exe
            net user Admin *
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:4760
            • C:\Windows\system32\net1.exe
              C:\Windows\system32\net1 user Admin *
              3⤵
                PID:572

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/3360-0-0x00000249C3F80000-0x00000249C3FB4000-memory.dmp

            Filesize

            208KB

            Download

          • memory/3360-1-0x00007FFFFD683000-0x00007FFFFD685000-memory.dmp

            Filesize

            8KB

            Download

          • memory/3360-2-0x00007FFFFD680000-0x00007FFFFE142000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/3360-3-0x00007FFFFD680000-0x00007FFFFE142000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/3360-4-0x00007FFFFD680000-0x00007FFFFE142000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/3360-5-0x00007FFFFD680000-0x00007FFFFE142000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/3360-6-0x00007FFFFD680000-0x00007FFFFE142000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/3360-7-0x00000249E01A0000-0x00000249E01A8000-memory.dmp

            Filesize

            32KB

            Download

          • memory/3360-9-0x00000249E07E0000-0x00000249E07EE000-memory.dmp

            Filesize

            56KB

            Download

          • memory/3360-8-0x00000249E0810000-0x00000249E0848000-memory.dmp

            Filesize

            224KB

            Download

          • memory/3360-14-0x00007FFFFD680000-0x00007FFFFE142000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/3360-15-0x00007FFFFD680000-0x00007FFFFE142000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/3360-16-0x00007FFFFD680000-0x00007FFFFE142000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/3360-17-0x00007FFFFD680000-0x00007FFFFE142000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/3360-21-0x00007FFFFD680000-0x00007FFFFE142000-memory.dmp

            Filesize

            10.8MB

            Download