Overview
overview
5Static
static
3Slinky.gg ...er.exe
windows7-x64
1Slinky.gg ...er.exe
windows10-2004-x64
1Slinky.gg ...d).exe
windows7-x64
1Slinky.gg ...d).exe
windows10-2004-x64
1Slinky.gg ...ry.dll
windows7-x64
5Slinky.gg ...ry.dll
windows10-2004-x64
5Slinky.gg ...ok.dll
windows7-x64
1Slinky.gg ...ok.dll
windows10-2004-x64
1Slinky.gg ...ck.bat
windows7-x64
1Slinky.gg ...ck.bat
windows10-2004-x64
1Analysis
-
max time kernel
151s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29-06-2024 17:59
Static task
static1
Behavioral task
behavioral1
Sample
Slinky.gg (Cracked)/Loader.exe
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral2
Sample
Slinky.gg (Cracked)/Loader.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Slinky.gg (Cracked)/Slinky (Cracked).exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
Slinky.gg (Cracked)/Slinky (Cracked).exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Slinky.gg (Cracked)/slinky_library.dll
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral6
Sample
Slinky.gg (Cracked)/slinky_library.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Slinky.gg (Cracked)/slinkyhook.dll
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral8
Sample
Slinky.gg (Cracked)/slinkyhook.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Slinky.gg (Cracked)/start-quick.bat
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral10
Sample
Slinky.gg (Cracked)/start-quick.bat
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
Slinky.gg (Cracked)/start-quick.bat
-
Size
44B
-
MD5
e46151f32afa2e98c578df82d8b27832
-
SHA1
9d45f9fba8f2a263663fcf9cab6313485be19e3c
-
SHA256
90324ac004e0d9f7a5aac10182916bb507a2a21a6b4ae02dbf90a6207f218f0c
-
SHA512
7d8498b81a99dda2a41f141d2243b47615af1cdda60f8753a0f095c51f756213043d9c00f8513ac346866ae39ca50a5a74d1ec27d37080b0624ac681ef4d2500
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe 1744 Loader.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 1824 wrote to memory of 1744 1824 cmd.exe 90 PID 1824 wrote to memory of 1744 1824 cmd.exe 90
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Slinky.gg (Cracked)\start-quick.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:1824 -
C:\Users\Admin\AppData\Local\Temp\Slinky.gg (Cracked)\Loader.exeLoader.exe2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3644 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:81⤵PID:4592