Overview

overview

10

Static

static

3

21434ba1af...18.exe

windows7-x64

10

21434ba1af...18.exe

windows10-2004-x64

10

AmazonGamesSetup.exe

windows7-x64

6

AmazonGamesSetup.exe

windows10-2004-x64

6

LIXVoWXPPCyc5Jy.exe

windows7-x64

10

LIXVoWXPPCyc5Jy.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-07-2024 05:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LIXVoWXPPCyc5Jy.exe

  • Size

    2.5MB

  • MD5

    cef6d09b553a93f81942da9838b1ac57

  • SHA1

    c32fbf54b54dadabbae600645c417c163234daf5

  • SHA256

    d9aa21479a1a55d57839aee6310cd6853b2bc5215337aa72316a96f7be7ff3e5

  • SHA512

    05ed612b7d2e14b034a391d45b578e0eda2b52be3b8eeccb3534872de61d05d95b4b3e7f10bfa01ef6913d29a24404c8cf635c804f9fbe2820321078d1007928

  • SSDEEP

    49152:SoSto6fCl0KeaNs68/bXvlM28MTVTc6hhCkJNV8VicCFiO1:S9+0P9/rBRVTpIkJN+YcLO

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe
    "C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe"
    1⤵
    • Checks computer location settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2976
    • C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\AGbGTkAzcl" /XML "C:\Users\Admin\AppData\Local\Temp\tmpAE5C.tmp"
      2⤵
      • Scheduled Task/Job: Scheduled Task
      PID:4528
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
      "{path}"
      2⤵
        PID:4980
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
        "{path}"
        2⤵
          PID:2764
        • C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
          "{path}"
          2⤵
            PID:1312
          • C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
            "{path}"
            2⤵
              PID:3840
            • C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
              "{path}"
              2⤵
                PID:652
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3476,i,6041070687820623968,3004230300437737550,262144 --variations-seed-version --mojo-platform-channel-handle=4364 /prefetch:8
              1⤵
                PID:3156

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\tmpAE5C.tmp
                Filesize

                1KB

                MD5

                8d9bb847c6312d22200ac067d8437062

                SHA1

                3397fb88ccd00859bb83eb90073d63cce8ee4f6e

                SHA256

                35fd829dc12c2e19e06d25677c01c75e9d144ff69ae13542d90b3ad9f58d0602

                SHA512

                bf4f990bb7b74075ebd8302e59745baf709547af0ce771a712b472e927ea081fd602e2e9bdcfe17347e0872959dfca14b9aeff638bc9332fbd94cdff700cfc93

                Download Submit

              • memory/2976-0-0x0000000075352000-0x0000000075353000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2976-1-0x0000000075350000-0x0000000075901000-memory.dmp

                Filesize

                5.7MB

                Download

              • memory/2976-2-0x0000000075350000-0x0000000075901000-memory.dmp

                Filesize

                5.7MB

                Download

              • memory/2976-3-0x0000000075352000-0x0000000075353000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2976-4-0x0000000075350000-0x0000000075901000-memory.dmp

                Filesize

                5.7MB

                Download

              • memory/2976-5-0x0000000075350000-0x0000000075901000-memory.dmp

                Filesize

                5.7MB

                Download

              • memory/2976-6-0x0000000075350000-0x0000000075901000-memory.dmp

                Filesize

                5.7MB

                Download

              • memory/2976-11-0x0000000075350000-0x0000000075901000-memory.dmp

                Filesize

                5.7MB

                Download