Overview
overview
3Static
static
3gwater2 0.4b.zip
windows7-x64
1gwater2 0.4b.zip
windows10-2004-x64
1GFSDK_Afte...64.dll
windows7-x64
1GFSDK_Afte...64.dll
windows10-2004-x64
1GFSDK_Afte...86.dll
windows7-x64
3GFSDK_Afte...86.dll
windows10-2004-x64
3NvFlexExtR...64.dll
windows7-x64
1NvFlexExtR...64.dll
windows10-2004-x64
1NvFlexExtR...86.dll
windows7-x64
3NvFlexExtR...86.dll
windows10-2004-x64
3NvFlexRele...64.dll
windows7-x64
1NvFlexRele...64.dll
windows10-2004-x64
1NvFlexRele...86.dll
windows7-x64
1NvFlexRele...86.dll
windows10-2004-x64
3amd_ags_x64.dll
windows7-x64
1amd_ags_x64.dll
windows10-2004-x64
1amd_ags_x86.dll
windows7-x64
3amd_ags_x86.dll
windows10-2004-x64
3garrysmod/...nu2.js
windows7-x64
3garrysmod/...nu2.js
windows10-2004-x64
3garrysmod/...nit.js
windows7-x64
3garrysmod/...nit.js
windows10-2004-x64
3garrysmod/...ns.vbs
windows7-x64
1garrysmod/...ns.vbs
windows10-2004-x64
1garrysmod/...32.dll
windows7-x64
1garrysmod/...32.dll
windows10-2004-x64
1garrysmod/...32.dll
windows7-x64
1garrysmod/...32.dll
windows10-2004-x64
1garrysmod/...64.dll
windows7-x64
1garrysmod/...64.dll
windows10-2004-x64
1nvToolsExt32_1.dll
windows7-x64
1nvToolsExt32_1.dll
windows10-2004-x64
1Analysis
-
max time kernel
120s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
05/07/2024, 10:12
Static task
static1
Behavioral task
behavioral1
Sample
gwater2 0.4b.zip
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
gwater2 0.4b.zip
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
GFSDK_Aftermath_Lib.x64.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral4
Sample
GFSDK_Aftermath_Lib.x64.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
GFSDK_Aftermath_Lib.x86.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral6
Sample
GFSDK_Aftermath_Lib.x86.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
NvFlexExtReleaseD3D_x64.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral8
Sample
NvFlexExtReleaseD3D_x64.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
NvFlexExtReleaseD3D_x86.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral10
Sample
NvFlexExtReleaseD3D_x86.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
NvFlexReleaseD3D_x64.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral12
Sample
NvFlexReleaseD3D_x64.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
NvFlexReleaseD3D_x86.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
NvFlexReleaseD3D_x86.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
amd_ags_x64.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral16
Sample
amd_ags_x64.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
amd_ags_x86.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral18
Sample
amd_ags_x86.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
garrysmod/addons/gwater2/lua/autorun/client/gwater_menu2.js
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral20
Sample
garrysmod/addons/gwater2/lua/autorun/client/gwater_menu2.js
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
garrysmod/addons/gwater2/lua/autorun/gwater2_init.js
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral22
Sample
garrysmod/addons/gwater2/lua/autorun/gwater2_init.js
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
garrysmod/addons/gwater2/lua/gwater2_patrons.vbs
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral24
Sample
garrysmod/addons/gwater2/lua/gwater2_patrons.vbs
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
garrysmod/lua/bin/gmcl_gwater2_main_win32.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral26
Sample
garrysmod/lua/bin/gmcl_gwater2_main_win32.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
garrysmod/lua/bin/gmcl_gwater2_win32.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral28
Sample
garrysmod/lua/bin/gmcl_gwater2_win32.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
garrysmod/lua/bin/gmcl_gwater2_win64.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral30
Sample
garrysmod/lua/bin/gmcl_gwater2_win64.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
nvToolsExt32_1.dll
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral32
Sample
nvToolsExt32_1.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
General
-
Target
GFSDK_Aftermath_Lib.x64.dll
-
Size
32KB
-
MD5
96a5c5e060ca83652e5798798cb15cb9
-
SHA1
241fa3e48e496086acd39dab55e425cb51bd780d
-
SHA256
51de58aeda0a44955ff9d00d617e2dedc78e66bf738bdad3d332b18888bb8f4a
-
SHA512
bb3713fcd3a3c67f96c3fc5099ccbcb5aff3984363472c6545ec0d2240b17d2930bcca077a6322ffa5e27388d36c26d2857fde58ebb9c4f262ace2446d0ee1f4
-
SSDEEP
768:RrSx+nnWOuElBOwLL7fVXRRMs+vdqbDSj0H:ZSx+tPOw5PMGbDSg
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1676 wrote to memory of 1704 1676 rundll32.exe 28 PID 1676 wrote to memory of 1704 1676 rundll32.exe 28 PID 1676 wrote to memory of 1704 1676 rundll32.exe 28