32a45d07447344a45fd7ebc3cc4cff6ca2b37de73722df442d4617c2fab63302

Analysis

max time kernel
557s
max time network
390s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
06/07/2024, 20:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fungamepokiman.exe
Size

21.0MB
MD5

1e80ae2e8a8074c078ff1035658695a7
SHA1

2a361e844f07bdf7ebb632439e2457ea56580e17
SHA256

32a45d07447344a45fd7ebc3cc4cff6ca2b37de73722df442d4617c2fab63302
SHA512

87254665fffa01f56d4016654e6bd5b2c562e729f25dfb353f1673c30e38350ca279f1372e5b17684f1be13ed080fe719a5c96feecf1ef3e66da92473ed4b4f6
SSDEEP

196608:zOYKZ2o+YjNFXZftnksMZxvH0blzajo96zYJ1sTIVy9Mod86PpNBsLaUVLsSOsP9:jt67XZ2sDlWowYJ1sTIVaOvpJhPQM

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
648	stdrtex.exe

Loads dropped DLL 5 IoCs

pid	Process
648	stdrtex.exe
648	stdrtex.exe
648	stdrtex.exe
648	stdrtex.exe
648	stdrtex.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
648	stdrtex.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5080	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5080	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
648	stdrtex.exe
648	stdrtex.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4692 wrote to memory of 648	4692	fungamepokiman.exe	71
PID 4692 wrote to memory of 648	4692	fungamepokiman.exe	71
PID 4692 wrote to memory of 648	4692	fungamepokiman.exe	71

C:\Users\Admin\AppData\Local\Temp\fungamepokiman.exe
"C:\Users\Admin\AppData\Local\Temp\fungamepokiman.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4692
- C:\Users\Admin\AppData\Local\Temp\mrtE7B0.tmp\stdrtex.exe
  "C:\Users\Admin\AppData\Local\Temp\mrtE7B0.tmp\stdrtex.exe" /SF "C:\Users\Admin\AppData\Local\Temp\fungamepokiman.exe" /SO621568
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:648

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x390
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mrtE7B0.tmp\MMFS2.dll

Filesize
768KB

MD5
200520e6e8b4d675b77971dfa9fb91b3

SHA1
0c583bf4c3eda9c955fd0d0d3ba7fdc62a43bf07

SHA256
763ef4484ba9b9e10e19268c045732515f0ac143cf075e6d1ea1f5adcc77633b

SHA512
8b7bb334b6bd83ae43e5a4fe32a92b38b1edd2c292c4a540a54c2ee16092eb30108524c1c363508f7c62617bb224d9b447f07cda97ab7de01688acbfbacec51b

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE7B0.tmp\cctrans.dll

Filesize
347KB

MD5
21e093d52a3afe8ed5532fcaa189c067

SHA1
8aa7bcb26e3064cd4d1172090ff00d083ee19cc4

SHA256
9b834b5d26983451ef3a11c8c2a715724daa188fbd28597081ecb1e9ed672f87

SHA512
b4c2205c234e8ed4973fca9c64c0ec11753eb200c1d2eb3c66b9f4509426c8774f14ae1271583e0eaff268eae9c8375c5993af107e4db8d7c87b817bd1ccd9e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE7B0.tmp\mmf2d3d11.dll

Filesize
541KB

MD5
839633898178f35f6de0b385b7de0ec7

SHA1
5396e52c45954f0953cc8cf2095b122f7353180e

SHA256
5f6563d6bf2f3ceab8b2ca2c15ba4f7fe882a82c1f72b10041b5692c6515a53a

SHA512
b0ed4fce2815dcb783e0b9a786178b337d215e6a4d16df1ddb3c28ccdba13081fee1976669d9f99505cf31b8f1e8d5584fd1aa9732e1add38217222726c76eb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE7B0.tmp\mmf2d3d9.dll

Filesize
1.5MB

MD5
c85bcc9f3049b57aa8ccbb290342ff14

SHA1
38f5b81a540f1c995ff8d949702440b70921acc5

SHA256
bddda991185a9e83b9855a109f2fcfa78cd2d5402e9db344c6ec77f6ce69a0c5

SHA512
5097f9d78ddc651aabf41f217f622ee656a1c6de6a9b339354525293102cf631cca2b7babaf991e99e49efe4d1bb6792c8a7a11f82e4ae2081c3961eb9b5afe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE7B0.tmp\mp3flt.sft

Filesize
24KB

MD5
5bebc3ae0122702b89f9262888d3a393

SHA1
064731c0f1d493b5b82921fa78f06e3d1db95284

SHA256
81c9a9459a8e124793addf142cd513945d6fe600e1d67f74897898d7570e56b2

SHA512
c10cb520c2c4a9fe7c371f17ce7f86f138db247468ab1e465dafd7abd294c2beb13cf3a2595b4c8c820d911d8b70842c8f4e45398693c4f0454f973bd58a10a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtE7B0.tmp\stdrtex.exe

Filesize
1.0MB

MD5
792e8f6b623af993a00cf7059a560cfd

SHA1
92c94b06e2c8e6bc06715bb3ba5f0a645ca8edb0

SHA256
ca54baaf3366b51c269e1696d563fd8616a0588bf31db638875e9b7935d1790b

SHA512
7c86a1542e4bc68ba532a42c445c1ea6fa4ee2ee9198182927ab788687f2cd2e6dc3717621fbc5606a94b4c4a5cdf9d0e8276c061c83562ff11b65be718863e7

Download Submit