Overview

overview

4

Static

static

3

Scratch 3....up.exe

windows11-21h2-x64

4

$PLUGINSDI...ls.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDIR/UAC.dll

windows11-21h2-x64

3

$PLUGINSDI...ll.dll

windows11-21h2-x64

3

$PLUGINSDIR/app-32.7z

windows11-21h2-x64

3

LICENSES.c...m.html

windows11-21h2-x64

1

Scratch 3.exe

windows11-21h2-x64

1

d3dcompiler_47.dll

windows11-21h2-x64

3

ffmpeg.dll

windows11-21h2-x64

1

libEGL.dll

windows11-21h2-x64

1

libGLESv2.dll

windows11-21h2-x64

3

resources/elevate.exe

windows11-21h2-x64

1

swiftshade...GL.dll

windows11-21h2-x64

1

swiftshade...v2.dll

windows11-21h2-x64

1

vk_swiftshader.dll

windows11-21h2-x64

1

vulkan-1.dll

windows11-21h2-x64

3

$PLUGINSDI...gs.dll

windows11-21h2-x64

3

$PLUGINSDI...ec.dll

windows11-21h2-x64

3

$PLUGINSDI...ss.dll

windows11-21h2-x64

3

$PLUGINSDI...7z.dll

windows11-21h2-x64

3

Uninstall ... 3.exe

windows11-21h2-x64

4

$PLUGINSDI...ls.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDIR/UAC.dll

windows11-21h2-x64

3

$PLUGINSDI...ll.dll

windows11-21h2-x64

3

$PLUGINSDI...gs.dll

windows11-21h2-x64

3

$PLUGINSDI...ec.dll

windows11-21h2-x64

3

$PLUGINSDI...ss.dll

windows11-21h2-x64

3

Analysis

  • max time kernel
    137s
  • max time network
    159s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    08-07-2024 09:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Scratch 3.exe

  • Size

    116.1MB

  • MD5

    94d3482e8ef37c57dd752893c9b8cde1

  • SHA1

    ad4e73aeeefaecf180670d8911e80694e1ac60ce

  • SHA256

    4e4f12f197b1901e1697a94a2b6c1231562c06afe07642192466f0f4bf65929a

  • SHA512

    4d33b7c0974c835aaff1384d7885eb925cec9fd4dd65aea6da7a99c1c9ea764f1f56bc6936cff25e657bc998874611d273331c642a893a8668f33d1425b059da

  • SSDEEP

    1572864:YJSXNhYcY4VAiiW+fioUzAj03KgjjNCABkrgtUO06pidI3aK7/VusRHd9c1Bku/f:pZdYDI3adv49G4ZE

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Scratch 3.exe
    "C:\Users\Admin\AppData\Local\Temp\Scratch 3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2664
    • C:\Users\Admin\AppData\Local\Temp\Scratch 3.exe
      "C:\Users\Admin\AppData\Local\Temp\Scratch 3.exe" --type=gpu-process --field-trial-handle=1524,8664766506857643593,16847614897510499196,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Scratch" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 /prefetch:2
      2⤵
        PID:3340
      • C:\Users\Admin\AppData\Local\Temp\Scratch 3.exe
        "C:\Users\Admin\AppData\Local\Temp\Scratch 3.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1524,8664766506857643593,16847614897510499196,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --host-resolver-rules="MAP device-manager.scratch.mit.edu 127.0.0.1" --user-data-dir="C:\Users\Admin\AppData\Roaming\Scratch" --mojo-platform-channel-handle=2232 /prefetch:8
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:4304
      • C:\Users\Admin\AppData\Local\Temp\Scratch 3.exe
        "C:\Users\Admin\AppData\Local\Temp\Scratch 3.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Scratch" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1524,8664766506857643593,16847614897510499196,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2388 /prefetch:1
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:1008
      • C:\Users\Admin\AppData\Local\Temp\Scratch 3.exe
        "C:\Users\Admin\AppData\Local\Temp\Scratch 3.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Scratch" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1524,8664766506857643593,16847614897510499196,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2556 /prefetch:1
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:5064
      • C:\Users\Admin\AppData\Local\Temp\Scratch 3.exe
        "C:\Users\Admin\AppData\Local\Temp\Scratch 3.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Scratch" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1524,8664766506857643593,16847614897510499196,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1568 /prefetch:1
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:4396
      • C:\Users\Admin\AppData\Local\Temp\Scratch 3.exe
        "C:\Users\Admin\AppData\Local\Temp\Scratch 3.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1524,8664766506857643593,16847614897510499196,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=audio --host-resolver-rules="MAP device-manager.scratch.mit.edu 127.0.0.1" --user-data-dir="C:\Users\Admin\AppData\Roaming\Scratch" --mojo-platform-channel-handle=2928 /prefetch:8
        2⤵
          PID:4744
        • C:\Users\Admin\AppData\Local\Temp\Scratch 3.exe
          "C:\Users\Admin\AppData\Local\Temp\Scratch 3.exe" --type=gpu-process --field-trial-handle=1524,8664766506857643593,16847614897510499196,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\Scratch" --gpu-preferences=UAAAAAAAAADoAAAIAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2700 /prefetch:2
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3576
      • C:\Windows\System32\CompPkgSrv.exe
        C:\Windows\System32\CompPkgSrv.exe -Embedding
        1⤵
          PID:540
        • C:\Windows\system32\AUDIODG.EXE
          C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004C8
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:1568

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
          Filesize

          2B

          MD5

          f3b25701fe362ec84616a93a45ce9998

          SHA1

          d62636d8caec13f04e28442a0a6fa1afeb024bbb

          SHA256

          b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

          SHA512

          98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Scratch\telemetry.json
          Filesize

          660B

          MD5

          cebe76ecbdbef67e4ffd129d4bf1eda6

          SHA1

          64533fd90a21c2fb5774b9808986357085a148b4

          SHA256

          0288b77444bc695100e7c81ed82d9b89297be2c1e04b518a6fdaed71fcc4a3a3

          SHA512

          96e18c5238915204a9519291ffaf3cd9a94223093194eb7e5064f322680883a26cbce389772bc3a645c4d481546f321ec9660de1203a11329d323aa2af9f4160

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Scratch\telemetry.json
          Filesize

          1KB

          MD5

          07d46eeb3cd3217b160d1fa2da729f7c

          SHA1

          acd0c2e82c951e63a3c1d988c39f10568a546fd5

          SHA256

          080495a81898c5a9ec6182c3b5a43f0c47e25aa9a01c4856dda877b957de04ca

          SHA512

          e06fd017a8da72283aa95c4a536af4e02d023053fdd98ab4a9f33e62da9ec69ef6d1f984fdb2fe262989f9bfcb6ec2f6ff84781a6a7b17ec18f8b57e6b5dcdfd

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Scratch\telemetry.json
          Filesize

          55B

          MD5

          6b346293ce1d5185c3890e7fb5edfc43

          SHA1

          1ab968cdd3f1ec77522adc70ac47194e971ecbb6

          SHA256

          286daf127dacd9f805419bf7fc5d349850e488ea9ef01a49348e61c74a6e2f00

          SHA512

          9fa811041284191f4092ac880ed47a9fd6284712c9ace4d7b2a2cfe93675fdaf881d59d417a13aaf5ae8efd9b4c778173fb5ef177dc77422f3fe9552cbeca53f

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Scratch\telemetry.json.tmp-0431042842d7e1d7
          Filesize

          1KB

          MD5

          54d14386b87be7f18d9b589e5af784b8

          SHA1

          e13874fa960cee11c731f5c576a4d979def04345

          SHA256

          c324299fad8a9654d3979d330fa6f0324118024c990146a478600464ee1b392d

          SHA512

          879bb609132ca3c10219925d9304cf1ba8c68d880e4b2be1ca93d7756e56af5edae97a462db3461e4966e1c1f670042edab4a0e696c4472225340bb3da3ed972

          Download Submit

        • memory/3576-596-0x000000000DF70000-0x000000000DF71000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3576-597-0x000000000DF70000-0x000000000DF71000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3576-595-0x000000000DF70000-0x000000000DF71000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3576-607-0x000000000DF70000-0x000000000DF71000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3576-606-0x000000000DF70000-0x000000000DF71000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3576-605-0x000000000DF70000-0x000000000DF71000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3576-604-0x000000000DF70000-0x000000000DF71000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3576-603-0x000000000DF70000-0x000000000DF71000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3576-601-0x000000000DF70000-0x000000000DF71000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3576-602-0x000000000DF70000-0x000000000DF71000-memory.dmp

          Filesize

          4KB

          Download