Analysis
-
max time kernel
126s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
02-08-2024 15:11
Static task
static1
Behavioral task
behavioral1
Sample
Install-GooglePlayGames-Beta.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Install-GooglePlayGames-Beta.exe
Resource
win10v2004-20240802-en
General
-
Target
Install-GooglePlayGames-Beta.exe
-
Size
10.7MB
-
MD5
8d487883b403f76e593bc1c1a8e49702
-
SHA1
2b02fca5869e62f2b7f95b1eb51e0a82b470ce0f
-
SHA256
eb64054312e78ab6a40b90ba812878cf7518f19cb2ecdef6e8d643526a24a8a5
-
SHA512
607371bf1173351f2088dc6eed2e6f9bfb043ff081f700f27048aa50989f50808bd23b0c12d9d11ad239405f8a9c4c2aa2e657494bbf2e744995bd7b02efd126
-
SSDEEP
196608:JCvBYlzkSIEcsLEr2mefJmG+BG8ntfVOEiEWaIC8:qUzkSEsL1jBy13i5fC
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4632 crashpad_handler.exe -
Loads dropped DLL 2 IoCs
pid Process 2164 Install-GooglePlayGames-Beta.exe 2164 Install-GooglePlayGames-Beta.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 2164 wrote to memory of 4632 2164 Install-GooglePlayGames-Beta.exe 79 PID 2164 wrote to memory of 4632 2164 Install-GooglePlayGames-Beta.exe 79
Processes
-
C:\Users\Admin\AppData\Local\Temp\Install-GooglePlayGames-Beta.exe"C:\Users\Admin\AppData\Local\Temp\Install-GooglePlayGames-Beta.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2164 -
C:\Users\Admin\AppData\Local\Temp\11odkooc.0ij\crashpad_handler.exeC:\Users\Admin\AppData\Local\Temp\11odkooc.0ij\crashpad_handler.exe --no-rate-limit "--database=C:\Users\Admin\AppData\Local\Google\Play Games\CrashReporting\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Battlestar --annotation=ver=24.7.551.0 --initial-client-data=0x698,0x69c,0x6a0,0x678,0x6a4,0x7ffb820ab380,0x7ffb820ab390,0x7ffb820ab3a02⤵
- Executes dropped EXE
PID:4632
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
987KB
MD58f2908aaf792561991a1b51588099b52
SHA1c8143e8cbf5fc9bb717e3529d433b4372ce261a0
SHA256fbb3bb351f6ac4a812f1c7834540ea46095ebd531527de6a835c0f9ebbce6d07
SHA51233cc2939e3a8e805db2ccf7f39e2548f79ab4253f4a7a3ce24864d0a24e4ad80e75b0b3959b16c312a9b2e9079dccf7111af04a9bd58f737fbf53b0ec5734892
-
Filesize
1.1MB
MD59c227f7de3ed86a7789e80a4d71bf915
SHA19924ddb320109c97e462fb2f51329c28686bfa1b
SHA256282249a8761831390f5ecbb99a14f85cc8caad81df7bacb90b652d8f32052366
SHA512640996e517db99b0c6c66f63b38ead8e076283fb695cea25f4e10e8abae02f8d7d93481ba88b5ac3ff79df1fe546087917b19549d72acdf65a3f325dd66b6249
-
Filesize
4.5MB
MD554e9d3e2ca5121be2f74e4cea5bedc93
SHA1fefd3a5d5e0af683030014447618dc2df29d5771
SHA2560a61b9cb13c82d2e0e26ed6aacf5d4092f7e8869ed1ca9254ae930049986771d
SHA512a962913c867a2dd8fc51d7267b4b8a1431652ec60719af1cd8ea15f6d4d412a422bcec8a6147e33d9ea27361650c99463ae86676813975b4dcceb1db92c45677