Analysis

  • max time kernel
    126s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-08-2024 15:11

General

  • Target

    Install-GooglePlayGames-Beta.exe

  • Size

    10.7MB

  • MD5

    8d487883b403f76e593bc1c1a8e49702

  • SHA1

    2b02fca5869e62f2b7f95b1eb51e0a82b470ce0f

  • SHA256

    eb64054312e78ab6a40b90ba812878cf7518f19cb2ecdef6e8d643526a24a8a5

  • SHA512

    607371bf1173351f2088dc6eed2e6f9bfb043ff081f700f27048aa50989f50808bd23b0c12d9d11ad239405f8a9c4c2aa2e657494bbf2e744995bd7b02efd126

  • SSDEEP

    196608:JCvBYlzkSIEcsLEr2mefJmG+BG8ntfVOEiEWaIC8:qUzkSEsL1jBy13i5fC

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Install-GooglePlayGames-Beta.exe
    "C:\Users\Admin\AppData\Local\Temp\Install-GooglePlayGames-Beta.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2164
    • C:\Users\Admin\AppData\Local\Temp\11odkooc.0ij\crashpad_handler.exe
      C:\Users\Admin\AppData\Local\Temp\11odkooc.0ij\crashpad_handler.exe --no-rate-limit "--database=C:\Users\Admin\AppData\Local\Google\Play Games\CrashReporting\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Battlestar --annotation=ver=24.7.551.0 --initial-client-data=0x698,0x69c,0x6a0,0x678,0x6a4,0x7ffb820ab380,0x7ffb820ab390,0x7ffb820ab3a0
      2⤵
      • Executes dropped EXE
      PID:4632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\11odkooc.0ij\CrashReporting.dll

    Filesize

    987KB

    MD5

    8f2908aaf792561991a1b51588099b52

    SHA1

    c8143e8cbf5fc9bb717e3529d433b4372ce261a0

    SHA256

    fbb3bb351f6ac4a812f1c7834540ea46095ebd531527de6a835c0f9ebbce6d07

    SHA512

    33cc2939e3a8e805db2ccf7f39e2548f79ab4253f4a7a3ce24864d0a24e4ad80e75b0b3959b16c312a9b2e9079dccf7111af04a9bd58f737fbf53b0ec5734892

  • C:\Users\Admin\AppData\Local\Temp\11odkooc.0ij\crashpad_handler.exe

    Filesize

    1.1MB

    MD5

    9c227f7de3ed86a7789e80a4d71bf915

    SHA1

    9924ddb320109c97e462fb2f51329c28686bfa1b

    SHA256

    282249a8761831390f5ecbb99a14f85cc8caad81df7bacb90b652d8f32052366

    SHA512

    640996e517db99b0c6c66f63b38ead8e076283fb695cea25f4e10e8abae02f8d7d93481ba88b5ac3ff79df1fe546087917b19549d72acdf65a3f325dd66b6249

  • C:\Users\Admin\AppData\Local\Temp\11odkooc.0ij\recorder_delegate_lib.dll

    Filesize

    4.5MB

    MD5

    54e9d3e2ca5121be2f74e4cea5bedc93

    SHA1

    fefd3a5d5e0af683030014447618dc2df29d5771

    SHA256

    0a61b9cb13c82d2e0e26ed6aacf5d4092f7e8869ed1ca9254ae930049986771d

    SHA512

    a962913c867a2dd8fc51d7267b4b8a1431652ec60719af1cd8ea15f6d4d412a422bcec8a6147e33d9ea27361650c99463ae86676813975b4dcceb1db92c45677

  • memory/2164-18-0x0000019918790000-0x0000019918798000-memory.dmp

    Filesize

    32KB

  • memory/2164-2-0x000001997E4F0000-0x000001997E5A6000-memory.dmp

    Filesize

    728KB

  • memory/2164-6-0x000001997DDA0000-0x000001997DDCA000-memory.dmp

    Filesize

    168KB

  • memory/2164-7-0x000001997E760000-0x000001997E870000-memory.dmp

    Filesize

    1.1MB

  • memory/2164-8-0x000001997C4C0000-0x000001997C4CE000-memory.dmp

    Filesize

    56KB

  • memory/2164-5-0x000001997C4B0000-0x000001997C4BA000-memory.dmp

    Filesize

    40KB

  • memory/2164-10-0x000001997E5B0000-0x000001997E628000-memory.dmp

    Filesize

    480KB

  • memory/2164-9-0x000001997DDD0000-0x000001997DDF4000-memory.dmp

    Filesize

    144KB

  • memory/2164-11-0x0000019918000000-0x0000019918094000-memory.dmp

    Filesize

    592KB

  • memory/2164-12-0x000001997DDF0000-0x000001997DDF8000-memory.dmp

    Filesize

    32KB

  • memory/2164-13-0x0000019980080000-0x000001998013A000-memory.dmp

    Filesize

    744KB

  • memory/2164-0-0x00007FFB88243000-0x00007FFB88245000-memory.dmp

    Filesize

    8KB

  • memory/2164-3-0x00007FFB88240000-0x00007FFB88D01000-memory.dmp

    Filesize

    10.8MB

  • memory/2164-4-0x000001997C4A0000-0x000001997C4AA000-memory.dmp

    Filesize

    40KB

  • memory/2164-28-0x000001997E630000-0x000001997E638000-memory.dmp

    Filesize

    32KB

  • memory/2164-29-0x00007FFB88240000-0x00007FFB88D01000-memory.dmp

    Filesize

    10.8MB

  • memory/2164-31-0x000001997E640000-0x000001997E64E000-memory.dmp

    Filesize

    56KB

  • memory/2164-30-0x0000019980000000-0x0000019980038000-memory.dmp

    Filesize

    224KB

  • memory/2164-32-0x00007FFB88240000-0x00007FFB88D01000-memory.dmp

    Filesize

    10.8MB

  • memory/2164-33-0x00007FFB88240000-0x00007FFB88D01000-memory.dmp

    Filesize

    10.8MB

  • memory/2164-34-0x000001991DFA0000-0x000001991DFC6000-memory.dmp

    Filesize

    152KB

  • memory/2164-35-0x000001991DF90000-0x000001991DF9C000-memory.dmp

    Filesize

    48KB

  • memory/2164-1-0x000001997BDB0000-0x000001997C070000-memory.dmp

    Filesize

    2.8MB

  • memory/2164-38-0x00007FFB88243000-0x00007FFB88245000-memory.dmp

    Filesize

    8KB

  • memory/2164-39-0x00007FFB88240000-0x00007FFB88D01000-memory.dmp

    Filesize

    10.8MB

  • memory/2164-40-0x00007FFB88240000-0x00007FFB88D01000-memory.dmp

    Filesize

    10.8MB