9d840cd1a16a77d032d08c553df63f445f20bd5245b7edb815bc145d17b7e1de

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/08/2024, 07:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Trojan.Crypt.24953.20230.exe
Size

13.0MB
MD5

4e939759112f36fbb309d906856839f7
SHA1

68c38ff286b4551f5b66a685c8932ca25c88385c
SHA256

9d840cd1a16a77d032d08c553df63f445f20bd5245b7edb815bc145d17b7e1de
SHA512

fc262571363cbd4efbb40966cf6ba38c250bc187d3d102152b9a1a9d280cd328acdeb67e1bd791617f2c580093c086f5b297ffcf5fca038f226a4653f89d472c
SSDEEP

393216:qZyLqZZRnUdEoP35E9LfOWMcpG8DG6TK5nS12g1qB:qQLARUVPgTOclS6TK0h1A

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2912-0-0x0000000000C60000-0x0000000003450000-memory.dmp	upx
behavioral2/memory/2912-96-0x0000000000C60000-0x0000000003450000-memory.dmp	upx

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	GameCenter.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	SecuriteInfo.com.Trojan.Crypt.24953.20230.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	GameCenter.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 1 IoCs

pid	Process
2768	GameCenter.exe

Loads dropped DLL 7 IoCs

pid	Process
2768	GameCenter.exe
2768	GameCenter.exe
2768	GameCenter.exe
2768	GameCenter.exe
2768	GameCenter.exe
2768	GameCenter.exe
2768	GameCenter.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SecuriteInfo.com.Trojan.Crypt.24953.20230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GameCenter.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\GameCenter\GameCenter.ini:Tamper	SecuriteInfo.com.Trojan.Crypt.24953.20230.exe
File opened for modification	C:\Users\Admin\AppData\Local\GameCenter\GameCenter.ini:Tamper	GameCenter.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2912	SecuriteInfo.com.Trojan.Crypt.24953.20230.exe
2912	SecuriteInfo.com.Trojan.Crypt.24953.20230.exe
2768	GameCenter.exe
2768	GameCenter.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2768	GameCenter.exe
2768	GameCenter.exe
2768	GameCenter.exe
2768	GameCenter.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
2768	GameCenter.exe
2768	GameCenter.exe
2768	GameCenter.exe
2768	GameCenter.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2768	2912	SecuriteInfo.com.Trojan.Crypt.24953.20230.exe	86
PID 2912 wrote to memory of 2768	2912	SecuriteInfo.com.Trojan.Crypt.24953.20230.exe	86
PID 2912 wrote to memory of 2768	2912	SecuriteInfo.com.Trojan.Crypt.24953.20230.exe	86

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Crypt.24953.20230.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Crypt.24953.20230.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Users\Admin\AppData\Local\GameCenter\GameCenter.exe
  "C:\Users\Admin\AppData\Local\GameCenter\GameCenter.exe" -startedbysetup "installer=C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Crypt.24953.20230.exe" game=0.2000297 -removeifinstallcanceled
  2⤵
  - Enumerates connected drives
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\GameCenter\7zxa.dll

Filesize
159KB

MD5
222916317f2babcac0fd6fd6f75e4a49

SHA1
bab95732f8f20e4bdaea8de5b916115fc0f0d492

SHA256
8a7e8bed4b8fdbbb463f431b9edc3e5a2d1cce316ecee5c842fb0b5dea11a873

SHA512
fb0c2d52443d98ed9b36190e19bfdd1c930d99d4fe4f8f067ed4f135661a39ef9374f49d20df1e7834a94b5a812b0e8722932564fdcefa3de38e74cba4a3df71

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\Cache\GameDescription\0552AE93

Filesize
46B

MD5
f127e31d7b603e5c3bbdb98e249991f5

SHA1
65d08aed2b2d5f6bed7e28a6609f00561c29d85c

SHA256
2804c9f678fa7a7bece1d16f3cb939891b44896470f6509e7b811c53ffb29fb0

SHA512
491e79df29db2e4ea9c6b7bf43c21aa89ac124b79583d443f915198d580173949e21c3cddd0d8046488965a8991ab52f7734d38dead40fc15c3e2d40f356a067

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\GameCenter.exe

Filesize
12.0MB

MD5
2460bd20e0246bf4e9a011f656ddd4a6

SHA1
4c35fdffb23e2ec2a917a4e516880b7972c93c98

SHA256
5032293e6a12a59834a6f08b6c265081d7f8a0baf30b4efe30f3461e3c1df79f

SHA512
e570b780fb22e1d6b1120c83611a4df87d64087da0ded1a6b120eb5a3673df9fd3d1854806cb19159f8b51f3e56d27a058b83ca1208d7559a8e6bb1a9ac174b6

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\GameCenter.ini

Filesize
76B

MD5
8a0067ff45ae6ebd94794ca0d20fb679

SHA1
4781ff7287a3660d43834bd3c36e2807aaad5169

SHA256
ba6ac68a52e2b3237e2c35e397032698171e3bb7240a4d95283223b2bc899dad

SHA512
a7b74cefed609b8971f00d8f208ad3ef4e910d82b6e4c78633d5757803f81d9eed1d8b95af2ce02b0e768e6027fbb1f1be889f15b61e33f77fcb27e25fa9d8ed

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\SkiAcc.dll

Filesize
5.0MB

MD5
7bafaab470e10459ca254422dc5c875f

SHA1
32b284b086c9eca98a80315b0bc05b061bc95cad

SHA256
9b3697cc171bb32d368b4da03d84fde5c885e1e0e211cae7c775765a51dabfab

SHA512
fb4941e4bf05cb084dcaa3fe6f635546651e4e17d8e05026557669621af34b3ef9346d735ae4a8be672761848021af16249b61e26cca0c9842235ff3500106f4

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\bigup2.dll

Filesize
2.5MB

MD5
3bb706c6f01e81b64f8dc43383d4bb52

SHA1
1ac3efdbbc209173ed1da0cb53bc4e94260e9d9f

SHA256
7d1ff968c2b6349a00552c98eef246bb51a1765bb11239b8956b1a772e8401c5

SHA512
02ae44e3b428259c30a54fd360c98c2383e13a37db2d9ead798743bbf18fa152e07ba422f5e081d067f15c27d03e5cb6199ff9b3856ff33ea73a9d1abf61f711

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\icudtl.dat

Filesize
9.7MB

MD5
f39348fe94ae63f7830bd98166a1565f

SHA1
4c59f7ac5ca75591a771b895bb098219ceec2b4a

SHA256
846942a316b4e38fdbd4de3ad83e4faae78a8bced50f4720acdbdab6ee7c4b8e

SHA512
fcbd1135c39b313608de6b6718b13dc3a234a1ab3a85ac709240371429596d7df19f25eae431ffdd59351e4525841238650deaffc6cc83d65b8e8871c0b7eb41

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\libcurl.dll

Filesize
779KB

MD5
7c434518fcca3360fe7f3f8ba559f6d7

SHA1
92aee84c70eaff8fa5b299d99a2830fbe421738f

SHA256
3a229efc16be7f03968b153383e1a0261b9fefcdd63aac71626fbe4f4cdae6fa

SHA512
f018b7283c73a5a4beaf8dc5355dc26c1d9af3b9924daea08cc2ba6b2dcc9c8e6810c0ab4291e0f246dd4c3685de91f6083ba26a519b4360e801dc3446e66842

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\lightupdate.dll

Filesize
250KB

MD5
f1ec86626e9368c58019c055e5834ffa

SHA1
0c04d92a8c2dd8bd4d556fdb89f0f2f4c5e2a5ea

SHA256
a4e5081a86abc8a82b6157e5a54fe76669159f70c8056d51c09c9ffb87eb97c6

SHA512
245811e56e8e1f1e79edf9fee8ccff0ab67210cef8ce806ddb6aa90a8ab19ba29bfc946ef357a5c68e44dbbc7478c5541ec7919880c87bb3b7144657e541f3a0

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\main.log

Filesize
1KB

MD5
c69703414d5363ef68e773dce4877b77

SHA1
8b6c0bc944bcf15e61222cb759222f379ce5b428

SHA256
4b28b910fc4a49bfea1ae168bc45383343643466212852179fd4ab2597433c7c

SHA512
78a5eac33724e1c711c846a61ae04fd4e4b8fa044602dced4cbe05a499ae70f0ed5be91f3d94ba0d11da882cb9e90394ae990c6133088b53ebfa7edbfb8bd906

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\main.log

Filesize
1KB

MD5
7fe0564b037c246453b7db70e06009a1

SHA1
72a85bb4ebdaf3ec856b9bcdc18f81cf86b38d79

SHA256
4f64e8db7d77a1ec15b7fc2f01e4919f0bb5ab09a8b91e4137b4f55226605e3e

SHA512
3d39dc0777b40d8a5c3697ebe0e65c15a8cd6029a85bc6c53e8c697be96a88796414cd724cf6a109298b168d8b706ce82b2a7799fd6895a32035810b1c1e9e85

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\preinstall.brs

Filesize
75KB

MD5
a189fc15fd0938d5bc1b8b3cd5782128

SHA1
72e1732394e00b8c2139b4d4a8b278035fc59b84

SHA256
a6e875d6052646ba1b7767b20be93bbd0a98428e5e222c2f79880e441c79fdbb

SHA512
f7ef5d5975dd05f6e6fae1dad15de8e6be8b54aadc9e90c18d3e61dcd779551debb86d4147a8b25f77cd862fc724ea44ec8dee4acf04688e97e84d4eb64b4b99

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\pxd.dll

Filesize
81KB

MD5
67245252b3545085d69ecfb878d7e0ae

SHA1
d2b4464f2c8d1e5bc9085a5016a8316241f13c23

SHA256
43fc9d41a43f67304f00aa95540e3854f3ad31c4ad30ea99f04e41ef9fc318a0

SHA512
c4c6f418101fd6ef0690c73276b3ace7317c1a3af9cdcd401028cb64f37979151aaccf5e33e671aecd62019e51f334b84d1e40bdd17018b2655f944c11f3f3e1

Download Submit
C:\Users\Admin\AppData\Local\GameCenter\zlib1.dll

Filesize
183KB

MD5
9bb9e26e803504fcce8c4223918f15a0

SHA1
711e1caff1203d3d828a514479f128f51f5bc8ea

SHA256
7f9a181fd2afdcdfa8d593ae7a095adb36023576bc8fa2345b363e4fd32b19cb

SHA512
8e5f13754a5cefc4048e2b648459fdf63dc9abb05f1d0e9945220fbe04d6389d4ac01095988312551b50f7c19e9651e8a391ac97c65a4bce4b5681d538b1ffb2

Download Submit
memory/2768-56-0x00000000008F0000-0x0000000000900000-memory.dmp

Filesize
64KB

Download
memory/2768-102-0x0000000000EA0000-0x0000000001AC5000-memory.dmp

Filesize
12.1MB

Download
memory/2768-105-0x0000000000EA0000-0x0000000001AC5000-memory.dmp

Filesize
12.1MB

Download
memory/2912-0-0x0000000000C60000-0x0000000003450000-memory.dmp

Filesize
39.9MB

Download
memory/2912-96-0x0000000000C60000-0x0000000003450000-memory.dmp

Filesize
39.9MB

Download