a652ee8c16aec1d60c7b9c4dc2fb8accfda87992cf4e85a042e69d0fd18a44b9

Analysis

max time kernel
17s
max time network
197s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
02-09-2024 19:23

Target

Beat Banger - SteamGG.NET/beatbanger.console.exe
Size

65KB
MD5

1ec06c874151c224d7289daefc916088
SHA1

e7f4581935cdfdad635bf96ef8cbdc00ca5c961d
SHA256

424cc5d0fa1ed54c8ba5bd86ed9506102778fe212567de09461c7036c5826e9d
SHA512

c215c4012478f42c26755756b8b2f3de3ea4b5d27750bcbdbca85c48da96a5fcf37dab1902f4251825a78d169ce9fe302ac6b12c0cd1b0e618f2cbd231df50c4
SSDEEP

1536:/vkeFQfCPO8mBGsyAWhoDW2IfKYhVYbZDV7+B7T:/ceF0tGRhoDW2SKYhVYVZu7

Score

1^/10

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 1852 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 1852 AUDIODG.EXE
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

beatbanger.exe

pid process

3576 beatbanger.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

beatbanger.exe

pid process

3576 beatbanger.exe
3576 beatbanger.exe
3576 beatbanger.exe

description	pid	process
Token: 33	1852	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1852	AUDIODG.EXE

pid	process
3576	beatbanger.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

beatbanger.console.exe

description	pid	process	target process
PID 1844 wrote to memory of 3576	1844	beatbanger.console.exe	beatbanger.exe
PID 1844 wrote to memory of 3576	1844	beatbanger.console.exe	beatbanger.exe

C:\Users\Admin\AppData\Local\Temp\Beat Banger - SteamGG.NET\beatbanger.console.exe
"C:\Users\Admin\AppData\Local\Temp\Beat Banger - SteamGG.NET\beatbanger.console.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1844

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x414
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1852

C:\Users\Admin\AppData\Roaming\Godot\app_userdata\Beat Banger\settings.ini

Filesize
256B

MD5
0b9328ee5fe8aca8b671a526c0320a34

SHA1
d15ca3909180b246054676799933ef23085f4264

SHA256
699f4315b5048c6721e90fee12a6a178aa2c3bf3521eac5cd713b548d3fe4b14

SHA512
e5460909810ee87146d157dcd527a038c23380f4dc989d9c3236e0503842e7f855f09f0b95244c913b82bd67bfc1f956196cdb443a39627121927b885dbaa83e

Download Submit
memory/1844-91-0x00007FF6EF5C0000-0x00007FF6EF5D8000-memory.dmp

Filesize
96KB

Download
memory/3576-92-0x00007FF733940000-0x00007FF73867D000-memory.dmp

Filesize
77.2MB

Download
memory/3576-95-0x00007FF733940000-0x00007FF73867D000-memory.dmp

Filesize
77.2MB

Download
memory/3576-97-0x00007FF733940000-0x00007FF73867D000-memory.dmp

Filesize
77.2MB

Download
memory/3576-99-0x00007FF733940000-0x00007FF73867D000-memory.dmp

Filesize
77.2MB

Download
memory/3576-101-0x00007FF733940000-0x00007FF73867D000-memory.dmp

Filesize
77.2MB

Download
memory/3576-103-0x00007FF733940000-0x00007FF73867D000-memory.dmp

Filesize
77.2MB

Download
memory/3576-105-0x00007FF733940000-0x00007FF73867D000-memory.dmp

Filesize
77.2MB

Download
memory/3576-107-0x00007FF733940000-0x00007FF73867D000-memory.dmp

Filesize
77.2MB

Download