0c1cad717cf221fddc11263e9cc7fea9ee751f1998812ce2f31a77bfab045497

Analysis

max time kernel
48s
max time network
74s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
04/09/2024, 07:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

My Summer Car/mysummercar.exe
Size

17.8MB
MD5

7c37795f08588d952c4b3289de7ab2ea
SHA1

d364449989af92352de044293dffebf7cf44e445
SHA256

ffc59ccbf20af4dff5c1406a434f616893ad2242be879b215e17debe0da1c0b0
SHA512

8a71244988a5d7e0dd619187b429311006d0269d5997d86fef14a8e77bf45a3b19fb45d41aa16fa87f8bac24d8b874c2ff4ef92124b23682474935315dff0942
SSDEEP

196608:HMHOjnRDgaW12kr+rY4lCA9cNIHmr4Vd4RTWd1gRlZhAgcXd:HMHOj5gOkrTAKNIHmcz4celZhAgcN

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	bcastdvr.exe

Checks SCSI registry key(s) 3 TTPs 8 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000	GamePanel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	GamePanel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	GamePanel.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3228	mysummercar.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1244	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1244	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3228	mysummercar.exe

C:\Users\Admin\AppData\Local\Temp\My Summer Car\mysummercar.exe
"C:\Users\Admin\AppData\Local\Temp\My Summer Car\mysummercar.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3228

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3a0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1244

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 00000000000A003E /startuptips
1⤵
- Checks SCSI registry key(s)
PID:4296

C:\Windows\System32\bcastdvr.exe
"C:\Windows\System32\bcastdvr.exe" -ServerName:Windows.Media.Capture.Internal.BroadcastDVRServer
1⤵
- Drops desktop.ini file(s)
PID:3964

C:\Windows\System32\GamePanel.exe
"C:\Windows\System32\GamePanel.exe" 0000000000050216 /startuptips
1⤵
- Checks SCSI registry key(s)
PID:4408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/3228-0-0x0000000003D00000-0x0000000003E00000-memory.dmp

Filesize
1024KB

Download
memory/3228-1-0x0000000003760000-0x0000000003860000-memory.dmp

Filesize
1024KB

Download
memory/3228-28-0x0000000003D00000-0x0000000003E00000-memory.dmp

Filesize
1024KB

Download
memory/3228-29-0x0000000003760000-0x0000000003860000-memory.dmp

Filesize
1024KB

Download