71ffdd0a16b08e26ded8b13e730885961fc2c9d6742c46bf32ca0e823cbd7bd1

Analysis

max time kernel
143s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-09-2024 16:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Stardock Products Patch v1.5.exe
Size

39.5MB
MD5

c946cd0a675d6667140cefbd71e3e808
SHA1

d2b8ef30c2cdee1a552f8f087f27c9b8ff501136
SHA256

b20afa845e2aeabb94c131567c1b0576581b27b6336826007ee38f2619f3b3f8
SHA512

bc361fab7455f2fc6f6084a5f67ce8afbbb48c4ff46a54d004e937fc318abd372a4be02677916e5de6700714eb608a3a29c4841084ffe0062c1b9fda3611ed5b
SSDEEP

786432:wwcWkXE5sDo0HldnYLeDdR2B6YL8qNGO0cePX0lrnql+ZYhZ:wwKE58HYLAdR2rL87O0ce+qloYh

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1416	Stardock Products Patch v1.5.exe
1416	Stardock Products Patch v1.5.exe
1416	Stardock Products Patch v1.5.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\bassmod.dll	Stardock Products Patch v1.5.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Stardock Products Patch v1.5.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1416	Stardock Products Patch v1.5.exe
Token: 33	2740	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2740	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\Stardock Products Patch v1.5.exe
"C:\Users\Admin\AppData\Local\Temp\Stardock Products Patch v1.5.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1416

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2d0 0x498
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Stardock Products Patch.X86.1.0.0.0\Native.dll

Filesize
74KB

MD5
13e8f594cb3731201d2b74d9eaca249a

SHA1
f292602da21af27aad668d0b8c982aff31cd322c

SHA256
fe21d378f1f0138dac03ec59b8e635229078132977d43fe832e0a0cdb9d27fcb

SHA512
808795858ddc2905884f3f1087220c315a8f4e2c9ab7e2440edae9c817dcd3bda2637719d8efc73c490b098117b08a398784210059f82341289e74c1a62624e7

Download Submit
C:\Windows\SysWOW64\bassmod.dll

Filesize
33KB

MD5
e4ec57e8508c5c4040383ebe6d367928

SHA1
b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

SHA256
8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

SHA512
77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

Download Submit
memory/1416-27-0x0000000008C10000-0x0000000008C23000-memory.dmp

Filesize
76KB

Download
memory/1416-6-0x000000001CD40000-0x0000000021362000-memory.dmp

Filesize
70.1MB

Download
memory/1416-29-0x0000000008C10000-0x0000000008C23000-memory.dmp

Filesize
76KB

Download
memory/1416-5-0x0000000007490000-0x000000000749A000-memory.dmp

Filesize
40KB

Download
memory/1416-30-0x0000000074A30000-0x00000000751E0000-memory.dmp

Filesize
7.7MB

Download
memory/1416-13-0x0000000008C10000-0x0000000008C23000-memory.dmp

Filesize
76KB

Download
memory/1416-2-0x0000000074A30000-0x00000000751E0000-memory.dmp

Filesize
7.7MB

Download
memory/1416-7-0x0000000007E00000-0x0000000007E10000-memory.dmp

Filesize
64KB

Download
memory/1416-15-0x0000000074A30000-0x00000000751E0000-memory.dmp

Filesize
7.7MB

Download
memory/1416-1-0x0000000000270000-0x00000000029F2000-memory.dmp

Filesize
39.5MB

Download
memory/1416-25-0x0000000074A3E000-0x0000000074A3F000-memory.dmp

Filesize
4KB

Download
memory/1416-31-0x0000000008C10000-0x0000000008C23000-memory.dmp

Filesize
76KB

Download
memory/1416-0-0x0000000074A3E000-0x0000000074A3F000-memory.dmp

Filesize
4KB

Download
memory/1416-28-0x0000000008C10000-0x0000000008C23000-memory.dmp

Filesize
76KB

Download
memory/1416-3-0x0000000007E20000-0x00000000083C4000-memory.dmp

Filesize
5.6MB

Download
memory/1416-4-0x0000000007510000-0x00000000075A2000-memory.dmp

Filesize
584KB

Download
memory/1416-26-0x0000000074A30000-0x00000000751E0000-memory.dmp

Filesize
7.7MB

Download
memory/1416-32-0x0000000008C10000-0x0000000008C23000-memory.dmp

Filesize
76KB

Download
memory/1416-33-0x0000000008C10000-0x0000000008C23000-memory.dmp

Filesize
76KB

Download
memory/1416-34-0x0000000008C10000-0x0000000008C23000-memory.dmp

Filesize
76KB

Download
memory/1416-35-0x0000000008C10000-0x0000000008C23000-memory.dmp

Filesize
76KB

Download
memory/1416-36-0x0000000008C10000-0x0000000008C23000-memory.dmp

Filesize
76KB

Download
memory/1416-37-0x0000000008C10000-0x0000000008C23000-memory.dmp

Filesize
76KB

Download
memory/1416-38-0x0000000008C10000-0x0000000008C23000-memory.dmp

Filesize
76KB

Download
memory/1416-39-0x0000000008C10000-0x0000000008C23000-memory.dmp

Filesize
76KB

Download
memory/1416-40-0x0000000008C10000-0x0000000008C23000-memory.dmp

Filesize
76KB

Download
memory/1416-41-0x0000000008C10000-0x0000000008C23000-memory.dmp

Filesize
76KB

Download
memory/1416-42-0x0000000008C10000-0x0000000008C23000-memory.dmp

Filesize
76KB

Download
memory/1416-43-0x0000000008C10000-0x0000000008C23000-memory.dmp

Filesize
76KB

Download