Overview

overview

6

Static

static

1

SteamSetup.exe

windows7-x64

6

SteamSetup.exe

windows10-2004-x64

4

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

Steam.exe

windows7-x64

5

Steam.exe

windows10-2004-x64

5

bin/SteamService.exe

windows7-x64

1

bin/SteamService.exe

windows10-2004-x64

1

uninstall.exe

windows7-x64

4

uninstall.exe

windows10-2004-x64

4

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...nk.dll

windows7-x64

3

$PLUGINSDI...nk.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    94s
  • max time network
    116s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-09-2024 07:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SteamSetup.exe

  • Size

    2.3MB

  • MD5

    1b54b70beef8eb240db31718e8f7eb5d

  • SHA1

    da5995070737ec655824c92622333c489eb6bce4

  • SHA256

    7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

  • SHA512

    fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

  • SSDEEP

    49152:UDP/q9MIX/crfcNVBaXp1m0zyVCMwBHgFzoZhRP8:kC9MI8Hm0GCjgFc3Rk

Score
4/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\SteamSetup.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsvA191.tmp\System.dll
    Filesize

    22KB

    MD5

    a36fbe922ffac9cd85a845d7a813f391

    SHA1

    f656a613a723cc1b449034d73551b4fcdf0dcf1a

    SHA256

    fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

    SHA512

    1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsvA191.tmp\nsDialogs.dll
    Filesize

    20KB

    MD5

    4e5bc4458afa770636f2806ee0a1e999

    SHA1

    76dcc64af867526f776ab9225e7f4fe076487765

    SHA256

    91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

    SHA512

    b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

    Download Submit