Overview
overview
7Static
static
3ArenaWarsSetup.exe
windows7-x64
7ArenaWarsSetup.exe
windows10-2004-x64
7$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3ArenaWars.exe
windows10-2004-x64
1LICENSES.c...m.html
windows7-x64
3LICENSES.c...m.html
windows10-2004-x64
3d3dcompiler_47.dll
windows10-2004-x64
1ffmpeg.dll
windows10-2004-x64
1libEGL.dll
windows10-2004-x64
1libGLESv2.dll
windows10-2004-x64
1resources/...dex.js
windows7-x64
3resources/...dex.js
windows10-2004-x64
3resources/...pi.dll
windows7-x64
1resources/...pi.dll
windows10-2004-x64
1resources/...act.js
windows7-x64
3resources/...act.js
windows10-2004-x64
3resources/...e3.dll
windows7-x64
1resources/...e3.dll
windows10-2004-x64
1resources/...ing.js
windows7-x64
3resources/...ing.js
windows10-2004-x64
3resources/...te3.js
windows7-x64
3resources/...te3.js
windows10-2004-x64
3resources/...ace.js
windows7-x64
3resources/...ace.js
windows10-2004-x64
3resources/...kup.js
windows7-x64
3Resubmissions
04-10-2024 13:28
241004-qqpb5s1akh 703-10-2024 22:49
241003-2rvfbsvbpb 701-10-2024 17:12
241001-vqtdbavcpg 710-09-2024 12:08
240910-pa23maveje 710-09-2024 12:07
240910-pajlaatbrl 705-09-2024 12:10
240905-pcfx6s1eja 704-09-2024 23:57
240904-3zwtssyepr 7Analysis
-
max time kernel
1801s -
max time network
1162s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
04-10-2024 13:28
Static task
static1
Behavioral task
behavioral1
Sample
ArenaWarsSetup.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
ArenaWarsSetup.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/WinShell.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral10
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
ArenaWars.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
LICENSES.chromium.html
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral13
Sample
LICENSES.chromium.html
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
d3dcompiler_47.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
ffmpeg.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
libEGL.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
libGLESv2.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
resources/app.asar.unpacked/node_modules/@primno/dpapi/dist/index.js
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral19
Sample
resources/app.asar.unpacked/node_modules/@primno/dpapi/dist/index.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
resources/app.asar.unpacked/node_modules/@primno/dpapi/prebuilds/win32-x64/node.napi.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral21
Sample
resources/app.asar.unpacked/node_modules/@primno/dpapi/prebuilds/win32-x64/node.napi.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
resources/app.asar.unpacked/node_modules/sqlite3/deps/extract.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral23
Sample
resources/app.asar.unpacked/node_modules/sqlite3/deps/extract.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
resources/app.asar.unpacked/node_modules/sqlite3/lib/binding/napi-v6-win32-unknown-x64/node_sqlite3.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral25
Sample
resources/app.asar.unpacked/node_modules/sqlite3/lib/binding/napi-v6-win32-unknown-x64/node_sqlite3.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
resources/app.asar.unpacked/node_modules/sqlite3/lib/sqlite3-binding.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral27
Sample
resources/app.asar.unpacked/node_modules/sqlite3/lib/sqlite3-binding.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
resources/app.asar.unpacked/node_modules/sqlite3/lib/sqlite3.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral29
Sample
resources/app.asar.unpacked/node_modules/sqlite3/lib/sqlite3.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
resources/app.asar.unpacked/node_modules/sqlite3/lib/trace.js
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral31
Sample
resources/app.asar.unpacked/node_modules/sqlite3/lib/trace.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
resources/app.asar.unpacked/node_modules/sqlite3/src/backup.js
Resource
win7-20240903-en
windows7-x64
General
-
Target
ArenaWars.exe
-
Size
172.3MB
-
MD5
e406ee7fc83200a658853b22020dd1dd
-
SHA1
1c85386ce34c3f03f306258c25155864fd580e51
-
SHA256
df78bfcaa3d4092b348fc7935b2d0646e6cee45072153fa6e04ab0bb23adf602
-
SHA512
446f0b65fc2268d1e0b6edae8200b0074a78b8a6ed97910fc7796cbbf1d22dade503e0191c17e27c73010e4f3175965ba4ae4e8f525c42c94d411b67af2944cf
-
SSDEEP
1572864:xvDiRV7iEqRRhCLvfL4j85pyO4C/HTsA5u8/qUw3g4JEZEKLhMPMdQj58mf:PDEflMPMdQt8
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1792 ArenaWars.exe 1792 ArenaWars.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe Token: SeShutdownPrivilege 2892 ArenaWars.exe Token: SeCreatePagefilePrivilege 2892 ArenaWars.exe -
Suspicious use of WriteProcessMemory 34 IoCs
description pid Process procid_target PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 4944 2892 ArenaWars.exe 81 PID 2892 wrote to memory of 1100 2892 ArenaWars.exe 82 PID 2892 wrote to memory of 1100 2892 ArenaWars.exe 82 PID 2892 wrote to memory of 1792 2892 ArenaWars.exe 92 PID 2892 wrote to memory of 1792 2892 ArenaWars.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\ArenaWars.exe"C:\Users\Admin\AppData\Local\Temp\ArenaWars.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2892 -
C:\Users\Admin\AppData\Local\Temp\ArenaWars.exe"C:\Users\Admin\AppData\Local\Temp\ArenaWars.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ArenaWars" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1860,i,4688014701527602930,495680767093260621,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1848 /prefetch:22⤵PID:4944
-
-
C:\Users\Admin\AppData\Local\Temp\ArenaWars.exe"C:\Users\Admin\AppData\Local\Temp\ArenaWars.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ArenaWars" --field-trial-handle=2032,i,4688014701527602930,495680767093260621,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1924 /prefetch:32⤵PID:1100
-
-
C:\Users\Admin\AppData\Local\Temp\ArenaWars.exe"C:\Users\Admin\AppData\Local\Temp\ArenaWars.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\ArenaWars" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1344,i,4688014701527602930,495680767093260621,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1292 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1792
-