Overview

overview

9

Static

static

3

release/BY...ed.exe

windows10-2004-x64

9

release/ki...op.bat

windows10-2004-x64

8

release/ki...er.bat

windows10-2004-x64

1

ui/AEngine.dll

windows10-2004-x64

3

ui/Android...En.exe

windows10-2004-x64

7

ui/Start_G_En.bat

windows10-2004-x64

7

ui/aow_drv.sys

windows10-2004-x64

1

ui/aow_drv_x64.sys

windows10-2004-x64

1

ui/aow_drv_x64_ev.sys

windows10-2004-x64

1

ui/libaow.dll

windows10-2004-x64

5

ui/libx264-148.dll

windows10-2004-x64

3

ui/plugins...ce.dll

windows10-2004-x64

3

ui/plugins...er.exe

windows10-2004-x64

7

ui/plugins/TSSCom.dll

windows10-2004-x64

3

ui/plugins/TStats.dll

windows10-2004-x64

3

ui/plugins...ll.dll

windows10-2004-x64

3

ui/plugins...86.dll

windows10-2004-x64

3

ui/plugins...32.exe

windows10-2004-x64

7

ui/plugins...ce.dll

windows10-2004-x64

3

ui/plugins...ce.dll

windows10-2004-x64

3

ui/plugins...er.exe

windows10-2004-x64

3

ui/plugins...om.dll

windows10-2004-x64

3

ui/plugins...86.dll

windows10-2004-x64

3

ui/plugins...32.exe

windows10-2004-x64

7

ui/plugins...ce.dll

windows10-2004-x64

3

ui/tx_lsp/...sp.dll

windows10-2004-x64

3

ui/tx_lsp/...p4.dll

windows10-2004-x64

3

ui/tx_lsp/...in.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    92s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 09:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    release/kill_Gameloop.bat

  • Size

    213B

  • MD5

    545b6b1b5147376aec1bea5b35be2d8e

  • SHA1

    4ffe5e562a03fc9505c55d674ffb2a0d1ad8071d

  • SHA256

    66fb3509057f34ec750b992fd9ceaf7cdb0df9704f46c8c76774d259808d6692

  • SHA512

    2f230e67e51ff958b0c292d5ad2a823fa6c979fb32a25681bcc93506a5db34b07b55d2b164c8758cfdc99f26ed6ddf5f1d34a7204b273585ee7aa35e5b47a4c6

Score
8/10
evasionexecution

Malware Config

Signatures

  • Stops running service(s) 4 TTPs
    evasionexecution
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Kills process with taskkill 3 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\release\kill_Gameloop.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4868
    • C:\Windows\system32\taskkill.exe
      taskkill /im AndroidEmulatorEn.exe /f
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:520
    • C:\Windows\system32\taskkill.exe
      taskkill /im AndroidEmulatorEx.exe /f
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:5032
    • C:\Windows\system32\taskkill.exe
      taskkill /im AppMarket.exe /f
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:2332
    • C:\Windows\system32\timeout.exe
      timeout /t 3
      2⤵
      • Delays execution with timeout.exe
      PID:1064
    • C:\Windows\system32\sc.exe
      sc stop aow_drv
      2⤵
      • Launches sc.exe
      PID:3344

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads