c1c548f331b5d41de7caf8fefac8488af85be5c1a5e4ce443a12eeba8a842e29

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-10-2024 23:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Gamersky_DONT.STARVE.PLUS6TRN.MGRINZPLAYER/Don't Starve Steam Trainer.exe
Size

3.8MB
MD5

19b32ba669f4b06ffe64506ce8955ea3
SHA1

673651a73923a643820b079fa8eb3d1dd63e4b86
SHA256

faf96a51e6a4efbe6d8301c1dfccf8d57e109164cdbd3fd0106b9c95d398b30e
SHA512

57e36eed7402c5c95f248bae8b58bca6b67e01d117ab7fa25e5623b61a93b7d49537706134e64046ce3a5e4287e7287258d088c4537ef0a134db7786bbb30b1b
SSDEEP

49152:Kp8N1m4eZUUt7/I8gyt58UAZc1/7Ak7FQ9J8mQFVZxQTonNGOlzjTEgJSoakbOHn:sP4eNI8lr8BZc1TkNQ7QpOlzv6fkb8Y

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1716	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe

Loads dropped DLL 2 IoCs

pid	Process
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Don't Starve Steam Trainer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Don't Starve Steam Trainer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Don't Starve Steam Trainer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe
1028	Don't Starve Steam Trainer.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeDebugPrivilege	1028	Don't Starve Steam Trainer.exe
Token: SeLoadDriverPrivilege	1028	Don't Starve Steam Trainer.exe
Token: SeCreateGlobalPrivilege	1028	Don't Starve Steam Trainer.exe
Token: 33	1028	Don't Starve Steam Trainer.exe
Token: SeSecurityPrivilege	1028	Don't Starve Steam Trainer.exe
Token: SeTakeOwnershipPrivilege	1028	Don't Starve Steam Trainer.exe
Token: SeManageVolumePrivilege	1028	Don't Starve Steam Trainer.exe
Token: SeBackupPrivilege	1028	Don't Starve Steam Trainer.exe
Token: SeCreatePagefilePrivilege	1028	Don't Starve Steam Trainer.exe
Token: SeShutdownPrivilege	1028	Don't Starve Steam Trainer.exe
Token: SeRestorePrivilege	1028	Don't Starve Steam Trainer.exe
Token: 33	1028	Don't Starve Steam Trainer.exe
Token: SeIncBasePriorityPrivilege	1028	Don't Starve Steam Trainer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1028	Don't Starve Steam Trainer.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4780 wrote to memory of 1716	4780	Don't Starve Steam Trainer.exe	85
PID 4780 wrote to memory of 1716	4780	Don't Starve Steam Trainer.exe	85
PID 4780 wrote to memory of 1716	4780	Don't Starve Steam Trainer.exe	85
PID 1716 wrote to memory of 1028	1716	Don't Starve Steam Trainer.exe	86
PID 1716 wrote to memory of 1028	1716	Don't Starve Steam Trainer.exe	86
PID 1716 wrote to memory of 1028	1716	Don't Starve Steam Trainer.exe	86

C:\Users\Admin\AppData\Local\Temp\Gamersky_DONT.STARVE.PLUS6TRN.MGRINZPLAYER\Don't Starve Steam Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\Gamersky_DONT.STARVE.PLUS6TRN.MGRINZPLAYER\Don't Starve Steam Trainer.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4780
- C:\Users\Admin\AppData\Local\Temp\cetrainers\CET9E34.tmp\Don't Starve Steam Trainer.exe
  "C:\Users\Admin\AppData\Local\Temp\cetrainers\CET9E34.tmp\Don't Starve Steam Trainer.exe" -ORIGIN:"C:\Users\Admin\AppData\Local\Temp\Gamersky_DONT.STARVE.PLUS6TRN.MGRINZPLAYER\"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1716
- - C:\Users\Admin\AppData\Local\Temp\cetrainers\CET9E34.tmp\extracted\Don't Starve Steam Trainer.exe
    "C:\Users\Admin\AppData\Local\Temp\cetrainers\CET9E34.tmp\extracted\Don't Starve Steam Trainer.exe" "C:\Users\Admin\AppData\Local\Temp\cetrainers\CET9E34.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:C:\Users\Admin\AppData\Local\Temp\Gamersky_DONT.STARVE.PLUS6TRN.MGRINZPLAYER\"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:1028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\cetrainers\CET9E34.tmp\CET_Archive.dat

Filesize
3.4MB

MD5
3477b1f53c866215a8b1658de0f3f0b9

SHA1
d9a965205d00bef99cdf68a4d92779136669e6f1

SHA256
8e09697c13f6b9f8bdb8f82fd390c8246f655ed4f9de8d613edd5ab2b6c6b1d1

SHA512
0856358112b1c30c9da81392e8fc2c5799374a56ac1a9f74aadcb41d7af9685c738243f461fd18ecc2f7eab3394a91334cb7adcf270670f46e1063d173e8af0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET9E34.tmp\Don't Starve Steam Trainer.exe

Filesize
190KB

MD5
9ab6596d10b6c77c327a66acf5dc73d4

SHA1
6b7be2f36119781ca889e127d14575937f0b65d4

SHA256
48d0fcdf9d2d41ce815d6c5155b358f81967e96dc8d825a15d4d8843aae28ecc

SHA512
aeea9e623fd635a2af64e485eed66b4fe2192a6d33f56523ecc784c1e55ce5a645213840d491d161219cadbe53183608f7c6228037e8b79e3943418adc3b03ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET9E34.tmp\extracted\CET_TRAINER.CETRAINER

Filesize
213KB

MD5
b712928ab60b88134030ef588a82c3fe

SHA1
360e20c007a95d3018c05ce21d361c7559c55f08

SHA256
d0ef0242a22fba23d6544596ec3f59c7d2d43fdbe91fda390ac0c7272eb974f6

SHA512
db2944d783b83f343f1583dc49108969ca1ae4552e6384944f3ad2c4313bec692af03e743943b11446e6fc32264bc09ce6ecd248758d4c12999ccd65779f68d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET9E34.tmp\extracted\Don't Starve Steam Trainer.exe

Filesize
6.2MB

MD5
f33d5f15b0584479796ef37c9f23ac35

SHA1
7d32a4d55046cdf8bd892e96f47663e59f291249

SHA256
b808bb08e80716a4ddcdebc3626c0df6842817214854a213d0e8db14928e2de2

SHA512
f2f99d389807a9fa880ac9ee3c121cf2d249a9b452c47f66a12b36586cf49fd2d51ff7fa9ff2462c817a5fd348dd7adfbea8ed7e6ec99788581a614b042a01af

Download Submit
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET9E34.tmp\extracted\defines.lua

Filesize
4KB

MD5
137698460f16dd9d7c5dcd95497fde8c

SHA1
f271fd46db36fe597afb103cb5285d504b51e519

SHA256
69cc27cc19c4f47586d4e65f5b22329f66d5d6dc9b86670cdc8e3c19d2e39829

SHA512
3c6e21781e6855f551fc5c6d04f8a14029256d1d8c4e83071d3648103be28adbbfe45d548e918772e9cb2ba386d025171ea578581d7ee193c2af7d4545f1319a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET9E34.tmp\extracted\lua5.1-32.dll

Filesize
324KB

MD5
55252835313f3e987a23da4d8acb688b

SHA1
2516f91cd74a52c2e667afe08ce294992d42bb12

SHA256
547df7a295ec9b318b25b60c0785aa22e44310e81682eecd85e8f8dbaccbfb22

SHA512
df8a6d15f51ad9930f9597cb1c45556aa5fa3f56cb218affb9f02920cfbecbb76890f324209207c12dcfb11b595e263d8ae961a1c3657a15217934ff531e12cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET9E34.tmp\extracted\nfoWindow_DontStarve.lua

Filesize
16KB

MD5
2dd9ac5aca07db3bac122030b1dcf7b2

SHA1
ca8fa9173ffe3e0c335af868de4cb4544e117d91

SHA256
696a4d17288f5c3b654615c4eaca9812c029d09c24259cfbb3e9669dc1e81fee

SHA512
0308a1d337b9f8eb97d10cf7fbbf9656835e94f9d5d182b00c74c33c7cbb8db1fa359434bc5967341f842547708cc214b7432c355c6bc5578c9f945b276c58d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET9E34.tmp\extracted\win32\dbghelp.dll

Filesize
1.2MB

MD5
4003e34416ebd25e4c115d49dc15e1a7

SHA1
faf95ec65cde5bd833ce610bb8523363310ec4ad

SHA256
c06430b8cb025be506be50a756488e1bcc3827c4f45158d93e4e3eeb98ce1e4f

SHA512
88f5d417377cd62bde417640a79b6ac493e80f0c8b1f63a99378a2a67695ef8e4a541cedb91acfa296ed608e821fee466983806f0d082ed2e74b0cd93eb4fb84

Download Submit