Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
-
submitted
01-12-2024 18:07
General
-
Target
$PLUGINSDIR/OWInstaller.exe
-
Size
305KB
-
MD5
4d4b3bc910f70b7bb6d7da07a76c7404
-
SHA1
082d17c125fb2b7dcb13d1a81dc99fbfc5ecbe75
-
SHA256
d9274e926fd1202f5691d187a694b130c227eafac03ed59f18e019b881ea8454
-
SHA512
c54d94a25c23eca98927a14728b62b3b8de41b8ec907d4a3ebcbd63db8ba400537b6fb3e59b243c2f2675eeebe70baa78d75b9a21d4c93a5d43b24d7d386ddc0
-
SSDEEP
6144:BQXk7Ln7TE5+LoUDxO9bNDoSIm9U0COGq2jppldNcQ0:BQf+bkoS00aut
Malware Config
Signatures
-
Drops file in System32 directory 16 IoCs
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Modifies registry class 35 IoCs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\OWInstaller.exe"C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\OWInstaller.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\DxDiag.exe"C:\Windows\System32\DxDiag.exe" /tC:\Users\Admin\AppData\Local\Overwolf\Temp\DxDiagOutput.txt2⤵
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
952B
MD506665882025e3962056b7a80138c747c
SHA17c7c55acc69a76abf5336669d132af0933b88bd2
SHA2566f3368fb383ec31792e4eeeea20748d5a628687b2e7e2843fc023af3181b907e
SHA512c824bc3ea47b44fa34a957717c6862afea7c47b68eb7712e008c6504b32d02e81b6378ab219685ae223632a270e841a9f01090ef22cc1caa46d84a9eae24fadc
-
Filesize
752B
MD557fcb5a09bf5e10a271cb13dd24b7d0f
SHA1ed7397e8273931b5b24098fb0a7b4d966c8bc72e
SHA2569e05add9eeed2ee3e4e35458ec3c5a0df33de6e18bd0f2bacaaeee1d5a883200
SHA512a2dc8c9c87726d4ee3fa0328af8cfd29cc61e4a41b0df08f783b8a2ec6d13aa8b35cba4cc7c52894c3def3300ec7b9323a0f7cfc4fcd491cef1c7a9c12401cb4
-
Filesize
7.6MB
-
Filesize
280KB
-
Filesize
8KB
-
Filesize
96KB
-
Filesize
664KB
-
Filesize
10.8MB
-
Filesize
704KB
-
Filesize
312KB
-
Filesize
136KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
5.2MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB