Overview
overview
8Static
static
8Pitch Black/Game.exe
windows7-x64
6Pitch Black/Game.exe
windows10-2004-x64
1Pitch Black/Setup.exe
windows7-x64
1Pitch Black/Setup.exe
windows10-2004-x64
7Pitch Blac...00.dll
windows7-x64
6Pitch Blac...00.dll
windows10-2004-x64
1Pitch Blac...01.dll
windows7-x64
6Pitch Blac...01.dll
windows10-2004-x64
3Analysis
-
max time kernel
123s -
max time network
52s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
03-10-2022 12:20
Behavioral task
behavioral1
Sample
Pitch Black/Game.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Pitch Black/Game.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
Pitch Black/Setup.exe
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
Pitch Black/Setup.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
Pitch Black/System/RGSS300.dll
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
Pitch Black/System/RGSS300.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral7
Sample
Pitch Black/System/RGSS301.dll
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
Pitch Black/System/RGSS301.dll
Resource
win10v2004-20220812-en
General
-
Target
Pitch Black/Game.exe
-
Size
154KB
-
MD5
0be6d562ad1226912a929c9f5494e660
-
SHA1
17028bf0dbdba42a904543cad1ec9da1278aca3b
-
SHA256
c0f23f8c188c04cced5d8295b773e6bbc6c78afe9050cf0ef13176e26e783a96
-
SHA512
35d497c5782a0a7cf20d20bdf10cc5840004752dff16d6d05d559596875e498b8819ed5477188abbdea0a17c9c4b38b4bf7596732dc4a4d293f986abb4696a7e
-
SSDEEP
3072:5WK+I+/wslzo5PaLpe5rWhKri38yR8K+:5WK+xZAaqKMi3W
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
Game.exedescription ioc process File opened for modification \??\PhysicalDrive0 Game.exe -
Modifies registry class 3 IoCs
Processes:
Game.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key Game.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ Game.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" Game.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
Game.exepid process 1080 Game.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 936 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 936 AUDIODG.EXE Token: 33 936 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 936 AUDIODG.EXE -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
Game.exepid process 1080 Game.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Pitch Black\Game.exe"C:\Users\Admin\AppData\Local\Temp\Pitch Black\Game.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4481⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1080-54-0x0000000075A71000-0x0000000075A73000-memory.dmpFilesize
8KB
-
memory/1080-55-0x0000000010000000-0x0000000010324000-memory.dmpFilesize
3.1MB
-
memory/1080-56-0x0000000002050000-0x0000000002054000-memory.dmpFilesize
16KB
-
memory/1080-57-0x0000000010000000-0x0000000010324000-memory.dmpFilesize
3.1MB