Overview

overview

6

Static

static

Princess.Conquest.rar

windows7-x64

3

Princess.Conquest.rar

windows10-2004-x64

3

Princess.C...OM.url

windows7-x64

6

Princess.C...OM.url

windows10-2004-x64

6

Princess.C...OM.url

windows7-x64

6

Princess.C...OM.url

windows10-2004-x64

6

Princess.C...rr.ps1

windows7-x64

1

Princess.C...rr.ps1

windows10-2004-x64

1

Princess.C...rm.dll

windows7-x64

1

Princess.C...rm.dll

windows10-2004-x64

1

Princess.C...19.ttf

windows7-x64

1

Princess.C...19.ttf

windows10-2004-x64

1

Princess.C...ld.otf

windows7-x64

1

Princess.C...ld.otf

windows10-2004-x64

1

Princess.C...NS.ttf

windows7-x64

1

Princess.C...NS.ttf

windows10-2004-x64

1

Princess.C...TG.ttf

windows7-x64

1

Princess.C...TG.ttf

windows10-2004-x64

1

Princess.C...ar.ttf

windows7-x64

1

Princess.C...ar.ttf

windows10-2004-x64

1

Princess.C...ar.ttf

windows7-x64

1

Princess.C...ar.ttf

windows10-2004-x64

1

Princess.C...ngelog

windows7-x64

1

Princess.C...ngelog

windows10-2004-x64

1

Princess.C...ICENSE

windows7-x64

1

Princess.C...ICENSE

windows10-2004-x64

1

Princess.C...NSE.en

windows7-x64

1

Princess.C...NSE.en

windows10-2004-x64

1

Princess.C....mplus

windows7-x64

1

Princess.C....mplus

windows10-2004-x64

1

Princess.C....mplus

windows7-x64

1

Princess.C....mplus

windows10-2004-x64

1

Analysis

  • max time kernel
    6s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    28/12/2022, 06:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Princess.Conquest/Princess & Conquest v0.16.14/Audio/BGM/P&C - Pirate Barrr.ps1

  • Size

    4.2MB

  • MD5

    b3fbd80286bf6007c0be8caa18218ce0

  • SHA1

    48af991bbaac54364bae1d080b21874f576a5891

  • SHA256

    3982a7e3cc59fe4d5df5bd87f69bb86f2ece564d881392ae3fcb0c304f7f2c8e

  • SHA512

    d6f98c38c5ce157a5680bbe661c5c307f072e1fc563f93ecc2cdd4e8f74d35558cb8fbdc9a4916edf0af5471832a1224dd5b67267bdc8fef72c907378063567c

  • SSDEEP

    98304:V/nJYrBqKdl5epstZrKWRRkSPjK8+XwI94U6H7mgTVi:V/nhWlJrKWMSPjR+XJx6LTVi

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\Princess.Conquest\Princess & Conquest v0.16.14\Audio\BGM\P&C - Pirate Barrr.ps1"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1776-54-0x000007FEFBA81000-0x000007FEFBA83000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1776-55-0x000007FEF40A0000-0x000007FEF4AC3000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/1776-56-0x000007FEF3540000-0x000007FEF409D000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/1776-57-0x0000000002524000-0x0000000002527000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1776-58-0x000000001B720000-0x000000001BA1F000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/1776-59-0x0000000002524000-0x0000000002527000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1776-60-0x000000000252B000-0x000000000254A000-memory.dmp

    Filesize

    124KB

    Download