Overview

overview

6

Static

static

Princess.Conquest.rar

windows7-x64

3

Princess.Conquest.rar

windows10-2004-x64

3

Princess.C...OM.url

windows7-x64

6

Princess.C...OM.url

windows10-2004-x64

6

Princess.C...OM.url

windows7-x64

6

Princess.C...OM.url

windows10-2004-x64

6

Princess.C...rr.ps1

windows7-x64

1

Princess.C...rr.ps1

windows10-2004-x64

1

Princess.C...rm.dll

windows7-x64

1

Princess.C...rm.dll

windows10-2004-x64

1

Princess.C...19.ttf

windows7-x64

1

Princess.C...19.ttf

windows10-2004-x64

1

Princess.C...ld.otf

windows7-x64

1

Princess.C...ld.otf

windows10-2004-x64

1

Princess.C...NS.ttf

windows7-x64

1

Princess.C...NS.ttf

windows10-2004-x64

1

Princess.C...TG.ttf

windows7-x64

1

Princess.C...TG.ttf

windows10-2004-x64

1

Princess.C...ar.ttf

windows7-x64

1

Princess.C...ar.ttf

windows10-2004-x64

1

Princess.C...ar.ttf

windows7-x64

1

Princess.C...ar.ttf

windows10-2004-x64

1

Princess.C...ngelog

windows7-x64

1

Princess.C...ngelog

windows10-2004-x64

1

Princess.C...ICENSE

windows7-x64

1

Princess.C...ICENSE

windows10-2004-x64

1

Princess.C...NSE.en

windows7-x64

1

Princess.C...NSE.en

windows10-2004-x64

1

Princess.C....mplus

windows7-x64

1

Princess.C....mplus

windows10-2004-x64

1

Princess.C....mplus

windows7-x64

1

Princess.C....mplus

windows10-2004-x64

1

Analysis

  • max time kernel
    51s
  • max time network
    179s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/12/2022, 06:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Princess.Conquest/Princess & Conquest v0.16.14/Audio/BGM/P&C - Pirate Barrr.ps1

  • Size

    4.2MB

  • MD5

    b3fbd80286bf6007c0be8caa18218ce0

  • SHA1

    48af991bbaac54364bae1d080b21874f576a5891

  • SHA256

    3982a7e3cc59fe4d5df5bd87f69bb86f2ece564d881392ae3fcb0c304f7f2c8e

  • SHA512

    d6f98c38c5ce157a5680bbe661c5c307f072e1fc563f93ecc2cdd4e8f74d35558cb8fbdc9a4916edf0af5471832a1224dd5b67267bdc8fef72c907378063567c

  • SSDEEP

    98304:V/nJYrBqKdl5epstZrKWRRkSPjK8+XwI94U6H7mgTVi:V/nhWlJrKWMSPjR+XJx6LTVi

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\Princess.Conquest\Princess & Conquest v0.16.14\Audio\BGM\P&C - Pirate Barrr.ps1"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2012
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x3f8 0x498
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2012-132-0x00000206E27D0000-0x00000206E27F2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2012-133-0x00007FFEA5B60000-0x00007FFEA6621000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2012-134-0x00007FFEA5B60000-0x00007FFEA6621000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2012-135-0x00007FFEA5B60000-0x00007FFEA6621000-memory.dmp

    Filesize

    10.8MB

    Download