Overview

overview

6

Static

static

Super_Mari...1].exe

windows7-x64

1

Super_Mari...1].exe

windows10-2004-x64

6

Analysis

  • max time kernel
    90s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/01/2023, 18:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Super_Mario_4_Jugadores_ERROR[1].exe

  • Size

    4.2MB

  • MD5

    006bca45965acdb1a626a082dcef9dc4

  • SHA1

    92de2e053eee09e18a7409b541dd28b54a03a0fa

  • SHA256

    773fbc03398c77dfe00310331dd86b70fc923c01761b824263ae7cb7812b0231

  • SHA512

    d370f356bd734756e5fbfcdc3426ca1f293afa23ac9371779c1b8e9fc9e2eb342af9b7b078b79f4b2618d605fedf426dbbe90329de122f3481ee5679cef52309

  • SSDEEP

    98304:vv7lx8hk2Od4kC50Cg7fANQHUqMbVjzbA:Pjexe2dqIvbA

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Super_Mario_4_Jugadores_ERROR[1].exe
    "C:\Users\Admin\AppData\Local\Temp\Super_Mario_4_Jugadores_ERROR[1].exe"
    1⤵
      PID:4812
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3196
      • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
        "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:3504
        • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
          "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
          2⤵
            PID:1184
          • C:\Windows\SysWOW64\unregmp2.exe
            "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:4260
            • C:\Windows\system32\unregmp2.exe
              "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
              3⤵
              • Enumerates connected drives
              • Suspicious use of AdjustPrivilegeToken
              PID:548

        Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
          Filesize

          1KB

          MD5

          bf6f8c271450031c49c164e75a760c10

          SHA1

          ca55f9dd55e9b2e149fce6a54dd541213465132a

          SHA256

          12ffaf836a527d6c9c5be5896a267afd78ad740b02e8e9bb53a311de906f92a6

          SHA512

          ccae037043c7161f4198c68ddc635cd2c9a607979fdfda73e78f3a08d12cd43b23ee0ccdcd389c718e0a041c0fa807055ee44b5134fc385c673c2e91ed336faa

          Download Submit