Overview

overview

8

Static

static

1

Warcraft III.exe

windows7-x64

8

Warcraft III.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    39s
  • max time network
    43s
  • platform
    windows7_x64
  • resource
    win7-20220812-es
  • resource tags

    arch:x64arch:x86image:win7-20220812-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    03-02-2023 15:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Warcraft III.exe

  • Size

    268KB

  • MD5

    a68a3046c54cae35abe39eb6d4a0327a

  • SHA1

    f589a19a85ce7c23e8bd4c4a6d7512b1c18b0297

  • SHA256

    0af4f05955607f52c6c5eba64c86652ff72992789e5d04e09c285fa6bce427dd

  • SHA512

    85973454eceb8cdaacda90b32e47530df6a531f004aebabacdd431dc66d5c0a5b8d66a3b9b27a358dcf51047a5f3059dcfd7c4dca67703285d54829f719c668a

  • SSDEEP

    6144:RY2EhylFdeXGtYrklpMZVWvi3QT3MEQ+ttubNH:nEklKU50ZVugQjv7ttu9

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Warcraft III.exe
    "C:\Users\Admin\AppData\Local\Temp\Warcraft III.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1100
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Windows\system32\gameux.dll,GameUXShim {897fee1c-5860-4583-bd47-a6ceedcefd14};C:\Users\Admin\AppData\Local\Temp\Warcraft III.exe;1100
      2⤵
      • Blocklisted process makes network request
      • Modifies registry class
      PID:532

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/532-55-0x0000000000000000-mapping.dmp

    Download

  • memory/1100-54-0x0000000076201000-0x0000000076203000-memory.dmp

    Filesize

    8KB

    Download