fbe07d1afd27ab353daa2afacc2de87d8f5ec69f64bbd9246f31ebfe1731de9b

Analysis

max time kernel
28s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
18/03/2023, 22:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

pcsx2-v1.6.0-windows-32bit-installer.exe
Size

6.9MB
MD5

c6afd2ff3059b840ee2fb939694efafb
SHA1

405c4d526ac498fd61658d94f24426afa8ac4525
SHA256

fbe07d1afd27ab353daa2afacc2de87d8f5ec69f64bbd9246f31ebfe1731de9b
SHA512

d0cac8e24d83662d16df3a952cb5853f4e4d1ba5a4d78b274cde1131945fbabbbd1f2c10cfcd416a9dcb466b97ec07edac2acebcb6dc3c3b4d6927f5e6d064db
SSDEEP

196608:LrjpHpHPhXOQi7IGJEfB6+x5McQTVNy6Tp93cfw0acIVa:bpJHV4TEf4+XqVX9Vcf6A

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1992	pcsx2-v1.6.0-windows-32bit-installer.exe
1992	pcsx2-v1.6.0-windows-32bit-installer.exe
1992	pcsx2-v1.6.0-windows-32bit-installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\pcsx2-v1.6.0-windows-32bit-installer.exe
"C:\Users\Admin\AppData\Local\Temp\pcsx2-v1.6.0-windows-32bit-installer.exe"
1⤵
- Loads dropped DLL
PID:1992

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\PCSX2 1.6.0\Langs\lt_LT\pcsx2_Main.mo

Filesize
59KB

MD5
8c5adbd5a1c01311cf313e07452c79da

SHA1
0f7d127af24ae49355a10cb39c78bc2d98ef568f

SHA256
9a5534cea3e23ffa55cc12007b3c1ebcca35a2d8aaa281fe69a6f09796db4af1

SHA512
1bebcbcedb12774d1720b560c05f15db18049abe57e7f5a7565fbde066bc2aa4ec782bcc4496bdf5c11277ee3e5aa8c3c850aa8af4d831464a63c61a790c2123

Download Submit
\Users\Admin\AppData\Local\Temp\nsj1F95.tmp\System.dll

Filesize
12KB

MD5
8cf2ac271d7679b1d68eefc1ae0c5618

SHA1
7cc1caaa747ee16dc894a600a4256f64fa65a9b8

SHA256
6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

SHA512
ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

Download Submit
\Users\Admin\AppData\Local\Temp\nsj1F95.tmp\UserInfo.dll

Filesize
4KB

MD5
dc90f96b169dcc9151ee6e93b47446ea

SHA1
61e57bbe333a98d14f48815db7382ddbf90db642

SHA256
afc939ebfd66a6c972d2d6bbcb978559ab3427d1582935e45392f9912ef186ad

SHA512
11658c2342a2a686a012d81c602cd8e50861506dcee9d38c416bc60451cb1d7fc24e964875b8edfc22c9647f06ffe90088f83a60973eeaffa98538294af1d5ba

Download Submit
\Users\Admin\AppData\Local\Temp\nsj1F95.tmp\nsDialogs.dll

Filesize
9KB

MD5
ec9640b70e07141febbe2cd4cc42510f

SHA1
64a5e4b90e5fe62aa40e7ac9e16342ed066f0306

SHA256
c5ba017732597a82f695b084d1aa7fe3b356168cc66105b9392a9c5b06be5188

SHA512
47605b217313c7fe6ce3e9a65da156a2fba8d91e4ed23731d3c5e432dd048ff5c8f9ae8bb85a6a39e1eac4e1b6a22862aa72d3b1b1c8255858997cdd4db5d1fe

Download Submit