82277b4958fcdeea564c8051a0f7211fecb732c82072f8ef055212d7386d87fe

Analysis

max time kernel
40s
max time network
41s
platform
windows7_x64
resource
win7-20230220-es
resource tags

arch:x64arch:x86image:win7-20230220-eslocale:es-esos:windows7-x64systemwindows
submitted
28-03-2023 06:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

superdxb.exe
Size

3.8MB
MD5

dc949bbd2f465afbff9d23dc113e2a82
SHA1

c8b6992e6879d4b607f248eb05d630cb44eb553f
SHA256

82277b4958fcdeea564c8051a0f7211fecb732c82072f8ef055212d7386d87fe
SHA512

65ae797b0ba40f525eb77e5ad948b1e662cd358dbeab6fda62286508d69166deb965661e47c96ee6dac7a30ea3e419f628f705971428363f7a2260c82c239195
SSDEEP

98304:sQqrc2PbUl4aVxsFN02ovpb7rxU2jrHsK:BMTUGaVIvovpb7JjrHsK

Score

7^/10

discovery upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\Program Files (x86)\Super DX-Ball\fmod.dll	acprotect
\Program Files (x86)\Super DX-Ball\fmod.dll	acprotect

Executes dropped EXE 3 IoCs

Processes:

is-F7G0G.tmpdxloader.exesuperdxball.exe

pid process

1928 is-F7G0G.tmp
1468 dxloader.exe
504 superdxball.exe

pid	process
1928	is-F7G0G.tmp
1468	dxloader.exe
504	superdxball.exe

Loads dropped DLL 11 IoCs

Processes:

superdxb.exeis-F7G0G.tmpdxloader.exesuperdxball.exe

pid	process
936	superdxb.exe
1928	is-F7G0G.tmp
1928	is-F7G0G.tmp
1928	is-F7G0G.tmp
1928	is-F7G0G.tmp
1928	is-F7G0G.tmp
1928	is-F7G0G.tmp
1928	is-F7G0G.tmp
1468	dxloader.exe
1468	dxloader.exe
504	superdxball.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Program Files (x86)\Super DX-Ball\fmod.dll	upx
\Program Files (x86)\Super DX-Ball\fmod.dll	upx
behavioral1/memory/504-334-0x0000000010000000-0x0000000010096000-memory.dmp	upx
behavioral1/memory/504-345-0x0000000010000000-0x0000000010096000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

is-F7G0G.tmp

description	ioc	process
File created	C:\Program Files (x86)\Super DX-Ball\boards\standard\is-5JGAA.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\boards\standard\is-FQEO3.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\is-E8I0H.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\boards\standard\is-97HF0.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\boards\standard\is-M9NN4.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\mus\game\in-game\is-8JKHR.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\is-MA371.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\is-PPQ9F.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\is-T9J7K.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\is-HULG7.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\is-FKL7F.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\is-DPGPG.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\title\is-Q1LF1.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\boards\standard\is-J7V4B.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\boards\standard\is-STVDV.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\is-22PCB.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\mus\game\in-game\is-KJJ4J.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\title\is-R04SM.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\is-UOB5D.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\boards\standard\is-NIS84.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\is-ERNK6.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\title\is-4P6UH.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\is-O10UB.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\boards\standard\is-U2TKJ.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\boards\standard\is-UUTP4.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\boards\standard\is-QNC97.tmp	is-F7G0G.tmp
File opened for modification	C:\Program Files (x86)\Super DX-Ball\techsupport.url	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\mus\game\in-game\is-RSODK.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\is-BALS4.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\is-7GCAR.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\is-B10NB.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\is-GCCT7.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\title\is-CM12B.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\is-T4HFS.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\boards\standard\is-2SROO.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\mus\game\in-game\is-RB1O3.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\is-CQMNT.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\is-14SN9.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\is-PENUS.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\is-JPV69.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\is-E1I9L.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\boards\standard\is-TB2OJ.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\mus\game\is-5GMS5.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\boards\standard\is-3ILDI.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\mus\game\in-game\is-QSCK7.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\title\is-TC8HS.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\is-95LEG.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\boards\standard\is-1PIAA.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\unins000.dat	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\title\is-MP0MI.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\is-6K23N.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\boards\standard\is-T7QAL.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\boards\standard\is-T9ES6.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\is-6JNEE.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\is-8L5CS.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\boards\standard\is-GGTAR.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\is-J3RH4.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\is-G4A0A.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\is-QPUV6.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\is-IRHJJ.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\boards\standard\is-T6LIK.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\title\is-U9FE4.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\sfx\game\is-GLQN9.tmp	is-F7G0G.tmp
File created	C:\Program Files (x86)\Super DX-Ball\is-K1RR7.tmp	is-F7G0G.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	process
Token: 33	1440	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1440	AUDIODG.EXE
Token: 33	1440	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1440	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

dxloader.exe

pid process

1468 dxloader.exe

pid	process
1468	dxloader.exe

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

superdxb.exeis-F7G0G.tmpdxloader.exe

description	pid	process	target process
PID 936 wrote to memory of 1928	936	superdxb.exe	is-F7G0G.tmp
PID 936 wrote to memory of 1928	936	superdxb.exe	is-F7G0G.tmp
PID 936 wrote to memory of 1928	936	superdxb.exe	is-F7G0G.tmp
PID 936 wrote to memory of 1928	936	superdxb.exe	is-F7G0G.tmp
PID 936 wrote to memory of 1928	936	superdxb.exe	is-F7G0G.tmp
PID 936 wrote to memory of 1928	936	superdxb.exe	is-F7G0G.tmp
PID 936 wrote to memory of 1928	936	superdxb.exe	is-F7G0G.tmp
PID 1928 wrote to memory of 1468	1928	is-F7G0G.tmp	dxloader.exe
PID 1928 wrote to memory of 1468	1928	is-F7G0G.tmp	dxloader.exe
PID 1928 wrote to memory of 1468	1928	is-F7G0G.tmp	dxloader.exe
PID 1928 wrote to memory of 1468	1928	is-F7G0G.tmp	dxloader.exe
PID 1468 wrote to memory of 504	1468	dxloader.exe	superdxball.exe
PID 1468 wrote to memory of 504	1468	dxloader.exe	superdxball.exe
PID 1468 wrote to memory of 504	1468	dxloader.exe	superdxball.exe
PID 1468 wrote to memory of 504	1468	dxloader.exe	superdxball.exe

C:\Users\Admin\AppData\Local\Temp\superdxb.exe
"C:\Users\Admin\AppData\Local\Temp\superdxb.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:936

C:\Users\Admin\AppData\Local\Temp\is-KGBN0.tmp\is-F7G0G.tmp
"C:\Users\Admin\AppData\Local\Temp\is-KGBN0.tmp\is-F7G0G.tmp" /SL4 $70130 "C:\Users\Admin\AppData\Local\Temp\superdxb.exe" 3738064 52736
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1928

C:\Program Files (x86)\Super DX-Ball\dxloader.exe
"C:\Program Files (x86)\Super DX-Ball\dxloader.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1468

C:\Program Files (x86)\Super DX-Ball\superdxball.exe
"superdxball.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:504

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x480
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1440

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Super DX-Ball\art.bbk
Filesize
38KB

MD5
5232f739a497f47732f595ecb021d73b

SHA1
7e09d5e36c941517d5d6c3169191021ad65d3681

SHA256
d3b37bec08aab861de1b0d37ece3a4b383d4dcb1c4134f4410cfa2d08ae58080

SHA512
cf74f75a8846ccb33d12c5818b8b8f85870d02ea2aa9706af83fbffac83d0aa368662ba252f8da305fe2b453ef1949d84112ea6d4dcde24c82e0108093d51407

Download Submit
C:\Program Files (x86)\Super DX-Ball\art.dat
Filesize
4.7MB

MD5
223e843792d35ff4597308bc199afd6c

SHA1
f17f1b4de87765c43a1a3370e17e8a9b26c41597

SHA256
10b0c4b89d556e4aa5d48de7309d0e0bdacdf0fb8e75e7cdfe95070f42b40ed3

SHA512
2fb1c8df043f0d58852f3a4899dcaba394f2bafb617302a4c88c7bae550d4492a6a3e9f3c8532373c9b2681f6276125d3ea5deeddc686d7e3ac90eee5589687d

Download Submit
C:\Program Files (x86)\Super DX-Ball\art8.bbk
Filesize
240KB

MD5
33d071b213300d95311c4f644336a371

SHA1
11de996344b2c45c7e1b677aa7f82a54563ca60a

SHA256
9f6792d9c48b78617628d4250feded829a612c1cd231e27de9288bd408b6feef

SHA512
fb836a189687bbfe8a94772877ffa0405ba963b2892a6f5b3ffac6558acb140dfb336e88fd3b37aff6b376be0c6a8fee5f7ef4084832cd7804529c83ad17ddc9

Download Submit
C:\Program Files (x86)\Super DX-Ball\art8.dat
Filesize
655KB

MD5
df517706fc1d187a74c4fd45f50b8fb5

SHA1
e04278b83c8b128424dc02871078f956e04060de

SHA256
929ee77ce1ab2ceaa50494a445f6251aa4d638e9a23c654f28816e435b70c3c0

SHA512
24166b01a660d30093d8b15deecc2102da743e04d2abadec2560e4703971d4cd7901fdfe3c0e02ee01b767637d664f5f56d4b4f78059a4a252ecb1cab309c67d

Download Submit
C:\Program Files (x86)\Super DX-Ball\default.emi
Filesize
10KB

MD5
a1b344b7d28dc7886c7c2f9078785d28

SHA1
673c20df08c7a2a69e61a08626f2ae921d6469a8

SHA256
882b26389368d202e7d35ad8ab374b902c2cb75ccf040b710b782261cc2822c8

SHA512
1f0b291bc3b327c317c9ec2a7125aeef3e6bd40bbdf0cf95ec626a7af2c88609876d5d4c72a4ff4d3db0f05dd4a2df9f2ed6bae7c8875bd2790942d97d1242d0

Download Submit
C:\Program Files (x86)\Super DX-Ball\dxloader.exe
Filesize
64KB

MD5
610e6d99626e41b88d7be4a3ce20e3c9

SHA1
72d682f804c939b91a930f4f9e17c04024cf8f29

SHA256
864d664968120376973f9c290576c7f1280a4fa4e0aa76bd676b521171361bdc

SHA512
9dae479055b793cb81219b276ef0766d142e2e54efb2df531a435f7d437c0c9d8ca858d5c57991fce248dfe1d62da0a701ea93c94c43f6ed9701b48c6c5a7fc6

Download Submit
C:\Program Files (x86)\Super DX-Ball\dxloader.exe
Filesize
64KB

MD5
610e6d99626e41b88d7be4a3ce20e3c9

SHA1
72d682f804c939b91a930f4f9e17c04024cf8f29

SHA256
864d664968120376973f9c290576c7f1280a4fa4e0aa76bd676b521171361bdc

SHA512
9dae479055b793cb81219b276ef0766d142e2e54efb2df531a435f7d437c0c9d8ca858d5c57991fce248dfe1d62da0a701ea93c94c43f6ed9701b48c6c5a7fc6

Download Submit
C:\Program Files (x86)\Super DX-Ball\dxloader.exe
Filesize
64KB

MD5
610e6d99626e41b88d7be4a3ce20e3c9

SHA1
72d682f804c939b91a930f4f9e17c04024cf8f29

SHA256
864d664968120376973f9c290576c7f1280a4fa4e0aa76bd676b521171361bdc

SHA512
9dae479055b793cb81219b276ef0766d142e2e54efb2df531a435f7d437c0c9d8ca858d5c57991fce248dfe1d62da0a701ea93c94c43f6ed9701b48c6c5a7fc6

Download Submit
C:\Program Files (x86)\Super DX-Ball\fmod.dll
Filesize
159KB

MD5
b8d0cce2ca1cc850c8c6f25a70d855e6

SHA1
e64409d3677b73c1ecb072f07f4630f50096e013

SHA256
1e08da161cf78746304a834973971ee47a24817ee4e28df74e3f37dbbb383b22

SHA512
a272920c38538e3e080b62bfe9e6c28191fd6d079d1af6861d56aa7197a408dce61609f8f2c280a1092a50a9bc36090ffae5d54bc36d20efb560c485d7123494

Download Submit
C:\Program Files (x86)\Super DX-Ball\loader.bbk
Filesize
4KB

MD5
339941d54829c41d82ae79bf44e11223

SHA1
ebd744aba957e907ee0b98cd9c34cbf0c95a5b4d

SHA256
6afba9a4a5bc3c229469b29862d1d54587500c154ba799579bcf1c215ab56c80

SHA512
9ffe91e1fcf89e68fd0cd79f10752832d248ea7b5dde4264da6666a07e4b5acfeb29992e64b6a6d03d805fcedea4e0cd5fac593178e3cd80feecab406b6069d3

Download Submit
C:\Program Files (x86)\Super DX-Ball\loader.dat
Filesize
166KB

MD5
7f185b4a6cf502b6df0ad624375a7a86

SHA1
274a6d4b6530372e1f775a4227d0db7aba8ea096

SHA256
fc4c02fa1acba3b7795b5dafa2e420886191bd6fe90b9e2c34875fe6afc4db16

SHA512
b3dfeaff870ac38cd419ed55eb1172f312dca5166814aacf484687ea0e11167f6754b7697fc6b881056db46b0de0f0953ca631d7a6a107c9bb06b47cd8401638

Download Submit
C:\Program Files (x86)\Super DX-Ball\sfx\game\title\button.ogg
Filesize
4KB

MD5
b019e09d26afb5aedeb2e598372fb82e

SHA1
49dba0de6d85505797e6d2ffafb79e59ab055980

SHA256
7cf4792a7644798e325bd9140a4b08abefdfebd57518bacef1eb5ab133893a5a

SHA512
6c1434bb2d9caeba98066135f6b019fcf114b617601ed24c57734317cf3480e935dd6a7508839c2b9bbbe98dfa8147c57117419aabdd202b452029e5a1612808

Download Submit
C:\Program Files (x86)\Super DX-Ball\sfx\game\title\warn.ogg
Filesize
6KB

MD5
0890220bb4ff7c21e085d7f81908c8c8

SHA1
aea915bf5f3f66c3b51cba4b8eeb22260929a2e9

SHA256
3af4806850a787e0042f8009a6fd918de3a0112a6c43d64b45819e193d41a4c5

SHA512
a50ccaa8d914a5cc98d72deadcad48d73b1fc11a282a22e1e3fe61784b7bcd051916320bee582f085638171a0e9964a1e5c85ebc2a0547b6e4dc25bb3c68423d

Download Submit
C:\Program Files (x86)\Super DX-Ball\superdxball.exe
Filesize
554KB

MD5
8225adf895ebb6b3970b0d03ed0cb24d

SHA1
f5da4f1f3e854123ab2f9937da1dd9ae7864c86a

SHA256
e698b951c4f161dd1c0d61dcd5427e153696118853ec1c0cedf49da4f458a49c

SHA512
d04e0a86d0c5e7feea8c0b74e062a86536978b6408d0a150c8dd3ae33e1bfc0b2b45ff38f94e229815166f37a439df008f3d327a01e95594b43ab0f26cf36a57

Download Submit
C:\Program Files (x86)\Super DX-Ball\superdxball.exe
Filesize
554KB

MD5
8225adf895ebb6b3970b0d03ed0cb24d

SHA1
f5da4f1f3e854123ab2f9937da1dd9ae7864c86a

SHA256
e698b951c4f161dd1c0d61dcd5427e153696118853ec1c0cedf49da4f458a49c

SHA512
d04e0a86d0c5e7feea8c0b74e062a86536978b6408d0a150c8dd3ae33e1bfc0b2b45ff38f94e229815166f37a439df008f3d327a01e95594b43ab0f26cf36a57

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KGBN0.tmp\is-F7G0G.tmp
Filesize
657KB

MD5
3dafb498bb15d5260cb2c12b391a0d48

SHA1
c775ae9fdf18ab0ce38a8adffabe378f461e79a1

SHA256
c5d5f5f814c5bc4989d691442051e5e78cf1971eb9b773a7a26b438e58a73d7a

SHA512
a42f39a73bd4615490c6e33c017fa09f9992e3327d244b050b6634ad696d421170fd63ec5d5e66e92d112dc804eabd0bcd56494c9499d78fad8b46fe2ef32a31

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KGBN0.tmp\is-F7G0G.tmp
Filesize
657KB

MD5
3dafb498bb15d5260cb2c12b391a0d48

SHA1
c775ae9fdf18ab0ce38a8adffabe378f461e79a1

SHA256
c5d5f5f814c5bc4989d691442051e5e78cf1971eb9b773a7a26b438e58a73d7a

SHA512
a42f39a73bd4615490c6e33c017fa09f9992e3327d244b050b6634ad696d421170fd63ec5d5e66e92d112dc804eabd0bcd56494c9499d78fad8b46fe2ef32a31

Download Submit
\Program Files (x86)\Super DX-Ball\dxloader.exe
Filesize
64KB

MD5
610e6d99626e41b88d7be4a3ce20e3c9

SHA1
72d682f804c939b91a930f4f9e17c04024cf8f29

SHA256
864d664968120376973f9c290576c7f1280a4fa4e0aa76bd676b521171361bdc

SHA512
9dae479055b793cb81219b276ef0766d142e2e54efb2df531a435f7d437c0c9d8ca858d5c57991fce248dfe1d62da0a701ea93c94c43f6ed9701b48c6c5a7fc6

Download Submit
\Program Files (x86)\Super DX-Ball\dxloader.exe
Filesize
64KB

MD5
610e6d99626e41b88d7be4a3ce20e3c9

SHA1
72d682f804c939b91a930f4f9e17c04024cf8f29

SHA256
864d664968120376973f9c290576c7f1280a4fa4e0aa76bd676b521171361bdc

SHA512
9dae479055b793cb81219b276ef0766d142e2e54efb2df531a435f7d437c0c9d8ca858d5c57991fce248dfe1d62da0a701ea93c94c43f6ed9701b48c6c5a7fc6

Download Submit
\Program Files (x86)\Super DX-Ball\dxloader.exe
Filesize
64KB

MD5
610e6d99626e41b88d7be4a3ce20e3c9

SHA1
72d682f804c939b91a930f4f9e17c04024cf8f29

SHA256
864d664968120376973f9c290576c7f1280a4fa4e0aa76bd676b521171361bdc

SHA512
9dae479055b793cb81219b276ef0766d142e2e54efb2df531a435f7d437c0c9d8ca858d5c57991fce248dfe1d62da0a701ea93c94c43f6ed9701b48c6c5a7fc6

Download Submit
\Program Files (x86)\Super DX-Ball\dxloader.exe
Filesize
64KB

MD5
610e6d99626e41b88d7be4a3ce20e3c9

SHA1
72d682f804c939b91a930f4f9e17c04024cf8f29

SHA256
864d664968120376973f9c290576c7f1280a4fa4e0aa76bd676b521171361bdc

SHA512
9dae479055b793cb81219b276ef0766d142e2e54efb2df531a435f7d437c0c9d8ca858d5c57991fce248dfe1d62da0a701ea93c94c43f6ed9701b48c6c5a7fc6

Download Submit
\Program Files (x86)\Super DX-Ball\fmod.dll
Filesize
159KB

MD5
b8d0cce2ca1cc850c8c6f25a70d855e6

SHA1
e64409d3677b73c1ecb072f07f4630f50096e013

SHA256
1e08da161cf78746304a834973971ee47a24817ee4e28df74e3f37dbbb383b22

SHA512
a272920c38538e3e080b62bfe9e6c28191fd6d079d1af6861d56aa7197a408dce61609f8f2c280a1092a50a9bc36090ffae5d54bc36d20efb560c485d7123494

Download Submit
\Program Files (x86)\Super DX-Ball\superdxball.exe
Filesize
554KB

MD5
8225adf895ebb6b3970b0d03ed0cb24d

SHA1
f5da4f1f3e854123ab2f9937da1dd9ae7864c86a

SHA256
e698b951c4f161dd1c0d61dcd5427e153696118853ec1c0cedf49da4f458a49c

SHA512
d04e0a86d0c5e7feea8c0b74e062a86536978b6408d0a150c8dd3ae33e1bfc0b2b45ff38f94e229815166f37a439df008f3d327a01e95594b43ab0f26cf36a57

Download Submit
\Program Files (x86)\Super DX-Ball\superdxball.exe
Filesize
554KB

MD5
8225adf895ebb6b3970b0d03ed0cb24d

SHA1
f5da4f1f3e854123ab2f9937da1dd9ae7864c86a

SHA256
e698b951c4f161dd1c0d61dcd5427e153696118853ec1c0cedf49da4f458a49c

SHA512
d04e0a86d0c5e7feea8c0b74e062a86536978b6408d0a150c8dd3ae33e1bfc0b2b45ff38f94e229815166f37a439df008f3d327a01e95594b43ab0f26cf36a57

Download Submit
\Program Files (x86)\Super DX-Ball\unins000.exe
Filesize
667KB

MD5
ad63121e176c562a4b7516cd3507c8f5

SHA1
7757c71e66b69583ff551eca082138017719b68c

SHA256
e79248e8db8669534b001d4dba5f9c697bbede8159452f45465ea21dd50c7948

SHA512
82b2cbf82f1297321916a2fe84a6a2d18ebe35ed128a7c058c3fa5b0017d51603cb9090f1871a6b747167056c587fc7f4f44cb2192f1ddc56b589956fcaa7858

Download Submit
\Users\Admin\AppData\Local\Temp\is-9L2SB.tmp\_isetup\_shfoldr.dll
Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-9L2SB.tmp\_isetup\_shfoldr.dll
Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-KGBN0.tmp\is-F7G0G.tmp
Filesize
657KB

MD5
3dafb498bb15d5260cb2c12b391a0d48

SHA1
c775ae9fdf18ab0ce38a8adffabe378f461e79a1

SHA256
c5d5f5f814c5bc4989d691442051e5e78cf1971eb9b773a7a26b438e58a73d7a

SHA512
a42f39a73bd4615490c6e33c017fa09f9992e3327d244b050b6634ad696d421170fd63ec5d5e66e92d112dc804eabd0bcd56494c9499d78fad8b46fe2ef32a31

Download Submit
memory/504-334-0x0000000010000000-0x0000000010096000-memory.dmp

Filesize
600KB

Download
memory/504-345-0x0000000010000000-0x0000000010096000-memory.dmp

Filesize
600KB

Download
memory/936-324-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/936-54-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/936-70-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1928-323-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/1928-73-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/1928-71-0x0000000000400000-0x00000000004B3000-memory.dmp

Filesize
716KB

Download
memory/1928-69-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads