b890aed7657ecd5d3d5abd5c7894a76e5506164e07e7f0e84d6fbebbc10a4059

Analysis

max time kernel
32s
max time network
35s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
23/04/2023, 20:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Capcom/Megaman X5 part 1/x5.exe
Size

1.0MB
MD5

77817ac28bbe6b830b97263ce9d684c7
SHA1

78a5b4bf38031af053379bb38ba010686ba267f6
SHA256

9e19232791b52291f9f81023082824a845ef411768723c8c457dbd4894007f68
SHA512

ddf6f5cbec4f1e87234a718c6bf3c9d567ea52d66b77a7f9ea3e93b57b832f7608e12a550e7a9875bf6bd421e758ebc90d0a8e7d516147b8cc4ff0fa8fb3bca3
SSDEEP

24576:K2rgoy9bk1k3ObjdCWzZoAJXp9I4/iH62NXjNL9GBTFLg/WqPssh7:XfoA3e0Lgi0

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 8 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	x5.exe
File opened (read-only)	\??\G:	x5.exe
File opened (read-only)	\??\H:	x5.exe
File opened (read-only)	\??\I:	x5.exe
File opened (read-only)	\??\J:	x5.exe
File opened (read-only)	\??\K:	x5.exe
File opened (read-only)	\??\L:	x5.exe
File opened (read-only)	\??\E:	x5.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1640	1740	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1684	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1684	AUDIODG.EXE
Token: 33	1684	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1684	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1740	x5.exe
1740	x5.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 1640	1740	x5.exe	29
PID 1740 wrote to memory of 1640	1740	x5.exe	29
PID 1740 wrote to memory of 1640	1740	x5.exe	29
PID 1740 wrote to memory of 1640	1740	x5.exe	29

C:\Users\Admin\AppData\Local\Temp\Capcom\Megaman X5 part 1\x5.exe
"C:\Users\Admin\AppData\Local\Temp\Capcom\Megaman X5 part 1\x5.exe"
1⤵
- Enumerates connected drives
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 904
  2⤵
  - Program crash
  PID:1640

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x570
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1684

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads