Overview

overview

7

Static

static

3

PlayStation.exe

windows7-x64

7

PlayStation.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    36s
  • max time network
    35s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-05-2023 02:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PlayStation.exe

  • Size

    4.8MB

  • MD5

    fb049d70b56c8edad8246e41546db8bd

  • SHA1

    f02c296d7bdf0042ff659c51aa8148703c430eb6

  • SHA256

    d0421b25e316db606840821ea866c401ea86c74351b2389d94d3e4bffd8490cd

  • SHA512

    5a47f8df412703647692c6b0b3b17a58d5a94662ee974f3bc745674b1fa5940ca3e7a0be286746bc0b770b8644aa0631dcdde7711dedbc44142971958a1e5b22

  • SSDEEP

    98304:cEbcGOIs0z87c8NykySN5wI+cu23ksxlSZfmxgNXxcl7QO+P/I0Fy59XM7aQH7c:cJIsG87c8NykvP3bxlSZkgNXxNP/Ijxp

Score
7/10
agilenet

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 2 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Suspicious use of NtSetInformationThreadHideFromDebugger 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PlayStation.exe
    "C:\Users\Admin\AppData\Local\Temp\PlayStation.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\005A4F0E.dll
    Filesize

    1.2MB

    MD5

    c9d85c3085dc73b74366b6d8f4644cba

    SHA1

    780c045c53ef406e5c22cd583f9bc6d83e77d2b4

    SHA256

    097d2ea9acce50bec9d55d91ebbee60f6c5d9e705511852630dc2df440061c84

    SHA512

    2c9e3c42bbe73acbdea527f1c4a21ce59f19fd9c6c3e9412af10ea3f1f068eb47c8634f7bdcea29fcc898bfb78ca040e89b46823ff0c4a830bda0024bb68e6b6

    Download Submit
  • memory/808-145-0x00000145B59E0000-0x00000145B59F0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/808-140-0x00000145B59E0000-0x00000145B59F0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/808-147-0x00000145B9E50000-0x00000145B9E8C000-memory.dmp
    Filesize

    240KB

    Download
  • memory/808-148-0x00000145B59E0000-0x00000145B59F0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/808-142-0x000001459B980000-0x000001459B99A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/808-143-0x00000145B6610000-0x00000145B6622000-memory.dmp
    Filesize

    72KB

    Download
  • memory/808-144-0x00000145B59E0000-0x00000145B59F0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/808-133-0x000001459B0E0000-0x000001459B5B6000-memory.dmp
    Filesize

    4.8MB

    Download
  • memory/808-155-0x00000145B59E0000-0x00000145B59F0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/808-137-0x00000145B5E10000-0x00000145B60B0000-memory.dmp
    Filesize

    2.6MB

    Download
  • memory/808-141-0x000001459B920000-0x000001459B921000-memory.dmp
    Filesize

    4KB

    Download
  • memory/808-149-0x00000145B59E0000-0x00000145B59F0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/808-150-0x00000145B59E0000-0x00000145B59F0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/808-151-0x00000145B59E0000-0x00000145B59F0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/808-152-0x00000145B59E0000-0x00000145B59F0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/808-153-0x00000145B59E0000-0x00000145B59F0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/808-154-0x00000145B9F10000-0x00000145BA010000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/808-146-0x00000145B59E0000-0x00000145B59F0000-memory.dmp
    Filesize

    64KB

    Download