d0421b25e316db606840821ea866c401ea86c74351b2389d94d3e4bffd8490cd

Analysis

max time kernel
36s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18-05-2023 02:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PlayStation.exe
Size

4.8MB
MD5

fb049d70b56c8edad8246e41546db8bd
SHA1

f02c296d7bdf0042ff659c51aa8148703c430eb6
SHA256

d0421b25e316db606840821ea866c401ea86c74351b2389d94d3e4bffd8490cd
SHA512

5a47f8df412703647692c6b0b3b17a58d5a94662ee974f3bc745674b1fa5940ca3e7a0be286746bc0b770b8644aa0631dcdde7711dedbc44142971958a1e5b22
SSDEEP

98304:cEbcGOIs0z87c8NykySN5wI+cu23ksxlSZfmxgNXxcl7QO+P/I0Fy59XM7aQH7c:cJIsG87c8NykvP3bxlSZkgNXxNP/Ijxp

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 2 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral2/memory/808-137-0x00000145B5E10000-0x00000145B60B0000-memory.dmp	agile_net
C:\Users\Admin\AppData\Local\Temp\005A4F0E.dll	agile_net

Suspicious use of NtSetInformationThreadHideFromDebugger 32 IoCs

Processes:

PlayStation.exe

pid	process
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes:

PlayStation.exe

pid	process
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe
808	PlayStation.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

PlayStation.exe

description pid process

Token: SeDebugPrivilege 808 PlayStation.exe

description	pid	process
Token: SeDebugPrivilege	808	PlayStation.exe

C:\Users\Admin\AppData\Local\Temp\PlayStation.exe
"C:\Users\Admin\AppData\Local\Temp\PlayStation.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\005A4F0E.dll

Filesize
1.2MB

MD5
c9d85c3085dc73b74366b6d8f4644cba

SHA1
780c045c53ef406e5c22cd583f9bc6d83e77d2b4

SHA256
097d2ea9acce50bec9d55d91ebbee60f6c5d9e705511852630dc2df440061c84

SHA512
2c9e3c42bbe73acbdea527f1c4a21ce59f19fd9c6c3e9412af10ea3f1f068eb47c8634f7bdcea29fcc898bfb78ca040e89b46823ff0c4a830bda0024bb68e6b6

Download Submit
memory/808-145-0x00000145B59E0000-0x00000145B59F0000-memory.dmp

Filesize
64KB

Download
memory/808-140-0x00000145B59E0000-0x00000145B59F0000-memory.dmp

Filesize
64KB

Download
memory/808-147-0x00000145B9E50000-0x00000145B9E8C000-memory.dmp

Filesize
240KB

Download
memory/808-148-0x00000145B59E0000-0x00000145B59F0000-memory.dmp

Filesize
64KB

Download
memory/808-142-0x000001459B980000-0x000001459B99A000-memory.dmp

Filesize
104KB

Download
memory/808-143-0x00000145B6610000-0x00000145B6622000-memory.dmp

Filesize
72KB

Download
memory/808-144-0x00000145B59E0000-0x00000145B59F0000-memory.dmp

Filesize
64KB

Download
memory/808-133-0x000001459B0E0000-0x000001459B5B6000-memory.dmp

Filesize
4.8MB

Download
memory/808-155-0x00000145B59E0000-0x00000145B59F0000-memory.dmp

Filesize
64KB

Download
memory/808-137-0x00000145B5E10000-0x00000145B60B0000-memory.dmp

Filesize
2.6MB

Download
memory/808-141-0x000001459B920000-0x000001459B921000-memory.dmp

Filesize
4KB

Download
memory/808-149-0x00000145B59E0000-0x00000145B59F0000-memory.dmp

Filesize
64KB

Download
memory/808-150-0x00000145B59E0000-0x00000145B59F0000-memory.dmp

Filesize
64KB

Download
memory/808-151-0x00000145B59E0000-0x00000145B59F0000-memory.dmp

Filesize
64KB

Download
memory/808-152-0x00000145B59E0000-0x00000145B59F0000-memory.dmp

Filesize
64KB

Download
memory/808-153-0x00000145B59E0000-0x00000145B59F0000-memory.dmp

Filesize
64KB

Download
memory/808-154-0x00000145B9F10000-0x00000145BA010000-memory.dmp

Filesize
1024KB

Download
memory/808-146-0x00000145B59E0000-0x00000145B59F0000-memory.dmp

Filesize
64KB

Download