f6bd53905f763f59e8b0250c6b0db2cfeeba20e24fa967464acd8884e5bdbd48 | Triage

Analysis

max time kernel
134s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2023, 14:53

Sharing

Report Analysis Logs

General

Target

Godot_v3.5.2-stable_win64_console.cmd
Size

52B
MD5

3f996d84e8c4db46239ad8ed5744f2b1
SHA1

279d4d8eb09e042f809709d91114dac6ceca3f5a
SHA256

de45b173741465239074accffbda1270e9e1c128efa33344a2b2d59f3b455c74
SHA512

9203c1bae8380b2f2662dab6942969c7e4290cfdee0225a925e92f2c022abee857587833a72d7290f6ff7c4703c54872700c0b2069354681281024e071613768

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3080	Godot_v3.5.2-stable_win64.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 3080	1576	cmd.exe	84
PID 1576 wrote to memory of 3080	1576	cmd.exe	84

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Godot_v3.5.2-stable_win64_console.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Users\Admin\AppData\Local\Temp\Godot_v3.5.2-stable_win64.exe
  Godot_v3.5.2-stable_win64.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3080-133-0x00007FF6FB520000-0x00007FF6FFE46000-memory.dmp

Filesize
73.1MB

Download