54273d6eadee2a9320d00b605e5ba2634e3078025182e264ba6af8bbc0a7212c

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2023 20:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BoogieV3.Setup.exe
Size

2.3MB
MD5

cab0b55ac15ff47325a38013950484c7
SHA1

05775dd806f4cc3e0a32a9f95c0afabd863f285a
SHA256

54273d6eadee2a9320d00b605e5ba2634e3078025182e264ba6af8bbc0a7212c
SHA512

0ce9fdb08be6ffd16dc64bca9e0fb1b0214fcc007873bd28d1592c1ed2985cce331bee4301a5520d96d69958c4bce9a521955db4cbd53245acd3ee69e4fcf00d
SSDEEP

49152:ITUwTGTT9bewtpjopwsDrKvWFyqGxMGSur1UHDhB1rd:IT/eqwH8pwsDrKFryHD31rd

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
3544	BoogieV3.exe
5036	BoogieV3.exe
1380	BoogieV3.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\BoogieV3.exe.config	BoogieV3.Setup.exe
File created	C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\Microsoft.WindowsAPICodePack.dll	BoogieV3.Setup.exe
File created	C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\ModernWpf.dll	BoogieV3.Setup.exe
File created	C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\RestSharp.dll	BoogieV3.Setup.exe
File created	C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\System.Text.Encodings.Web.dll	BoogieV3.Setup.exe
File created	C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\BoogieV3.exe	BoogieV3.Setup.exe
File created	C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\Microsoft.WindowsAPICodePack.Shell.dll	BoogieV3.Setup.exe
File created	C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\Newtonsoft.Json.dll	BoogieV3.Setup.exe
File created	C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\System.Memory.dll	BoogieV3.Setup.exe
File created	C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\System.Runtime.CompilerServices.Unsafe.dll	BoogieV3.Setup.exe
File created	C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\System.Buffers.dll	BoogieV3.Setup.exe
File created	C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\System.Text.Json.dll	BoogieV3.Setup.exe
File created	C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\System.Threading.Tasks.Extensions.dll	BoogieV3.Setup.exe
File created	C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\System.ValueTuple.dll	BoogieV3.Setup.exe
File created	C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\BoogieV3.pdb	BoogieV3.Setup.exe
File created	C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\Microsoft.Bcl.AsyncInterfaces.dll	BoogieV3.Setup.exe
File created	C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\ModernWpf.Controls.dll	BoogieV3.Setup.exe
File created	C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\System.Numerics.Vectors.dll	BoogieV3.Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 11 IoCs

pid	Process
448	BoogieV3.Setup.exe
448	BoogieV3.Setup.exe
448	BoogieV3.Setup.exe
448	BoogieV3.Setup.exe
448	BoogieV3.Setup.exe
448	BoogieV3.Setup.exe
448	BoogieV3.Setup.exe
448	BoogieV3.Setup.exe
448	BoogieV3.Setup.exe
448	BoogieV3.Setup.exe
448	BoogieV3.Setup.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 448 wrote to memory of 1380	448	BoogieV3.Setup.exe	96
PID 448 wrote to memory of 1380	448	BoogieV3.Setup.exe	96

C:\Users\Admin\AppData\Local\Temp\BoogieV3.Setup.exe
"C:\Users\Admin\AppData\Local\Temp\BoogieV3.Setup.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:448
- C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\BoogieV3.exe
  "C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\BoogieV3.exe"
  2⤵
  - Executes dropped EXE
  PID:1380

C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\BoogieV3.exe
"C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\BoogieV3.exe"
1⤵
- Executes dropped EXE
PID:5036

C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\BoogieV3.exe
"C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\BoogieV3.exe"
1⤵
- Executes dropped EXE
PID:3544

C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\BoogieV3.exe
"C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\BoogieV3.exe"
1⤵
PID:3112

C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\BoogieV3.exe
"C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\BoogieV3.exe"
1⤵
PID:928

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\BoogieV3.exe

Filesize
395KB

MD5
dc5ff3f46237e79efdb31d63e0dc7ea7

SHA1
677d35d064715ef73be362758f17f6ef7c9ac0b6

SHA256
510070b8aa6437059d493664286dd5bb6015012d30e1e0fccc51655294ddfbc2

SHA512
b8192675f2a3bd44ca04b4433dfabb95e5fe02caceea088e380fef50c43c5ffafb80d777d79c239800c9fa6495859e105f86b04b302fe1d06c1c64c0c7c76618

Download Submit
C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\BoogieV3.exe

Filesize
395KB

MD5
dc5ff3f46237e79efdb31d63e0dc7ea7

SHA1
677d35d064715ef73be362758f17f6ef7c9ac0b6

SHA256
510070b8aa6437059d493664286dd5bb6015012d30e1e0fccc51655294ddfbc2

SHA512
b8192675f2a3bd44ca04b4433dfabb95e5fe02caceea088e380fef50c43c5ffafb80d777d79c239800c9fa6495859e105f86b04b302fe1d06c1c64c0c7c76618

Download Submit
C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\BoogieV3.exe

Filesize
395KB

MD5
dc5ff3f46237e79efdb31d63e0dc7ea7

SHA1
677d35d064715ef73be362758f17f6ef7c9ac0b6

SHA256
510070b8aa6437059d493664286dd5bb6015012d30e1e0fccc51655294ddfbc2

SHA512
b8192675f2a3bd44ca04b4433dfabb95e5fe02caceea088e380fef50c43c5ffafb80d777d79c239800c9fa6495859e105f86b04b302fe1d06c1c64c0c7c76618

Download Submit
C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\BoogieV3.exe

Filesize
395KB

MD5
dc5ff3f46237e79efdb31d63e0dc7ea7

SHA1
677d35d064715ef73be362758f17f6ef7c9ac0b6

SHA256
510070b8aa6437059d493664286dd5bb6015012d30e1e0fccc51655294ddfbc2

SHA512
b8192675f2a3bd44ca04b4433dfabb95e5fe02caceea088e380fef50c43c5ffafb80d777d79c239800c9fa6495859e105f86b04b302fe1d06c1c64c0c7c76618

Download Submit
C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\BoogieV3.exe

Filesize
395KB

MD5
dc5ff3f46237e79efdb31d63e0dc7ea7

SHA1
677d35d064715ef73be362758f17f6ef7c9ac0b6

SHA256
510070b8aa6437059d493664286dd5bb6015012d30e1e0fccc51655294ddfbc2

SHA512
b8192675f2a3bd44ca04b4433dfabb95e5fe02caceea088e380fef50c43c5ffafb80d777d79c239800c9fa6495859e105f86b04b302fe1d06c1c64c0c7c76618

Download Submit
C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\BoogieV3.exe

Filesize
395KB

MD5
dc5ff3f46237e79efdb31d63e0dc7ea7

SHA1
677d35d064715ef73be362758f17f6ef7c9ac0b6

SHA256
510070b8aa6437059d493664286dd5bb6015012d30e1e0fccc51655294ddfbc2

SHA512
b8192675f2a3bd44ca04b4433dfabb95e5fe02caceea088e380fef50c43c5ffafb80d777d79c239800c9fa6495859e105f86b04b302fe1d06c1c64c0c7c76618

Download Submit
C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\BoogieV3.exe

Filesize
395KB

MD5
dc5ff3f46237e79efdb31d63e0dc7ea7

SHA1
677d35d064715ef73be362758f17f6ef7c9ac0b6

SHA256
510070b8aa6437059d493664286dd5bb6015012d30e1e0fccc51655294ddfbc2

SHA512
b8192675f2a3bd44ca04b4433dfabb95e5fe02caceea088e380fef50c43c5ffafb80d777d79c239800c9fa6495859e105f86b04b302fe1d06c1c64c0c7c76618

Download Submit
C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\BoogieV3.exe.config

Filesize
1KB

MD5
829b6ec0a51eaeb961d4d5b437551b1a

SHA1
c281f021b43fb56650b9a3bd83cf8ea48dcbda50

SHA256
608ef5680c463532716a06707c2e407d266e203b81a270a24f7d33099e3f9d43

SHA512
15fe2e74d380554d9c44989c39fd9e01be417b9805423c0f999781ca55d37b710fb96cf1b42dba2c54800e2715d3a39a8bfe9e67d3e335cbf2b82f7c10fe14c0

Download Submit
C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\ModernWpf.Controls.dll

Filesize
695KB

MD5
3e7f9d08b696be12aab0485e54bedd23

SHA1
e20ef0aff0a77792d251cf0ac0f6f9da5f3eb549

SHA256
606b1b7ecc8a1a2320cf0a2068bfd9d858072ff50e8a480c7f548b172559a8bf

SHA512
b33f0e987ed529f3bf20dc90293b26858ba446cbd3a58d1efbc26b42c2f54fbbd4deea7ecfc9f7c3825b30f67deed90330ba97bfba40dbc319a18e61965f0acc

Download Submit
C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\ModernWpf.dll

Filesize
938KB

MD5
87596cb85f30074aba7008c12e17497d

SHA1
6a9ec7ffb8495a9633e08276263ee87bcadef67a

SHA256
8e93dcb8e72833e5cea6f12ffa2318ad1023d11d5870205dba6ceb23b3404c2b

SHA512
2593fa62cc461faa7c585250a3e74aacf356e47d86806b9d6e3a989e28cfb90e796e642754419efb6cda4983861f00c1608187573200bb2a95aaa72855a3c3f0

Download Submit
C:\Program Files (x86)\Obikan Studios\Boogie V3 Launcher\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\IF{9CF64293-9B3D-4825-BA4C-661DB18818DA}\Desktop.dat

Filesize
54B

MD5
05f43837865fe94155b1f695e2ad6fad

SHA1
581730f967a91a37921086be38c298a8000f60c3

SHA256
8acb702e92cccee14243783e8c68edf6e23b19f105d9588b1122305004c0b89e

SHA512
bbe98e8e0d0927c9ac7c460057137718f5558615c8fcac6e889937ba3f2b6066360e3e08cd2a260f518c35ed3cd057049dfca71448fc06e5675f0b0eef01dd25

Download Submit
C:\Users\Admin\AppData\Local\Temp\IF{9CF64293-9B3D-4825-BA4C-661DB18818DA}\English.ifl

Filesize
2KB

MD5
2922d0c758d9c3c10cbdc59f91979d0c

SHA1
feb69bdf58d06cca776db63036811af0764ca013

SHA256
20f6d12eac29bd6ddc6a99dd276c5e200fac25c976ab4293195b58ec164c253f

SHA512
d15e888bae4e23ce5d61becc3c47d9b5f61fbbe4612cf90677314570fe1df1f4fde6c519b789ad46cc50d19c2b3701bc9bd968e85bb618fb7127950d4ae92695

Download Submit
C:\Users\Admin\AppData\Local\Temp\IF{9CF64293-9B3D-4825-BA4C-661DB18818DA}\licence.rtf

Filesize
3KB

MD5
f27808a54ecc6b93d73c05cbef5ce93a

SHA1
2304ae85c062229283388b9ff28f4ebdd62c084d

SHA256
9dcbb3e2d2bccbce1bcf733d9622f044d42cef1215c3d76623521333c2a6a141

SHA512
bc61c23e89d88085dc0f49e18e7dd14e4c9669d29e713e93e427f7b9355c27ddc78bb27c48862066bf98431d22a9a1da34c088d94214264c6f14b1ab5c6b13e4

Download Submit
memory/1380-280-0x000001E321B30000-0x000001E321B40000-memory.dmp

Filesize
64KB

Download
memory/1380-279-0x000001E321B30000-0x000001E321B40000-memory.dmp

Filesize
64KB

Download
memory/1380-282-0x000001E321B30000-0x000001E321B40000-memory.dmp

Filesize
64KB

Download
memory/1380-272-0x000001E321DF0000-0x000001E321EA2000-memory.dmp

Filesize
712KB

Download
memory/1380-275-0x000001E321F70000-0x000001E322024000-memory.dmp

Filesize
720KB

Download
memory/1380-267-0x000001E306940000-0x000001E306948000-memory.dmp

Filesize
32KB

Download
memory/3112-284-0x0000019142000000-0x0000019142010000-memory.dmp

Filesize
64KB

Download
memory/3112-285-0x0000019142000000-0x0000019142010000-memory.dmp

Filesize
64KB

Download
memory/3544-273-0x0000016D45EB0000-0x0000016D45F26000-memory.dmp

Filesize
472KB

Download
memory/3544-277-0x0000016D2C280000-0x0000016D2C290000-memory.dmp

Filesize
64KB

Download
memory/3544-268-0x0000016D2C210000-0x0000016D2C21A000-memory.dmp

Filesize
40KB

Download
memory/3544-263-0x0000016D2A5B0000-0x0000016D2A616000-memory.dmp

Filesize
408KB

Download
memory/5036-276-0x000001889FD50000-0x000001889FD60000-memory.dmp

Filesize
64KB

Download
memory/5036-278-0x00000188A10E0000-0x00000188A119A000-memory.dmp

Filesize
744KB

Download
memory/5036-281-0x000001889FD50000-0x000001889FD60000-memory.dmp

Filesize
64KB

Download
memory/5036-266-0x000001889FD60000-0x000001889FD86000-memory.dmp

Filesize
152KB

Download
memory/5036-283-0x000001889FD50000-0x000001889FD60000-memory.dmp

Filesize
64KB

Download
memory/5036-265-0x00000188A0D10000-0x00000188A0E02000-memory.dmp

Filesize
968KB

Download