Analysis
-
max time kernel
149s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20230621-en -
resource tags
arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system -
submitted
02-07-2023 18:52
Static task
static1
Behavioral task
behavioral1
Sample
algo/Wii Sports (USA) (Rev 1).wbfs
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
algo/Wii Sports (USA) (Rev 1).wbfs
Resource
win10v2004-20230621-en
Behavioral task
behavioral3
Sample
algo/dolphin-x64-5.0.exe
Resource
win7-20230621-en
Behavioral task
behavioral4
Sample
algo/dolphin-x64-5.0.exe
Resource
win10v2004-20230621-en
General
-
Target
algo/dolphin-x64-5.0.exe
-
Size
18.4MB
-
MD5
eca48982effad82616f206f52336fe4b
-
SHA1
4d88af3572de650b0b7dccd92dc8de5854edfae6
-
SHA256
e1b3ae8fc890c6588e5656f77ef2747ae7ddfc90b6530b240c0c5b9d0ab3ce8c
-
SHA512
778755b2d12c703a2954882a4d333b7cb61ee7ed0482b5cb14c1cbc4b90c8b65f308944a2f9369a89fc54d163c613efc65adf70316c08d447183f65637fcb557
-
SSDEEP
393216:Y1qyjt4rPX8zs3XxdbHNemtqa7JhnurHTl0WcS4ENyQ4p9Jmm+:Y1qyZePX8khdbtecqa7JhnurHirhENys
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 376 dolphin-x64-5.0.exe -
Drops file in System32 directory 8 IoCs
description ioc Process File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{838E5D1F-A667-4613-A5FB-87B767B0F0B3}.catalogItem svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{39E2C03D-AD60-4566-8EF9-2E765AE52F40}.catalogItem svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{190DFA6E-7AEE-48FE-8CF0-B01B8BF2BB5D}.catalogItem svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{3BB35B36-4D25-4A9E-8229-7E695B9A9D1F}.catalogItem svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{8083C278-8A10-4D68-86B3-7044D3E7A65B}.catalogItem svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{E02CAD7B-BA0E-4E83-BA16-CB55B4D107A6}.catalogItem svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{4AA9208C-5526-44EE-8CE0-9A9B6FDD1038}.catalogItem svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{0FD951AE-C85B-42CC-911D-E817C612F6D4}.catalogItem svchost.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5e447e49175c0db1f27888aede301084f
SHA1f5946c743265cd8e81f3e7b6376dada57f99877f
SHA256fd26ef21d72797fedecd3d15f2001cea793383aceb3cee19a5ae2a3d30e197b6
SHA512e6543bf81bedce94a58f48cd6f9daaec891775e01ff76b771c22d459a778490f9bba0bebbf111b1ca3091b3ca69bca806a9b5e68ce12df03abbaa6ce5c4b7cec