Overview

overview

3

Static

static

3

CHAINSAW_D....1.zip

windows7-x64

1

CHAINSAW_D....1.zip

windows10-2004-x64

1

ChainsawDance.exe

windows7-x64

1

ChainsawDance.exe

windows10-2004-x64

1

FMODGMS.dll

windows7-x64

1

FMODGMS.dll

windows10-2004-x64

1

SoundPlayer.dll

windows7-x64

1

SoundPlayer.dll

windows10-2004-x64

1

fmod.dll

windows7-x64

3

fmod.dll

windows10-2004-x64

3

snd_garden.ps1

windows7-x64

1

snd_garden.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    43s
  • max time network
    37s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    07-07-2023 03:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ChainsawDance.exe

  • Size

    4.8MB

  • MD5

    3ca03698c68e94e7eac4c54a124e332c

  • SHA1

    af907d41ee1005cfb6ddd12703477ab89b60764a

  • SHA256

    ecba38bfc3cc82894ef3d7bd441add36b6e1c2f02574d9b8eba1dae10a628ab1

  • SHA512

    34e0447c2bb37bea5ef2cb1d9534c6156e7ca67328da070f5253c7d83874e037a57a255368ae769d6cdc0c8c82040da6437714df2427d0721eb1caa27e434b13

  • SSDEEP

    98304:foiaAGExvx3hhKE7uO5m7CsuCc5/serZLg0sO0S8Yp4m/jsLiuzfJHUSyPM8yJVl:f2AhhKE7uO5m7CsuCc5/sev0hi1/62Ba

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ChainsawDance.exe
    "C:\Users\Admin\AppData\Local\Temp\ChainsawDance.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2360
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x554
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\benedance\dancedata.ini
    Filesize

    62B

    MD5

    1b389a5395646f0e03ed8e4af1f44599

    SHA1

    6ebabf8509fb398ac7df4dc8357b0a6e13077ac0

    SHA256

    3c0c76391c4e7a99c761d79b2a30f716cbbca332021c6d6b9934e256b8485592

    SHA512

    16999c09e173be4f993925ece1db342c17d5be72321f5e57ee7281c39a9cf6099433267454f05f634b143a5b55edf5f2f89fb0280c7fb574cafcef6b7fded2f1

    Download Submit

  • C:\Users\Admin\AppData\Local\benedance\dancedata.ini
    Filesize

    62B

    MD5

    1b389a5395646f0e03ed8e4af1f44599

    SHA1

    6ebabf8509fb398ac7df4dc8357b0a6e13077ac0

    SHA256

    3c0c76391c4e7a99c761d79b2a30f716cbbca332021c6d6b9934e256b8485592

    SHA512

    16999c09e173be4f993925ece1db342c17d5be72321f5e57ee7281c39a9cf6099433267454f05f634b143a5b55edf5f2f89fb0280c7fb574cafcef6b7fded2f1

    Download Submit

  • C:\Users\Admin\AppData\Local\benedance\dancedata.ini
    Filesize

    62B

    MD5

    302f7b59b4be79715e727d51e6875df7

    SHA1

    67e4e2af2fba423540d95eb97594aa7c7447a66c

    SHA256

    4a0504f873af688a833201359c0ecfe49ffb9ac54042780a08fc9d359f610776

    SHA512

    2060aa9ab53e39bd86a53bb102a5960876f109732fa2e678f2d36b283fc2f719eb2031183a8a84e22a1d47ebef8dccec63f451d37e1fb425b3042f259c69ada4

    Download Submit

  • C:\Users\Admin\AppData\Local\benedance\dancedata.ini
    Filesize

    62B

    MD5

    448ff4602cd77b6ee40009deeb910afe

    SHA1

    c95ee51efc2552d7f8179c49a755722aaaddd4b2

    SHA256

    011e3d5ba09631e398dfd40339415b04a3c69cde3a889ea5c450db9b3dc05bb8

    SHA512

    bb9f104a80d2a77b93728c685310420fde64efd6f7db60ac9f03a1850367a22462b59eac5aa708e195d045f8ee28fb43884a6af6200d556fc4e11a1eaf25ae31

    Download Submit

  • C:\Users\Admin\AppData\Local\benedance\dancedata.ini
    Filesize

    62B

    MD5

    6971a402f7e79c43d5fc60bd52ab10fe

    SHA1

    d517133b1bdd1c7f3fd7492ca6abb5a0eaca8a11

    SHA256

    3f6efc15fe9f2549a784cfc3a2bf00721dca412cce25288332ab501c7f99de18

    SHA512

    7842fcb60fd9c8ce55f55970d13f8fee5d2d0618c12eb5f3cc5a9af9351012ac86d6422b7e67ecb18874b798684dab9c2ca73f19be75190d305268a04e5a4d3f

    Download Submit

  • C:\Users\Admin\AppData\Local\benedance\dancedata.ini
    Filesize

    62B

    MD5

    6971a402f7e79c43d5fc60bd52ab10fe

    SHA1

    d517133b1bdd1c7f3fd7492ca6abb5a0eaca8a11

    SHA256

    3f6efc15fe9f2549a784cfc3a2bf00721dca412cce25288332ab501c7f99de18

    SHA512

    7842fcb60fd9c8ce55f55970d13f8fee5d2d0618c12eb5f3cc5a9af9351012ac86d6422b7e67ecb18874b798684dab9c2ca73f19be75190d305268a04e5a4d3f

    Download Submit

  • memory/2360-82-0x00000000FFF50000-0x00000000FFF60000-memory.dmp

    Filesize

    64KB

    Download