Overview

overview

3

Static

static

3

CHAINSAW_D....1.zip

windows7-x64

1

CHAINSAW_D....1.zip

windows10-2004-x64

1

ChainsawDance.exe

windows7-x64

1

ChainsawDance.exe

windows10-2004-x64

1

FMODGMS.dll

windows7-x64

1

FMODGMS.dll

windows10-2004-x64

1

SoundPlayer.dll

windows7-x64

1

SoundPlayer.dll

windows10-2004-x64

1

fmod.dll

windows7-x64

3

fmod.dll

windows10-2004-x64

3

snd_garden.ps1

windows7-x64

1

snd_garden.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    133s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-07-2023 03:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ChainsawDance.exe

  • Size

    4.8MB

  • MD5

    3ca03698c68e94e7eac4c54a124e332c

  • SHA1

    af907d41ee1005cfb6ddd12703477ab89b60764a

  • SHA256

    ecba38bfc3cc82894ef3d7bd441add36b6e1c2f02574d9b8eba1dae10a628ab1

  • SHA512

    34e0447c2bb37bea5ef2cb1d9534c6156e7ca67328da070f5253c7d83874e037a57a255368ae769d6cdc0c8c82040da6437714df2427d0721eb1caa27e434b13

  • SSDEEP

    98304:foiaAGExvx3hhKE7uO5m7CsuCc5/serZLg0sO0S8Yp4m/jsLiuzfJHUSyPM8yJVl:f2AhhKE7uO5m7CsuCc5/sev0hi1/62Ba

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ChainsawDance.exe
    "C:\Users\Admin\AppData\Local\Temp\ChainsawDance.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4280
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x448 0x4f0
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads