Overview

overview

5

Static

static

3

Bord_2_Old_185.zip

windows7-x64

1

Bord_2_Old_185.zip

windows10-2004-x64

5

Engine/Con...ne.ini

windows7-x64

1

Engine/Con...ne.ini

windows10-2004-x64

1

Engine/Con...ut.ini

windows7-x64

1

Engine/Con...ut.ini

windows10-2004-x64

1

Engine/Loc...Ed.int

windows7-x64

3

Engine/Loc...Ed.int

windows10-2004-x64

3

Engine/Sha...er.usf

windows7-x64

3

Engine/Sha...er.usf

windows10-2004-x64

3

Engine/Sha...er.bin

windows7-x64

3

Engine/Sha...er.bin

windows10-2004-x64

3

Engine/Sha...er.bin

windows7-x64

3

Engine/Sha...er.bin

windows10-2004-x64

3

Engine/Sha...AA.bin

windows7-x64

3

Engine/Sha...AA.bin

windows10-2004-x64

3

Engine/Sha...er.bin

windows7-x64

3

Engine/Sha...er.bin

windows10-2004-x64

3

Engine/Sha...on.bin

windows7-x64

3

Engine/Sha...on.bin

windows10-2004-x64

3

Engine/Sha...er.bin

windows7-x64

3

Engine/Sha...er.bin

windows10-2004-x64

3

Engine/Sha...AO.bin

windows7-x64

3

Engine/Sha...AO.bin

windows10-2004-x64

3

Engine/Sha...er.usf

windows7-x64

3

Engine/Sha...er.usf

windows10-2004-x64

3

Engine/Sha...AA.usf

windows7-x64

3

Engine/Sha...AA.usf

windows10-2004-x64

3

Engine/Sha...er.usf

windows7-x64

3

Engine/Sha...er.usf

windows10-2004-x64

3

Engine/Sha...on.usf

windows7-x64

3

Engine/Sha...on.usf

windows10-2004-x64

3

Analysis

  • max time kernel
    152s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    12/07/2023, 02:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Engine/Shaders/Binaries/EdgeDetectionPostProcessBlendPixelShader.bin

  • Size

    4KB

  • MD5

    f2e0936bc2479eb0de7a4bf51bf9ec03

  • SHA1

    b8ffa74733155074e97d2df9645c68be6ceb755a

  • SHA256

    dece4d864b3a051c0c54c1e3b8b913b7ff9abc1e94b8a24831ddd0f721125209

  • SHA512

    897335cf8a52dd4431bf6e5353f16129a7c90a1b01a043eb5ee69a515defa1b5ea0e65ca32ec4ab1554ae3a9d0bd3c1ae8fce3d11067c76aaad92f9798d6e9b6

  • SSDEEP

    96:e78LqTwZKUGbG6a9Zq1DG/nHHMQQfCXTP6MmWeU1ljH2GOhu4p6kJ:e2LZBGbGb8yfC6XTaZKj/W6g

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Engine\Shaders\Binaries\EdgeDetectionPostProcessBlendPixelShader.bin
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2364
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Engine\Shaders\Binaries\EdgeDetectionPostProcessBlendPixelShader.bin
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2092
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Engine\Shaders\Binaries\EdgeDetectionPostProcessBlendPixelShader.bin"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2532

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    659128e5e9db2de1a208f7bb5368c9e2

    SHA1

    1edad9e10764dd00902f540fad2294bfbfdc96b4

    SHA256

    8d33cf1a473b6ebf3ccb1e519cdf7bfa249c7d6f1c65e204e8043884d8b91dda

    SHA512

    7d1254e1347fafb8f765ac26eaf816942d7245fa2b73ed747fabdc066ff39dc7af4ec801450f8db925a7369c247768b3439d660050436a9053a10494ded39a40

    Download Submit