Overview

overview

6

Static

static

3

(4K) v1.1_...ed.exe

windows7-x64

3

(4K) v1.1_...ed.exe

windows10-2004-x64

6

(4K) v1.1_...od.exe

windows7-x64

1

(4K) v1.1_...od.exe

windows10-2004-x64

1

(4K) v1.1_...d9.dll

windows7-x64

1

(4K) v1.1_...d9.dll

windows10-2004-x64

1

(4K) v1.1_...ap.dll

windows7-x64

1

(4K) v1.1_...ap.dll

windows10-2004-x64

1

(4K) v1.1_...t8.dll

windows7-x64

1

(4K) v1.1_...t8.dll

windows10-2004-x64

3

(4K) v1.1_...ts.dll

windows7-x64

1

(4K) v1.1_...ts.dll

windows10-2004-x64

3

(4K) v1.1_...ns.dll

windows7-x64

1

(4K) v1.1_...ns.dll

windows10-2004-x64

1

(4K) v1.1_...ix.dll

windows7-x64

1

(4K) v1.1_...ix.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    17s
  • max time network
    38s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    23-08-2023 15:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    (4K) v1.1_Underground_-_Definitive_Edition/Underground - Definitive Edition Mod/Speed.exe

  • Size

    3.0MB

  • MD5

    22c731fe0c0c41fe14ce80b728b6cbe0

  • SHA1

    0fe57c4f9ecf53fe60cad8a5ce21c6f218bd925d

  • SHA256

    35654f401383be9af0dbff0d11a92220a17579a01030005de6943e63e03f460f

  • SHA512

    23895d66ecec480095a7f1be53147ed3f5100e09b7fcb4135476d42c2db7313c1149f49a3b725a126895271e9d378fc16dac8d7ec4097516adc1ed593c7d0c0b

  • SSDEEP

    49152:UL5aHsJ+Ad6UQYJ4AbWaSzyN2Cjmi4H7CoCbmK1ixBuKcTqiXaPCFCrgdi/U1ZLW:3Ngd5a/UHmmJ1CK35QjN3

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\(4K) v1.1_Underground_-_Definitive_Edition\Underground - Definitive Edition Mod\Speed.exe
    "C:\Users\Admin\AppData\Local\Temp\(4K) v1.1_Underground_-_Definitive_Edition\Underground - Definitive Edition Mod\Speed.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2804
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 548
      2⤵
      • Program crash
      PID:2784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2804-0-0x0000000000400000-0x0000000000794368-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/2804-1-0x0000000074FD0000-0x00000000750E0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2804-2-0x0000000074FD0000-0x00000000750E0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2804-3-0x0000000074FD0000-0x00000000750E0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2804-4-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2804-5-0x0000000074FD0000-0x00000000750E0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2804-6-0x0000000074FD0000-0x00000000750E0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2804-8-0x0000000074FD0000-0x00000000750E0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2804-9-0x0000000074FD0000-0x00000000750E0000-memory.dmp

    Filesize

    1.1MB

    Download