Overview

overview

7

Static

static

3

df-connect...ws.zip

windows7-x64

1

df-connect...ws.zip

windows10-2004-x64

1

DF CONNECT...)1.lib

windows7-x64

3

DF CONNECT...)1.lib

windows10-2004-x64

3

DF CONNECT...)2.lib

windows7-x64

3

DF CONNECT...)2.lib

windows10-2004-x64

3

DF CONNECT...TO.txt

windows7-x64

1

DF CONNECT...TO.txt

windows10-2004-x64

1

DF CONNECT...te.png

windows7-x64

1

DF CONNECT...te.png

windows10-2004-x64

3

DF CONNECT...us.png

windows7-x64

1

DF CONNECT...us.png

windows10-2004-x64

3

DF CONNECT...ns.png

windows7-x64

1

DF CONNECT...ns.png

windows10-2004-x64

3

DF CONNECT...ng.ogg

windows7-x64

1

DF CONNECT...ng.ogg

windows10-2004-x64

7

DF CONNECT...p1.dat

windows7-x64

3

DF CONNECT...p1.dat

windows10-2004-x64

3

DF CONNECT...le.dll

windows7-x64

3

DF CONNECT...le.dll

windows10-2004-x64

3

DF CONNECT...pr.dll

windows7-x64

1

DF CONNECT...pr.dll

windows10-2004-x64

1

DF CONNECT...ll.ogg

windows7-x64

1

DF CONNECT...ll.ogg

windows10-2004-x64

7

DF CONNECT...re.ogg

windows7-x64

1

DF CONNECT...re.ogg

windows10-2004-x64

7

DF CONNECT...ro.ogg

windows7-x64

1

DF CONNECT...ro.ogg

windows10-2004-x64

7

DF CONNECT...st.ogg

windows7-x64

1

DF CONNECT...st.ogg

windows10-2004-x64

7

DF CONNECT...od.ogg

windows7-x64

1

DF CONNECT...od.ogg

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    21-09-2023 20:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DF CONNECTED v2.7.6c (Windows)/GameMaker Server+(Windows)2.lib

  • Size

    72KB

  • MD5

    7aed9f12cf3be3db36d6b039d07233fa

  • SHA1

    8198f728c69be6cfcc3fd920bb4e7ceefcf0ea98

  • SHA256

    70f6c1f6aad1e94d59ee80f372b4a4f58960981ff03cef8fa917dd4fe69b0acf

  • SHA512

    2a162bd3a40ad9e9378e78ea9389a62a906dfa3bfb258b74ca25e9ef2ed9da2b48e6090a7a85b0fb429f0928bf1f525e314e0b6fd1120b66601fcdefb57833b6

  • SSDEEP

    192:Y77G4ncw77RJwOzy+fUHa36gd//rn/5njZn+XzwH0zvY/JxVB6rYFXZLY7Xjf/LY:OfU6kbYFg8

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\DF CONNECTED v2.7.6c (Windows)\GameMaker Server+(Windows)2.lib"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\DF CONNECTED v2.7.6c (Windows)\GameMaker Server+(Windows)2.lib
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2936
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\DF CONNECTED v2.7.6c (Windows)\GameMaker Server+(Windows)2.lib"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    8001c2dc6d41fabc0a7498ebcf344ad9

    SHA1

    324a6eb6218c9b5bd6edc6274ed70a10be548a04

    SHA256

    6b3eaa74c698e09c3a1e5082e9450f3bd9b3e5979e5cb53e2c67f45732d71a8a

    SHA512

    8e9f49a3728a4b83739ec4bd35cb77c56e9d75664bd59854ba62a2393d6bde1442c3c169454bbf8df0e3229c72d25b69e76688873f55688ebe5a48e8a4c78adc

    Download Submit