Overview

overview

3

Static

static

3

Dolphin-x6...re.dll

windows7-x64

1

Dolphin-x6...re.dll

windows10-2004-x64

1

Dolphin-x6...ui.dll

windows7-x64

1

Dolphin-x6...ui.dll

windows10-2004-x64

1

Dolphin-x6...52.ps1

windows7-x64

1

Dolphin-x6...52.ps1

windows10-2004-x64

1

Dolphin-x6...r2.ps1

windows7-x64

1

Dolphin-x6...r2.ps1

windows10-2004-x64

1

Dolphin-x6...AF.ps1

windows7-x64

1

Dolphin-x6...AF.ps1

windows10-2004-x64

1

Dolphin-x6...69.ps1

windows7-x64

1

Dolphin-x6...69.ps1

windows10-2004-x64

1

Dolphin-x6...01.ps1

windows7-x64

1

Dolphin-x6...01.ps1

windows10-2004-x64

1

Dolphin-x6...01.ps1

windows7-x64

1

Dolphin-x6...01.ps1

windows10-2004-x64

1

Dolphin-x6...01.ps1

windows7-x64

1

Dolphin-x6...01.ps1

windows10-2004-x64

1

Dolphin-x6...64.ps1

windows7-x64

1

Dolphin-x6...64.ps1

windows10-2004-x64

1

Dolphin-x6...64.ps1

windows7-x64

1

Dolphin-x6...64.ps1

windows10-2004-x64

1

Dolphin-x6...64.ps1

windows7-x64

1

Dolphin-x6...64.ps1

windows10-2004-x64

1

Dolphin-x6...64.ps1

windows7-x64

1

Dolphin-x6...64.ps1

windows10-2004-x64

1

Dolphin-x6...01.ps1

windows7-x64

1

Dolphin-x6...01.ps1

windows10-2004-x64

1

Dolphin-x6...01.ps1

windows7-x64

1

Dolphin-x6...01.ps1

windows10-2004-x64

1

Dolphin-x6...41.ps1

windows7-x64

1

Dolphin-x6...41.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    154s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231025-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/11/2023, 19:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Dolphin-x64/Sys/GameSettings/GALE01r2.ps1

  • Size

    24KB

  • MD5

    fa67d9cbe6c128576b1f9ad9b1563cc9

  • SHA1

    18692a82f7c2d09eaa414f10e58b37d563cfb7d5

  • SHA256

    8f72022cba33a58ad15700692710f0110d65a2a8a9f2cd7e52384d6ba1245c3b

  • SHA512

    5dd4076c0ccff02340f74755224f1a5257d0bf66d526d9d76bacb10c296a5fe59da0dc17a7d081a5b0d47cfa3ab0a48174d37f6bff260b0ef4dd1f9a757075cd

  • SSDEEP

    768:RdRuW9KK9r979RYnUj9KK9r979wUmUvkC9blBHjI:PRuWLJlDYnUjLJli7snxU

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Dolphin-x64\Sys\GameSettings\GALE01r2.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3284
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:3428
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2920

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
      Filesize

      16KB

      MD5

      477568ece932e861cc540cbd91e8c37e

      SHA1

      bcb93ddcde3dfec95dd53dd52a9c349b7cb6fbc3

      SHA256

      ef0e2b81be842447ded1ecca2be23c39d85cd43467759b26fdb518da704cbd7d

      SHA512

      2cd9dc43f9b836f4d3d0bf5f2a3c3f9bebfece12b22a9e3217556d4d6ef68229455ca13e492fabe149cf55c33d326326326d1a38bf2f0cf29e6b44108a135a5f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zifx4lfs.t0q.ps1
      Filesize

      60B

      MD5

      d17fe0a3f47be24a6453e9ef58c94641

      SHA1

      6ab83620379fc69f80c0242105ddffd7d98d5d9d

      SHA256

      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

      SHA512

      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      Download Submit

    • memory/2920-54-0x0000012AE78F0000-0x0000012AE78F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2920-61-0x0000012AE7520000-0x0000012AE7521000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2920-85-0x0000012AE7780000-0x0000012AE7781000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2920-84-0x0000012AE7670000-0x0000012AE7671000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2920-56-0x0000012AE78F0000-0x0000012AE78F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2920-17-0x0000012ADF240000-0x0000012ADF250000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2920-33-0x0000012ADF340000-0x0000012ADF350000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2920-49-0x0000012AE78E0000-0x0000012AE78E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2920-50-0x0000012AE78F0000-0x0000012AE78F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2920-51-0x0000012AE78F0000-0x0000012AE78F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2920-52-0x0000012AE78F0000-0x0000012AE78F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2920-53-0x0000012AE78F0000-0x0000012AE78F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2920-83-0x0000012AE7670000-0x0000012AE7671000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2920-81-0x0000012AE7660000-0x0000012AE7661000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2920-55-0x0000012AE78F0000-0x0000012AE78F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2920-57-0x0000012AE7900000-0x0000012AE7901000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2920-58-0x0000012AE7900000-0x0000012AE7901000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2920-59-0x0000012AE7900000-0x0000012AE7901000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2920-60-0x0000012AE7530000-0x0000012AE7531000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2920-69-0x0000012AE7460000-0x0000012AE7461000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2920-63-0x0000012AE7530000-0x0000012AE7531000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2920-66-0x0000012AE7520000-0x0000012AE7521000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3284-10-0x00007FF9E3800000-0x00007FF9E42C1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/3284-16-0x00007FF9E3800000-0x00007FF9E42C1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/3284-9-0x0000020B08430000-0x0000020B08452000-memory.dmp

      Filesize

      136KB

      Download

    • memory/3284-11-0x0000020B20A40000-0x0000020B20A50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3284-13-0x0000020B20A40000-0x0000020B20A50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3284-12-0x0000020B20A40000-0x0000020B20A50000-memory.dmp

      Filesize

      64KB

      Download