Overview

overview

6

Static

static

3

vrs/OnlineFix.json

windows10-2004-x64

3

vrs/PAYDAY...om.dll

windows10-2004-x64

5

vrs/PAYDAY...ng.dll

windows10-2004-x64

1

vrs/PAYDAY...ix.ini

windows10-2004-x64

1

vrs/PAYDAY...ix.url

windows10-2004-x64

6

vrs/PAYDAY...64.dll

windows10-2004-x64

1

vrs/PAYDAY...st.txt

windows10-2004-x64

1

vrs/PAYDAY...s.json

windows10-2004-x64

3

vrs/PAYDAY...ad.dll

windows10-2004-x64

1

vrs/PAYDAY...12.dll

windows10-2004-x64

1

vrs/PAYDAY...mm.dll

windows10-2004-x64

1

vrs/PAYDAY3Client.exe

windows10-2004-x64

1

vrs/XboxLiveAuth.exe

windows10-2004-x64

1

Resubmissions

25/11/2023, 00:46

231125-a4xmnsgc2z 5

25/11/2023, 00:39

231125-azqnkafd46 6

Analysis

  • max time kernel
    59s
  • max time network
    67s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/11/2023, 00:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vrs/PAYDAY3/Binaries/Win64/Custom.dll

  • Size

    13.1MB

  • MD5

    49c1de1ec08c976c49a889943b7964ca

  • SHA1

    7d976e15f052af96a52546bffb89e166cdcdb08a

  • SHA256

    2748ace7586199b4c7eee8c2ca58af1ec5f6dfcb8789714f6f2b4688d6d73711

  • SHA512

    8225868619366ee644803fd89c2148f9bb85307c93554aa0eba1dd04d2d2fcdfd83b5c80ce41f2b2e88fab62afe7bc2cdee3bdcbbea9f2174d430fc27567c6a8

  • SSDEEP

    196608:nCh+LvTuZZMoTN50ESUCe9U+vpZJVGoB7VmSdpWyd541YjVEl4ADmlHNLoUUJB:CgLvTu/h5DCe9U0feiVOyd5qoF6UA

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\vrs\PAYDAY3\Binaries\Win64\Custom.dll,#1
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:4716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4716-0-0x00007FFED34D0000-0x00007FFED34D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4716-2-0x00007FFEB3FC0000-0x00007FFEB56A9000-memory.dmp

    Filesize

    22.9MB

    Download

  • memory/4716-1-0x00007FFEB3FC0000-0x00007FFEB56A9000-memory.dmp

    Filesize

    22.9MB

    Download

  • memory/4716-6-0x00007FFEB3FC0000-0x00007FFEB56A9000-memory.dmp

    Filesize

    22.9MB

    Download