Overview

overview

3

Static

static

1

ps2_bios.zip

windows7-x64

1

ps2_bios.zip

windows10-2004-x64

1

PS2 Bios 3...al.mec

windows7-x64

3

PS2 Bios 3...al.mec

windows10-2004-x64

3

PS2 Bios 3...al.nvm

windows7-x64

3

PS2 Bios 3...al.nvm

windows10-2004-x64

3

PS2 Bios 3...al.bin

windows7-x64

3

PS2 Bios 3...al.bin

windows10-2004-x64

3

SCPH-70004...00.bin

windows7-x64

3

SCPH-70004...00.bin

windows10-2004-x64

3

SCPH-70004...0.erom

windows7-x64

3

SCPH-70004...0.erom

windows10-2004-x64

3

SCPH-70004...00.nvm

windows7-x64

3

SCPH-70004...00.nvm

windows10-2004-x64

3

SCPH-70004...0.rom1

windows7-x64

3

SCPH-70004...0.rom1

windows10-2004-x64

3

SCPH-70004...0.rom2

windows7-x64

3

SCPH-70004...0.rom2

windows10-2004-x64

3

rom1.bin

windows7-x64

3

rom1.bin

windows10-2004-x64

3

scph10000.nvm

windows7-x64

3

scph10000.nvm

windows10-2004-x64

3

scph10000.bin

windows7-x64

3

scph10000.bin

windows10-2004-x64

3

scph39001.mec

windows7-x64

3

scph39001.mec

windows10-2004-x64

3

scph39001.nvm

windows7-x64

3

scph39001.nvm

windows10-2004-x64

3

scph39001.bin

windows7-x64

3

scph39001.bin

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-12-2023 16:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SCPH-70004_BIOS_V12_PAL_200.rom1

  • Size

    512KB

  • MD5

    82dc50fa18e636850f557c4ea66c7bfd

  • SHA1

    cc44355ded232a2ba5309bb24d4cd55af08696b2

  • SHA256

    b86fbccaa111ca7497630337dafea7da7320fc4f924ada22b92145ef806e7b42

  • SHA512

    ec1dc6cf74dfc34f01fbbcc2e0f11bb32d7a52101f8ebbd4ca10268165fe2639efa98e018f0a6ae58f74a491461ab301b9dbf9213687731cc2fb4dcb1e22317b

  • SSDEEP

    6144:DBFsXCSZ3B4YEXxyCpmDqoPYmMsHw1SiXWIXjxqJ4Li:1Sf3ounMsMjq4O

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\SCPH-70004_BIOS_V12_PAL_200.rom1
    1⤵
    • Modifies registry class
    PID:4800
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1040
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:3016
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3764

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
      Filesize

      16KB

      MD5

      045357d107af693312668dacf6429297

      SHA1

      6decf7ee134d72fa9af1c8389a76f5c84f92e6ad

      SHA256

      38cc10e7f27d8336c8c61f0d8cd26d63598380c3651a67a1ca3226dc430835bd

      SHA512

      1184c1968b718c775fe873166e6b87a66ac8e96744b1c7b5e13a78adc33ae2586ce31ff4a45487af0f168686f607e561f4d60add46bfc7466e4bd917289bbfa1

      Download Submit

    • memory/3764-40-0x000001FCF7120000-0x000001FCF7121000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3764-33-0x000001FCF7120000-0x000001FCF7121000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3764-42-0x000001FCF7120000-0x000001FCF7121000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3764-34-0x000001FCF7120000-0x000001FCF7121000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3764-35-0x000001FCF7120000-0x000001FCF7121000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3764-36-0x000001FCF7120000-0x000001FCF7121000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3764-37-0x000001FCF7120000-0x000001FCF7121000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3764-38-0x000001FCF7120000-0x000001FCF7121000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3764-43-0x000001FCF5D50000-0x000001FCF5D51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3764-0-0x000001FCEDA40000-0x000001FCEDA50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3764-68-0x000001FCF5FA0000-0x000001FCF5FA1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3764-32-0x000001FCF7100000-0x000001FCF7101000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3764-39-0x000001FCF7120000-0x000001FCF7121000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3764-44-0x000001FCF5D40000-0x000001FCF5D41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3764-46-0x000001FCF5D50000-0x000001FCF5D51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3764-49-0x000001FCF5D40000-0x000001FCF5D41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3764-52-0x000001FCF5C80000-0x000001FCF5C81000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3764-16-0x000001FCEDB40000-0x000001FCEDB50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3764-64-0x000001FCF5E80000-0x000001FCF5E81000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3764-66-0x000001FCF5E90000-0x000001FCF5E91000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3764-67-0x000001FCF5E90000-0x000001FCF5E91000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3764-41-0x000001FCF7120000-0x000001FCF7121000-memory.dmp

      Filesize

      4KB

      Download