Overview

overview

7

Static

static

3

Morrowind/...up.exe

windows7-x64

7

Morrowind/...up.exe

windows10-2004-x64

7

Morrowind/...ar.ps1

windows7-x64

1

Morrowind/...ar.ps1

windows10-2004-x64

1

Morrowind/...ar.ps1

windows7-x64

1

Morrowind/...ar.ps1

windows10-2004-x64

1

Morrowind/...17.ps1

windows7-x64

1

Morrowind/...17.ps1

windows10-2004-x64

1

Morrowind/...0d.ps1

windows7-x64

1

Morrowind/...0d.ps1

windows10-2004-x64

1

Morrowind/...55.ps1

windows7-x64

1

Morrowind/...55.ps1

windows10-2004-x64

1

Morrowind/...11.ps1

windows7-x64

1

Morrowind/...11.ps1

windows10-2004-x64

1

Morrowind/...28.ps1

windows7-x64

1

Morrowind/...28.ps1

windows10-2004-x64

1

Morrowind/...49.ps1

windows7-x64

1

Morrowind/...49.ps1

windows10-2004-x64

1

Morrowind/...18.ps1

windows7-x64

1

Morrowind/...18.ps1

windows10-2004-x64

1

Morrowind/...22.ps1

windows7-x64

1

Morrowind/...22.ps1

windows10-2004-x64

1

Morrowind/...09.ps1

windows7-x64

1

Morrowind/...09.ps1

windows10-2004-x64

1

Morrowind/...gt.dll

windows7-x64

1

Morrowind/...gt.dll

windows10-2004-x64

1

Morrowind/...al.htm

windows7-x64

1

Morrowind/...al.htm

windows10-2004-x64

1

Morrowind/...up.exe

windows7-x64

7

Morrowind/...up.exe

windows10-2004-x64

7

Morrowind/...er.exe

windows7-x64

3

Morrowind/...er.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    104s
  • max time network
    193s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/12/2023, 01:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Morrowind/Bethesda Softworks/The Elder Scrolls III- Morrowind/Data Files/Sound/Vo/k/f/Hlo_KF018.ps1

  • Size

    22KB

  • MD5

    40e981015ede42064b9bae84fca92726

  • SHA1

    bc9cfe2823d04c485d9be90c77d9506b4b0b7b1b

  • SHA256

    b5a1c1ce28708b7396c7c7bc1e251138c1ed1c544374600f21183d001be020da

  • SHA512

    1060ed4347c93cf7b4ac67c5e751c595c9afb48a9cdac24024d3ff3ecb1695ec1eff6e3c56a2834e5c01932d19f0f0a1872e7130efc3e33553ae9488f024b5bc

  • SSDEEP

    384:tKSTu2zZvEGv3N2FKoyCm3NCINVmj5/xdyj5qLZZLA2Vc4BG:kiZvEOoFN9m3jmbRZVFBG

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\Morrowind\Bethesda Softworks\The Elder Scrolls III- Morrowind\Data Files\Sound\Vo\k\f\Hlo_KF018.ps1"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4248
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x2f4 0x494
    1⤵
      PID:220

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lvl3kcsx.mec.ps1
      Filesize

      60B

      MD5

      d17fe0a3f47be24a6453e9ef58c94641

      SHA1

      6ab83620379fc69f80c0242105ddffd7d98d5d9d

      SHA256

      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

      SHA512

      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      Download Submit

    • memory/4248-9-0x00000183061A0000-0x00000183061C2000-memory.dmp

      Filesize

      136KB

      Download

    • memory/4248-10-0x00007FFA0BA90000-0x00007FFA0C551000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4248-12-0x000001831E7F0000-0x000001831E800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4248-11-0x000001831E7F0000-0x000001831E800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4248-13-0x000001831E7F0000-0x000001831E800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4248-16-0x00007FFA0BA90000-0x00007FFA0C551000-memory.dmp

      Filesize

      10.8MB

      Download