a9e270217d12867c2609d9423d1b2ed83fcf7cd08aeeee3ab09a4afdf9e9418e

Analysis

max time kernel
235s
max time network
223s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 07:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

DOSBox0.74-3-win32-installer.exe
Size

1.4MB
MD5

10f38d3d4b19c58c04d465bd1acd24f0
SHA1

c8c1f5a5d17336607c886444518e74e3d1a4e041
SHA256

a9e270217d12867c2609d9423d1b2ed83fcf7cd08aeeee3ab09a4afdf9e9418e
SHA512

c77310392eda80a98bbb6a5ac3446659b78ce85fdaaa2ef42b1d9b8ea1152722760c1af16696cf48cee43206c9da434fe191bc0b68e6fda99dfb33e479efaaf4
SSDEEP

24576:TA3AA3f646/58tQN2UR7l/TR8EalSxNhCkQTCE2wJnGl0uTskAs+giMbfJyDS:QAAS54K2UH/1xw2wJntunAGrjb

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1420	DOSBox.exe

Loads dropped DLL 2 IoCs

pid	Process
1420	DOSBox.exe
1420	DOSBox.exe

Drops file in Program Files directory 20 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\DOSBox-0.74-3\DOSBox 0.74-3 Manual.txt	DOSBox0.74-3-win32-installer.exe
File created	C:\Program Files (x86)\DOSBox-0.74-3\SDL.dll	DOSBox0.74-3-win32-installer.exe
File created	C:\Program Files (x86)\DOSBox-0.74-3\Screenshots & Recordings.bat	DOSBox0.74-3-win32-installer.exe
File created	C:\Program Files (x86)\DOSBox-0.74-3\Documentation\COPYING.txt	DOSBox0.74-3-win32-installer.exe
File created	C:\Program Files (x86)\DOSBox-0.74-3\Documentation\THANKS.txt	DOSBox0.74-3-win32-installer.exe
File created	C:\Program Files (x86)\DOSBox-0.74-3\Documentation\INSTALL.txt	DOSBox0.74-3-win32-installer.exe
File created	C:\Program Files (x86)\DOSBox-0.74-3\Video Codec\zmbv.inf	DOSBox0.74-3-win32-installer.exe
File created	C:\Program Files (x86)\DOSBox-0.74-3\Documentation\README.txt	DOSBox0.74-3-win32-installer.exe
File created	C:\Program Files (x86)\DOSBox-0.74-3\DOSBox.exe	DOSBox0.74-3-win32-installer.exe
File created	C:\Program Files (x86)\DOSBox-0.74-3\Video Codec\Video Instructions.txt	DOSBox0.74-3-win32-installer.exe
File created	C:\Program Files (x86)\DOSBox-0.74-3\DOSBox 0.74-3 Options.bat	DOSBox0.74-3-win32-installer.exe
File created	C:\Program Files (x86)\DOSBox-0.74-3\Reset Options.bat	DOSBox0.74-3-win32-installer.exe
File created	C:\Program Files (x86)\DOSBox-0.74-3\stdout.txt	DOSBox.exe
File created	C:\Program Files (x86)\DOSBox-0.74-3\Documentation\NEWS.txt	DOSBox0.74-3-win32-installer.exe
File created	C:\Program Files (x86)\DOSBox-0.74-3\SDL_net.dll	DOSBox0.74-3-win32-installer.exe
File created	C:\Program Files (x86)\DOSBox-0.74-3\Video Codec\zmbv.dll	DOSBox0.74-3-win32-installer.exe
File created	C:\Program Files (x86)\DOSBox-0.74-3\Reset KeyMapper.bat	DOSBox0.74-3-win32-installer.exe
File created	C:\Program Files (x86)\DOSBox-0.74-3\uninstall.exe	DOSBox0.74-3-win32-installer.exe
File created	C:\Program Files (x86)\DOSBox-0.74-3\stderr.txt	DOSBox.exe
File created	C:\Program Files (x86)\DOSBox-0.74-3\Documentation\AUTHORS.txt	DOSBox0.74-3-win32-installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1420	DOSBox.exe

C:\Users\Admin\AppData\Local\Temp\DOSBox0.74-3-win32-installer.exe
"C:\Users\Admin\AppData\Local\Temp\DOSBox0.74-3-win32-installer.exe"
1⤵
- Drops file in Program Files directory
PID:1812

C:\Program Files (x86)\DOSBox-0.74-3\DOSBox.exe
"C:\Program Files (x86)\DOSBox-0.74-3\DOSBox.exe" -userconf
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:1420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\DOSBox-0.74-3\DOSBox.exe

Filesize
3.6MB

MD5
90c338efc128025736084c05ae664a60

SHA1
5c5c465b48d09c0586ee465dfe5df0cb0c1c1028

SHA256
dcfd46fa521f5ce89dce3bf026056f3a1d15533f80321ee887403e30d7949f5e

SHA512
814d28162e68655088ff4b858274c3c33fe2b9c9dd654e7d0614ee5bad3c28a776ab7799efaea136a5cfbb93601fee5675b64eebee7722500324d896dc6f0ca8

Download Submit
C:\Program Files (x86)\DOSBox-0.74-3\DOSBox.exe

Filesize
1.3MB

MD5
3061f4fbd2225e986fddd312514f1f13

SHA1
daf1c37a1c0310cdc96909c66ecaea0f6d14527a

SHA256
d98bccb5326551c5f726b701cc739f2aa628e595bfada567d521a4ca3978a532

SHA512
1f81f3ae9f8ce6fecaac15665f9fbcc588487a7e9df777ec72edb59d0a143f9f09688feceb78b79394e13dd21bbb09baf04abb42790b89fe7c8e138fe3d6199e

Download Submit
C:\Program Files (x86)\DOSBox-0.74-3\SDL.dll

Filesize
437KB

MD5
52726f9e11c4f2af64033ee17dae1fce

SHA1
a6f2589a6878e7c3384d9592077900c747232b0d

SHA256
69037ebc43755296c0cc292d57d560028d7f2265f7b86ca84e714835c19bbd58

SHA512
e075c07d8dfbe027fc9fa9f8874ec117e2f17ab7683fc8941e4fe5a0b4ed0ee26bc0a8b8ccb0f0a79a1a200220d39b6820a480be720b68091a5550798f93a1ad

Download Submit
C:\Program Files (x86)\DOSBox-0.74-3\SDL_net.dll

Filesize
13KB

MD5
7db830b9fb29781f86cec2a1bbfe050c

SHA1
e8adb7e4821d98bd26062c793288dbf7754f6978

SHA256
2f39dc04acbecf47efa45034891602b6ea7bf6fd2f27b5c0a5ca8d7fb155c929

SHA512
e2934aac58377d8a5adf96633b55eea63bf689872409270bbcf98097a36ca772194fa12c2b287bba0a76109ae62c575beac3b1192375c4e06b61640cb9e4a14f

Download Submit
memory/1420-52-0x0000000000400000-0x000000000246D000-memory.dmp

Filesize
32.4MB

Download
memory/1420-53-0x0000000068100000-0x0000000068161000-memory.dmp

Filesize
388KB

Download
memory/1420-54-0x0000000067C00000-0x0000000067C0A000-memory.dmp

Filesize
40KB

Download