Overview

overview

7

Static

static

4

pcsx2-v1.6...er.exe

windows7-x64

7

pcsx2-v1.6...er.exe

windows10-2004-x64

7

$TEMP/PCSX...zed.mo

windows7-x64

3

$TEMP/PCSX...zed.mo

windows10-2004-x64

3

$TEMP/PCSX...ain.mo

windows7-x64

3

$TEMP/PCSX...ain.mo

windows10-2004-x64

3

$TEMP/PCSX...zed.mo

windows7-x64

3

$TEMP/PCSX...zed.mo

windows10-2004-x64

3

$TEMP/PCSX...ain.mo

windows7-x64

3

$TEMP/PCSX...ain.mo

windows10-2004-x64

3

$TEMP/PCSX...zed.mo

windows7-x64

3

$TEMP/PCSX...zed.mo

windows10-2004-x64

3

$TEMP/PCSX...ain.mo

windows7-x64

3

$TEMP/PCSX...ain.mo

windows10-2004-x64

3

$TEMP/PCSX...zed.mo

windows7-x64

3

$TEMP/PCSX...zed.mo

windows10-2004-x64

3

$TEMP/PCSX...ain.mo

windows7-x64

3

$TEMP/PCSX...ain.mo

windows10-2004-x64

3

$TEMP/PCSX...zed.mo

windows7-x64

3

$TEMP/PCSX...zed.mo

windows10-2004-x64

3

$TEMP/PCSX...ain.mo

windows7-x64

3

$TEMP/PCSX...ain.mo

windows10-2004-x64

3

$TEMP/PCSX...zed.mo

windows7-x64

3

$TEMP/PCSX...zed.mo

windows10-2004-x64

3

$TEMP/PCSX...ain.mo

windows7-x64

3

$TEMP/PCSX...ain.mo

windows10-2004-x64

3

$TEMP/PCSX...zed.mo

windows7-x64

3

$TEMP/PCSX...zed.mo

windows10-2004-x64

3

$TEMP/PCSX...ain.mo

windows7-x64

3

$TEMP/PCSX...ain.mo

windows10-2004-x64

3

$TEMP/PCSX...zed.mo

windows7-x64

3

$TEMP/PCSX...zed.mo

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/01/2024, 22:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/PCSX2 1.6.0/Langs/tr_TR/pcsx2_Iconized.mo

  • Size

    32KB

  • MD5

    6a1e6f15971b8f50b193b45199c23b1c

  • SHA1

    9efc47dea23f9263a74ada7833eac25d90f36bfb

  • SHA256

    f26b4bb09a2fff875ce71981893a704bba042dc116a9fec78481e61cbda66828

  • SHA512

    0cbbdff2d0fa38282448f6feb1fd5b72a26dd8f24508e142e0015e5c614ab2eb1c1364b23224471ba193a630339b61aa92201094c74672f0a7773d4447d2e2f2

  • SSDEEP

    768:J/qtLnpgStTXQ9rK1QVdMhKj1OxG1WpZ+pmO50S4PV:JwLn3uVjiZ+pyV

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\$TEMP\PCSX2 1.6.0\Langs\tr_TR\pcsx2_Iconized.mo"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1888
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\$TEMP\PCSX2 1.6.0\Langs\tr_TR\pcsx2_Iconized.mo
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:736
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\$TEMP\PCSX2 1.6.0\Langs\tr_TR\pcsx2_Iconized.mo"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:1872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    eb35a88d5d77df79b8648f3eb1dc2184

    SHA1

    b41be4d805bf9b73acad22ce9add540b3d69e824

    SHA256

    18191aa2ffc93e9c2b7fa9bdebe900c2f5813c449b7445c16eee96e78852191f

    SHA512

    36cc889333532e87b98899e1fdc7610a05a727df51a9314e33d66328c17c82e86c697f51d1d85c7169b859f1b2387cf6bf7fd929760388ef666e744d2dc0bce6

    Download Submit