Analysis

  • max time kernel
    90s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/01/2024, 22:46

General

  • Target

    $TEMP/PCSX2 1.6.0/Langs/tr_TR/pcsx2_Iconized.mo

  • Size

    32KB

  • MD5

    6a1e6f15971b8f50b193b45199c23b1c

  • SHA1

    9efc47dea23f9263a74ada7833eac25d90f36bfb

  • SHA256

    f26b4bb09a2fff875ce71981893a704bba042dc116a9fec78481e61cbda66828

  • SHA512

    0cbbdff2d0fa38282448f6feb1fd5b72a26dd8f24508e142e0015e5c614ab2eb1c1364b23224471ba193a630339b61aa92201094c74672f0a7773d4447d2e2f2

  • SSDEEP

    768:J/qtLnpgStTXQ9rK1QVdMhKj1OxG1WpZ+pmO50S4PV:JwLn3uVjiZ+pyV

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\$TEMP\PCSX2 1.6.0\Langs\tr_TR\pcsx2_Iconized.mo"
    1⤵
    • Modifies registry class
    PID:1428
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2128

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads