Overview

overview

10

Static

static

3

Palworld_0.1.2.0.exe

windows10-2004-x64

10

Palworld_0.1.2.0.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    46s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25-01-2024 17:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Palworld_0.1.2.0.exe

  • Size

    1.8MB

  • MD5

    a54ca6afa4c942162ff41803719537f0

  • SHA1

    3252a867a4c6c2622fec6a11dc8310b851ec97a5

  • SHA256

    7d4b7a47dae660ee06d4bb012162fc939c224f0fd15846e0d317175ad1487e32

  • SHA512

    059247140fbdb8b6d5088392758e55d515a484c629bb65762881a8af78785fca680e0e5c7013ad43a7ab2818d4304910b7b44f224e04db582b881b0d9c8ba774

  • SSDEEP

    24576:Y4nXubIQGyxbPV0db26eEMzRVIkyuwygzt18FvyF2PnJSw2+kpSsBKUxqK4JJqrZ:Yqe3f6hZthB6E2xX2+JskUxq1JJdzu

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Palworld_0.1.2.0.exe
    "C:\Users\Admin\AppData\Local\Temp\Palworld_0.1.2.0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2296
    • C:\Users\Admin\AppData\Local\Temp\is-1P95P.tmp\Palworld_0.1.2.0.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-1P95P.tmp\Palworld_0.1.2.0.tmp" /SL5="$5020E,896512,0,C:\Users\Admin\AppData\Local\Temp\Palworld_0.1.2.0.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      PID:3136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-1P95P.tmp\Palworld_0.1.2.0.tmp
    Filesize

    692KB

    MD5

    39035e668e1b2b84a29ee4b768fcb790

    SHA1

    986d57aa031bc283330f8ccd24b609767e55f8ab

    SHA256

    d060968676924ccd3adf18d055e7eb821adf87af1fa47d48d2c62d43694e955f

    SHA512

    1e86a1f1b374ad4459ee474481ccd0997928e815cb64579178dffca415a3f781925b411982004c6143d970c8a5e1b3f395a846c7c76d3f445dbc987ee4617298

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\is-1P95P.tmp\Palworld_0.1.2.0.tmp
    Filesize

    3.1MB

    MD5

    eabd48fb64150a4dd6e39d4cb3122e5d

    SHA1

    f94125de088400a58939ba124d1fbca9dad50a69

    SHA256

    aeedce3694358556ee3dcc9902a1218ecf06897268393c6e94af2b0dfead14eb

    SHA512

    6d593351285ed0152ca6bb1461b89154882f9c21dc341007d67ebce9cf7d29f5ba64857d661219bb00cead2bf75dc7dfec9ae39a86904e2312137e3470869b6b

    Download Submit
  • memory/2296-1-0x0000000000400000-0x00000000004E8000-memory.dmp
    Filesize

    928KB

    Download
  • memory/2296-8-0x0000000000400000-0x00000000004E8000-memory.dmp
    Filesize

    928KB

    Download
  • memory/3136-6-0x0000000002920000-0x0000000002921000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3136-9-0x0000000000400000-0x0000000000722000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/3136-12-0x0000000002920000-0x0000000002921000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3136-19-0x0000000000400000-0x0000000000722000-memory.dmp
    Filesize

    3.1MB

    Download