Overview

overview

3

Static

static

1

ps2_bios.zip

windows7-x64

1

ps2_bios.zip

windows10-2004-x64

1

PS2 Bios 3...al.mec

windows7-x64

3

PS2 Bios 3...al.mec

windows10-2004-x64

3

PS2 Bios 3...al.nvm

windows7-x64

3

PS2 Bios 3...al.nvm

windows10-2004-x64

3

PS2 Bios 3...al.bin

windows7-x64

3

PS2 Bios 3...al.bin

windows10-2004-x64

3

SCPH-70004...00.bin

windows7-x64

3

SCPH-70004...00.bin

windows10-2004-x64

3

SCPH-70004...0.erom

windows7-x64

3

SCPH-70004...0.erom

windows10-2004-x64

3

SCPH-70004...00.nvm

windows7-x64

3

SCPH-70004...00.nvm

windows10-2004-x64

3

SCPH-70004...0.rom1

windows7-x64

3

SCPH-70004...0.rom1

windows10-2004-x64

3

SCPH-70004...0.rom2

windows7-x64

3

SCPH-70004...0.rom2

windows10-2004-x64

3

rom1.bin

windows7-x64

3

rom1.bin

windows10-2004-x64

3

scph10000.nvm

windows7-x64

3

scph10000.nvm

windows10-2004-x64

3

scph10000.bin

windows7-x64

3

scph10000.bin

windows10-2004-x64

3

scph39001.mec

windows7-x64

3

scph39001.mec

windows10-2004-x64

3

scph39001.nvm

windows7-x64

3

scph39001.nvm

windows10-2004-x64

3

scph39001.bin

windows7-x64

3

scph39001.bin

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04-02-2024 12:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    scph10000.bin

  • Size

    4.0MB

  • MD5

    acf4730ceb38ac9d8c7d8e21f2614600

  • SHA1

    aea061e6e263fdcc1c4fdbd68553ef78dae74263

  • SHA256

    c4dad3b5c6ad58bce70a47fc332602880f041c0338ac6be89061c928f6919ab1

  • SHA512

    1ef01ab94d6c75b788ac7fc37f965b3db6c69003faca2a955784fd65c64d898a151d8129367fa42dff22da3377aa376c21c0f28318927998425fcdf74a81d0a1

  • SSDEEP

    49152:F0aOLlQM5NJucyhh5ETm8tXP/D4S7Z3540ze2TIMQfV6E:F0aYu/hh5x0V35xihBVV

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\scph10000.bin
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\scph10000.bin
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2740
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\scph10000.bin"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    0fb02a02fd91b3511abe624229b43585

    SHA1

    585f79e1b28942f1b67d23300db5e9e70eabecf0

    SHA256

    73cada57ae5fee14a37ea291f890d4bfed044c4ec5645fdf179f19ef15e8fa01

    SHA512

    b2216eebf5b35bd122351f756ab6a3de7aa615d9ad5172c56a6fab21e4faf39fbf8afcd13f467c3e07a88a7cb1e2c7d409a2cb53ebd08fe26e54db3bf5bd59be

    Download Submit