07ff331ff16a81cb20bdcf7553f66237861830fc9edffa337a58220fc6b958c5

Analysis

max time kernel
137s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19-02-2024 23:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Legend of the spirit orbs.exe
Size

635KB
MD5

86cf5a985bb5c10b535c4cc320492982
SHA1

c314e2991c94e90edec6617d2d057bf4cbb86426
SHA256

eb56bc738ebf6c5f003471dcaeccb85eda9371dfe4672ff78d9bb919a77973c7
SHA512

75bda963809fa5b103c3c129948ac9e4283e4cede5db56cedf50043eb64afe9e2dc14b50cc7ada5287796cbe6967cb44aff5d2582afdaf737f27e8c7cb706f1c
SSDEEP

12288:Y7qTUn2fZKKGG8anZwFy+CV8/eNh457Mb8AnOA:OqQ2fZxthv8/eL49A

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Legend of the spirit orbs.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Legend of the spirit orbs.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Legend of the spirit orbs.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Legend of the spirit orbs.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4196	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4196	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2368	Legend of the spirit orbs.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2540	2368	Legend of the spirit orbs.exe	83
PID 2368 wrote to memory of 2540	2368	Legend of the spirit orbs.exe	83

C:\Users\Admin\AppData\Local\Temp\Legend of the spirit orbs.exe
"C:\Users\Admin\AppData\Local\Temp\Legend of the spirit orbs.exe"
1⤵
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Users\Admin\AppData\Local\Temp\UnityCrashHandler64.exe
  "C:\Users\Admin\AppData\Local\Temp\UnityCrashHandler64.exe" --attach 2368 1790948741120
  2⤵
  PID:2540

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x440 0x498
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2368-0-0x000001A0FE930000-0x000001A0FE940000-memory.dmp

Filesize
64KB

Download
memory/2368-1-0x000001A0FE7B0000-0x000001A0FE7C0000-memory.dmp

Filesize
64KB

Download
memory/2368-3-0x000001A261950000-0x000001A261960000-memory.dmp

Filesize
64KB

Download
memory/2368-2-0x000001A261940000-0x000001A261950000-memory.dmp

Filesize
64KB

Download
memory/2368-4-0x000001A2622D0000-0x000001A2622E0000-memory.dmp

Filesize
64KB

Download
memory/2368-5-0x000001A2622E0000-0x000001A2622F0000-memory.dmp

Filesize
64KB

Download
memory/2368-6-0x000001A3081D0000-0x000001A3081E0000-memory.dmp

Filesize
64KB

Download
memory/2368-7-0x000001A32A780000-0x000001A32A790000-memory.dmp

Filesize
64KB

Download
memory/2368-8-0x000001A32A980000-0x000001A32A990000-memory.dmp

Filesize
64KB

Download
memory/2368-9-0x000001A32A990000-0x000001A32A9A0000-memory.dmp

Filesize
64KB

Download
memory/2368-10-0x000001A32A9B0000-0x000001A32A9D0000-memory.dmp

Filesize
128KB

Download
memory/2368-11-0x000001A32A9A0000-0x000001A32A9B0000-memory.dmp

Filesize
64KB

Download
memory/2368-12-0x000001A32A9D0000-0x000001A32A9E0000-memory.dmp

Filesize
64KB

Download
memory/2368-13-0x000001A32A9F0000-0x000001A32AA00000-memory.dmp

Filesize
64KB

Download
memory/2368-14-0x000001A32AA10000-0x000001A32AA20000-memory.dmp

Filesize
64KB

Download
memory/2368-16-0x000001A0FE7B0000-0x000001A0FE7C0000-memory.dmp

Filesize
64KB

Download
memory/2368-17-0x000001A32A9E0000-0x000001A32A9F0000-memory.dmp

Filesize
64KB

Download
memory/2368-18-0x000001A32AA00000-0x000001A32AA10000-memory.dmp

Filesize
64KB

Download
memory/2368-19-0x000001A32AA20000-0x000001A32AA30000-memory.dmp

Filesize
64KB

Download
memory/2368-21-0x000001A32AA80000-0x000001A32AA90000-memory.dmp

Filesize
64KB

Download
memory/2368-22-0x000001A32AA30000-0x000001A32AA40000-memory.dmp

Filesize
64KB

Download
memory/2368-23-0x000001A32AA40000-0x000001A32AA60000-memory.dmp

Filesize
128KB

Download
memory/2368-24-0x000001A32AA70000-0x000001A32AA80000-memory.dmp

Filesize
64KB

Download
memory/2368-25-0x000001A32AAB0000-0x000001A32AAC0000-memory.dmp

Filesize
64KB

Download
memory/2368-26-0x000001A32AAC0000-0x000001A32AAD0000-memory.dmp

Filesize
64KB

Download
memory/2368-27-0x000001A32AF00000-0x000001A32AF10000-memory.dmp

Filesize
64KB

Download
memory/2368-29-0x000001A261950000-0x000001A261960000-memory.dmp

Filesize
64KB

Download
memory/2368-30-0x000001A2622D0000-0x000001A2622E0000-memory.dmp

Filesize
64KB

Download
memory/2368-28-0x000001A32AF10000-0x000001A32AF20000-memory.dmp

Filesize
64KB

Download
memory/2368-32-0x000001A32AD70000-0x000001A32AD80000-memory.dmp

Filesize
64KB

Download
memory/2368-34-0x000001A32AEF0000-0x000001A32AF00000-memory.dmp

Filesize
64KB

Download
memory/2368-35-0x000001A32AF20000-0x000001A32AF30000-memory.dmp

Filesize
64KB

Download
memory/2368-36-0x000001A32C270000-0x000001A32C280000-memory.dmp

Filesize
64KB

Download
memory/2368-37-0x000001A32C280000-0x000001A32C290000-memory.dmp

Filesize
64KB

Download
memory/2368-33-0x000001A32AEE0000-0x000001A32AEF0000-memory.dmp

Filesize
64KB

Download
memory/2368-38-0x000001A2622E0000-0x000001A2622F0000-memory.dmp

Filesize
64KB

Download
memory/2368-31-0x000001A32AD60000-0x000001A32AD70000-memory.dmp

Filesize
64KB

Download
memory/2368-39-0x000001A32CD60000-0x000001A32CD70000-memory.dmp

Filesize
64KB

Download
memory/2368-20-0x000001A32AA60000-0x000001A32AA70000-memory.dmp

Filesize
64KB

Download
memory/2368-15-0x000001A0FE930000-0x000001A0FE940000-memory.dmp

Filesize
64KB

Download
memory/2368-40-0x000001A3081D0000-0x000001A3081E0000-memory.dmp

Filesize
64KB

Download
memory/2368-41-0x000001A32CD70000-0x000001A32CD80000-memory.dmp

Filesize
64KB

Download
memory/2368-42-0x000001A32A780000-0x000001A32A790000-memory.dmp

Filesize
64KB

Download
memory/2368-43-0x000001A32CD80000-0x000001A32CD90000-memory.dmp

Filesize
64KB

Download
memory/2368-59-0x000001A32A980000-0x000001A32A990000-memory.dmp

Filesize
64KB

Download
memory/2368-60-0x000001A32A990000-0x000001A32A9A0000-memory.dmp

Filesize
64KB

Download
memory/2368-61-0x000001A32A9B0000-0x000001A32A9D0000-memory.dmp

Filesize
128KB

Download
memory/2368-63-0x000001A32CF30000-0x000001A32CF40000-memory.dmp

Filesize
64KB

Download
memory/2368-64-0x000001A32CDC0000-0x000001A32CDD0000-memory.dmp

Filesize
64KB

Download
memory/2368-65-0x000001A32CF20000-0x000001A32CF30000-memory.dmp

Filesize
64KB

Download
memory/2368-66-0x000001A32A9D0000-0x000001A32A9E0000-memory.dmp

Filesize
64KB

Download
memory/2368-62-0x000001A32CDA0000-0x000001A32CDB0000-memory.dmp

Filesize
64KB

Download
memory/2368-67-0x000001A32A9F0000-0x000001A32AA00000-memory.dmp

Filesize
64KB

Download
memory/2368-68-0x000001A32AA10000-0x000001A32AA20000-memory.dmp

Filesize
64KB

Download
memory/2368-69-0x000001A32CF40000-0x000001A32CF50000-memory.dmp

Filesize
64KB

Download
memory/2368-77-0x000001A32AA80000-0x000001A32AA90000-memory.dmp

Filesize
64KB

Download
memory/2368-76-0x000001A32AA20000-0x000001A32AA30000-memory.dmp

Filesize
64KB

Download
memory/2368-75-0x000001A32AA00000-0x000001A32AA10000-memory.dmp

Filesize
64KB

Download
memory/2368-74-0x000001A32A9E0000-0x000001A32A9F0000-memory.dmp

Filesize
64KB

Download
memory/2368-73-0x000001A32CF60000-0x000001A32CF80000-memory.dmp

Filesize
128KB

Download
memory/2368-72-0x000001A32A9A0000-0x000001A32A9B0000-memory.dmp

Filesize
64KB

Download
memory/2368-71-0x000001A32CF80000-0x000001A32CF90000-memory.dmp

Filesize
64KB

Download
memory/2368-70-0x000001A32CF50000-0x000001A32CF60000-memory.dmp

Filesize
64KB

Download
memory/2368-89-0x000001A32AA60000-0x000001A32AA70000-memory.dmp

Filesize
64KB

Download