b4c8e55558fc2016508dfd78c95afbcba0a309c2feaeae95825260c27f3f13b8

Analysis

max time kernel
54s
max time network
20s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
21/02/2024, 00:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Dino GamePlaytesting2.exe
Size

25.4MB
MD5

7f5ba5ca9d77f337003c1220ed293730
SHA1

7d19a8b4b5963d434ae4bbe6a854f27a75e32066
SHA256

b4c8e55558fc2016508dfd78c95afbcba0a309c2feaeae95825260c27f3f13b8
SHA512

ff6b1ba9f531af7a308a71cbe2a86767c187944a0691d8e826b3352b469a6a4db9f9d35397b97935c2a06d8145536fbee8e46d4eed252bbdb527b5fded909947
SSDEEP

786432:ON3eETMNp7q2ahB0qNQD5TJ8e5mmstKqgtp068:k2akqNQNiesmstK90D

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 17 IoCs

pid	Process
2720	Dino GamePlaytesting2.exe
2720	Dino GamePlaytesting2.exe
2720	Dino GamePlaytesting2.exe
2720	Dino GamePlaytesting2.exe
2720	Dino GamePlaytesting2.exe
2720	Dino GamePlaytesting2.exe
2720	Dino GamePlaytesting2.exe
2720	Dino GamePlaytesting2.exe
2720	Dino GamePlaytesting2.exe
2720	Dino GamePlaytesting2.exe
2720	Dino GamePlaytesting2.exe
2720	Dino GamePlaytesting2.exe
2720	Dino GamePlaytesting2.exe
2720	Dino GamePlaytesting2.exe
2720	Dino GamePlaytesting2.exe
2720	Dino GamePlaytesting2.exe
2720	Dino GamePlaytesting2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2720	Dino GamePlaytesting2.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2720	Dino GamePlaytesting2.exe
2720	Dino GamePlaytesting2.exe
2720	Dino GamePlaytesting2.exe

C:\Users\Admin\AppData\Local\Temp\Dino GamePlaytesting2.exe
"C:\Users\Admin\AppData\Local\Temp\Dino GamePlaytesting2.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\MMFApplications\dino

Filesize
14B

MD5
df88b08a9f7f960b0023b7da2644b842

SHA1
a94b85729bea448e917cf5c962714c94b6a9f46e

SHA256
b1aef45a286d7fdccdcba78be971f4be788135389048de4da15c9cb70f4c1778

SHA512
10f2531a34f7587748d81317356393d56bb81368339c71dbdd8d426465c37579030069c23d83d5167b027c58897d2ed07a2fc023b7849280e1197450386d2520

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7149.tmp\Box2DBase.mfx

Filesize
284KB

MD5
15c1f5c080b99d1ea6f3b70c7a69af8c

SHA1
79e85e2d054dc6a07c0f9f611978e129e98ebf69

SHA256
286605641cdba584c563d7241c106bc9ea9d3e5a22028ed92e7f5cabd33e1e4b

SHA512
c540e8a1d1dfb60daec7694ff0f1cad210f7a061f80f6aea1a507b172a6295960c6ceaf80a808d1f752ec0ad8e4e97ad9941fd85c3926a4351095ae00aaaf1c7

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7149.tmp\Box2DBouncingBall.mvx

Filesize
128KB

MD5
842546403980acef6097a09f1f4c2fda

SHA1
b245e699e9f930353fe8f435844b88b69d1193fc

SHA256
1f8cfd04f3aa7376204756d216b07959d4e9064ca28eb7b89fe5aa64d0a35912

SHA512
a66d0ee4fda261779171c93ebbd8c8c8668dbabf49d16fac49c8de56d70c484f662843128cd85fbfa5a7ec118d8e29baae9adec8f5c09d9fc617d79c9a69ef25

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7149.tmp\DRPC.mfx

Filesize
1.8MB

MD5
7b78ab9a2798746a19a991261d150cde

SHA1
6f6ccb465d518c6b70a2ced376afd6a9779b4768

SHA256
a16fac771f5b676dc0963a538491922d42f5efbe5bd673ef5a05e4fcd1caee7a

SHA512
048a271b5d441e8a6356d42de9c384e9d43e4fe93b7b43677e4030239340812aa510d236b0d2fc037daf932c4ed277d7d338febd80ddc78f2afa3921a22918ba

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7149.tmp\Joystick2.mfx

Filesize
171KB

MD5
473880813d30a436bc8e4ac5ae29966a

SHA1
90f7eca461d0b4f42de5fa6812b89d023c152488

SHA256
75649299fb633f0753966ab8b7be56c97bf0e6e913e80685e5b41e7293c85b3c

SHA512
6aafa6490abfe1ccbdf983040ac7f6e90f55615d7a9c92baf7e835759a4d57020a6726ba14f8bd4c934fd8b64cd10504393519090da22ba5f85a5ce9b1a212d9

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7149.tmp\KcCursor.mfx

Filesize
36KB

MD5
d4f7402bbe6770a3c262f91495d01847

SHA1
375953d6b23b2eaa8b075e5b2f672ba0ac263b42

SHA256
957395a47050cebdf4476b8e908a03e90cc8d77f3e50c518a491e4e0d3443a43

SHA512
731ffb510f61daa507ff5fa6ae643cd22c3ef0da464e11ead9aa3a315f56bc77760ee27093f8cfff2fac0caee643b80a40b910034bab6a7db564dd6e23d069a8

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7149.tmp\Lacewing.mfx

Filesize
215KB

MD5
8a8767b9d44ff18cc9a2986cc1efcd5c

SHA1
1ab46ea5c4eb66c059113b715fda146b75c0de23

SHA256
50fe75b79197c5cff2d7f256ffff8d9f9d58e66c90f9fd00fd7aa4688c7d2e5a

SHA512
dfbc478d9504ab6cd375e1a987223afe993777417756d9901a46dffd31ee006ffd768f1fdc8279722a94e24344bbe5f2fd8b2b9bde9f92f73bddf880aa654857

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7149.tmp\Perspective.mfx

Filesize
24KB

MD5
2df0fc606f26c7261c67a0330e641740

SHA1
2a2b47b8c3f5904c411f8ee20ed4d082987986b1

SHA256
42285d953d9688e2d44f3b2a11d78b6a97ad3a26ed8042ab3a98527678e82bba

SHA512
82fce30edec7a59119e482875e93d162c83448ccde435dae7407a4d67df556088fa8af4a716f6be8d78c2ba97125122b0d2f1ab4e6d55c32751f8e9a9eeccc02

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7149.tmp\Platform.mfx

Filesize
27KB

MD5
419d215b96948ae6461798b022c05470

SHA1
01a36602bc1bba1c9d5f9ec90504bf8493dcfa0e

SHA256
27adad65afd2a77ea7b1835a5d91477661a40487fbc4a967edcb4906bc084bce

SHA512
3711a8c750d37d214d7d94f35a4731c1bbc029cc5052e4449e7fa52f3430754aa119a66d92eb51fa231cf30c894c4ca791778d0f361f7818bafc0a15ab3bf137

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7149.tmp\kcedit.mfx

Filesize
32KB

MD5
a00acf3af0958898345fca9893cb6f57

SHA1
561717e33e2877fd0db99411265186ca468041bd

SHA256
b38ad01ad8a22f3f553530b000d6d061356601d308e6a79284605c30cb0674ad

SHA512
9435f612a23864ac7e4d22cff927b4155463fdddd8d143b805d7233dd372e9a5975c9a4170de9bcfc3adce4ab9fffdab2937f053e48743d2791753d2dc727850

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7149.tmp\kcffunct.mfx

Filesize
8KB

MD5
1659ba7eb94ec1065ac6d2e0a96f0749

SHA1
ce8e78e3864ef7d256f58078a563e1458eecf5d6

SHA256
b8ac1750ec3f74b20c11a6b920868a034cd50619d3a7dfc9cb92faf328d1f4dd

SHA512
5d491c3d5235eebccdff32aca43ad1f8c8f1437f67c20fa48ee60eca14fcc9e0b891e04d5fb0cde63544288b328bb87f0be0e22384c6e0f7c633317e7ce859c3

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7149.tmp\kcini.mfx

Filesize
330KB

MD5
a6ad14845999c5aa7adf2911671a7c5b

SHA1
98dfd5a9584d1c1b330c2c104c1779bd55ded211

SHA256
5af175ffb932fb653873dad095dd40f2ab8d3fb56f287213c21bb68652ddad2d

SHA512
32bb59826b82d47ec420ac2532e1387a85422d2f0ce5370ad2c95b914a7615d3b122dbf4dd045105eb8ffea49324dac57659f0e5f2500b4d0eb75047cb36dfd8

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7149.tmp\kclist.mfx

Filesize
32KB

MD5
10a8ccacb046c0dc05adfc6964e99e95

SHA1
48acabc563a9c6d48eae3eda5254306127c00528

SHA256
57d8f859ecf57eed8f2fdc3271ec1d57c879899a527d77a80c9f45b1377742f5

SHA512
e972e0a6d4aa5c0cab99283c27038eb31f0adf2f581b4be9b58768d25a81f71e2aa5482500e4cb16bbc60d41f84ef926cd61a9cbe9fce1fce4adca564a6b147a

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7149.tmp\mmf2d3d11.dll

Filesize
541KB

MD5
839633898178f35f6de0b385b7de0ec7

SHA1
5396e52c45954f0953cc8cf2095b122f7353180e

SHA256
5f6563d6bf2f3ceab8b2ca2c15ba4f7fe882a82c1f72b10041b5692c6515a53a

SHA512
b0ed4fce2815dcb783e0b9a786178b337d215e6a4d16df1ddb3c28ccdba13081fee1976669d9f99505cf31b8f1e8d5584fd1aa9732e1add38217222726c76eb8

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7149.tmp\mmf2d3d9.dll

Filesize
1.5MB

MD5
c85bcc9f3049b57aa8ccbb290342ff14

SHA1
38f5b81a540f1c995ff8d949702440b70921acc5

SHA256
bddda991185a9e83b9855a109f2fcfa78cd2d5402e9db344c6ec77f6ce69a0c5

SHA512
5097f9d78ddc651aabf41f217f622ee656a1c6de6a9b339354525293102cf631cca2b7babaf991e99e49efe4d1bb6792c8a7a11f82e4ae2081c3961eb9b5afe7

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7149.tmp\mmfs2.dll

Filesize
768KB

MD5
200520e6e8b4d675b77971dfa9fb91b3

SHA1
0c583bf4c3eda9c955fd0d0d3ba7fdc62a43bf07

SHA256
763ef4484ba9b9e10e19268c045732515f0ac143cf075e6d1ea1f5adcc77633b

SHA512
8b7bb334b6bd83ae43e5a4fe32a92b38b1edd2c292c4a540a54c2ee16092eb30108524c1c363508f7c62617bb224d9b447f07cda97ab7de01688acbfbacec51b

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7149.tmp\mp3flt.sft

Filesize
24KB

MD5
5bebc3ae0122702b89f9262888d3a393

SHA1
064731c0f1d493b5b82921fa78f06e3d1db95284

SHA256
81c9a9459a8e124793addf142cd513945d6fe600e1d67f74897898d7570e56b2

SHA512
c10cb520c2c4a9fe7c371f17ce7f86f138db247468ab1e465dafd7abd294c2beb13cf3a2595b4c8c820d911d8b70842c8f4e45398693c4f0454f973bd58a10a1

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7149.tmp\waveflt.sft

Filesize
8KB

MD5
57ea61dd14314ef155e80c6a0be8a664

SHA1
963b0ef2fe976ff77044a821fe1e29be4a8cf8a7

SHA256
92a5053cf5973a6aa228c738d55387f12f1dfa8a837d7b938c60f05b6b56b3ad

SHA512
cc23cb30d76d22500c3ed7ce9ee0388588309d0779441b95559fce25a42f1eff52ca285c347655f8b33c15b75f9d2067738a151f81f605d3b563799a3a06c9a9

Download Submit
memory/2720-56-0x0000000000520000-0x0000000000544000-memory.dmp

Filesize
144KB

Download
memory/2720-33-0x0000000000280000-0x00000000002AF000-memory.dmp

Filesize
188KB

Download
memory/2720-42-0x00000000002D0000-0x000000000030B000-memory.dmp

Filesize
236KB

Download
memory/2720-47-0x00000000004B0000-0x00000000004F9000-memory.dmp

Filesize
292KB

Download
memory/2720-26-0x00000000025A0000-0x00000000027B3000-memory.dmp

Filesize
2.1MB

Download
memory/2720-81-0x00000000FFF80000-0x00000000FFF90000-memory.dmp

Filesize
64KB

Download