0d60601a1157cff3eba748a058ac48b94f25989aa30aba124be9c45877a7e034

Analysis

max time kernel
71s
max time network
117s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
24/02/2024, 18:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

hlrb11-59cp2009.exe
Size

209.4MB
MD5

f33f25f02ba20880659ca9cb5c029404
SHA1

28649f2fd558b8998c4649cd2f48e16896c6d30b
SHA256

0d60601a1157cff3eba748a058ac48b94f25989aa30aba124be9c45877a7e034
SHA512

1abc956aa029be86d84db2ace94e5f1fe41095bc818763d48a2deb01667e06e3d62ba06d7275cac0cff2acc6bda51be30e48a1c7de3936d3b2cc9ef1cd3c2b9f
SSDEEP

6291456:u7miATfLIlAI1VbB4W68Qw4TrhNIQLjESz0A:u6/L+AI1VbBg8sNyQfv

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2680	hlrb11-59cp2009.exe
2680	hlrb11-59cp2009.exe
2680	hlrb11-59cp2009.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\hlrb11-59cp2009.exe
"C:\Users\Admin\AppData\Local\Temp\hlrb11-59cp2009.exe"
1⤵
- Loads dropped DLL
PID:2680

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2560

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\STEAM\SteamApps\half-life\hlrally\HL_RALLY_1.1B_+_59cp_FEATURES.txt
1⤵
PID:3160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\STEAM\SteamApps\half-life\hlrally\HL_RALLY_1.1B_+_59cp_FEATURES.txt

Filesize
267B

MD5
4e210feb1942e6ed6eecd6caf143bd17

SHA1
3b5c8bfa6223ea706736067b2a9d9b87f2ea6667

SHA256
e5f6b5666f4c59870693aef288d027cf48b16bb52f98369dc0048a61c82e9728

SHA512
7d151ba57e3fdad1516105ba17560a63bb622d93d107b880270a90e605eece923b348f232df1976480fd6b32b9ccbcf9371d7691f94ccd203472e5435837d368

Download Submit
C:\STEAM\SteamApps\half-life\hlrally\gfx\env\mm_poolup.tga

Filesize
192KB

MD5
1691598c6bc4a706d104dfe5ef35bfee

SHA1
1945963905e9a110b0150e1d9faae37fc0e52cf3

SHA256
90fe5b115e3708e309ef3a6e89c959e87d17f115f1fe9dfc221a1c83a0db2b47

SHA512
7f77281545939bec863e2964a03966c487e6e15764d301a8e35ea7d87458634914e33a8c3e9ba84bf869ad28828bdceb39a7881dbc598172d81d06c47100a091

Download Submit
C:\STEAM\SteamApps\half-life\hlrally\gfx\env\sunsetrt.tga

Filesize
192KB

MD5
4c6b88f201895ae567f75ece60e5f4fc

SHA1
f2ec50247091774eeb2ea606f13265108ca9bdf7

SHA256
437a64f865426ef42f2dd582c7d0a39ac8afb23bc1069961fad7178f969e8e3b

SHA512
8c76355a4bb95d49a774d3b67eb7251b0089fd530bf5656560b0077148efbceff7674ecc826e2fff72e1d5343d52f7a950b4c520e49fa1a048a0ec12e1d33e7a

Download Submit
C:\STEAM\SteamApps\half-life\hlrally\gfx\vgui\1600_mitsubishi.tga

Filesize
64KB

MD5
32a5608df330bf008670e812674b5bb9

SHA1
e159bdaa960a9d3095049644b7f019d078525113

SHA256
ea6652259456217ff56fcdd209d57707fa89584c057862114b230d08c06a3fd7

SHA512
e6b12ba8680296adb9bd878e29fd7db470527e46f9640f68b3572799186e95ddd047ecfda4ec101c9245bdb3ae029ecbd51f8c4f43a2973a1e9427fb15f85ce8

Download Submit
C:\STEAM\SteamApps\half-life\hlrally\gfx\vgui\640_class_bg16.tga

Filesize
5KB

MD5
a1c2d08d4de4948b646296d075668488

SHA1
d0bff5b784e20916c8324a39d4f34e3d70ba3d4f

SHA256
8750ab2e0a5343b68f6917ba3c2714366648a361cf6050ee2dbb55b5ebc565a0

SHA512
59fbdb99020b74b74f7ca5918a631cdeb6c58fe05468b66a97e13e8d4e512479a5588d127098b186e067a597841f0f56e68eb9c97822429dd7523c176722814a

Download Submit
C:\STEAM\SteamApps\half-life\hlrally\gfx\vgui\800_class_bg16.tga

Filesize
9KB

MD5
4bd0c280d2218db8fb6baa5c5739a9ee

SHA1
9758bfab700045f473d2930211ce9203c0e46970

SHA256
4e2973fc992e590eb260e903f2f5d9e2c2d1b039868db102afc0b86f2cfa01fc

SHA512
72a9c7ed471ee645a50b356cfdf3066daf886764dbbbc8a35d69840b0934e208c871ddb4835eba70565265b733966c382e83ca3d9b602eebc3e11b1b674849fd

Download Submit
C:\STEAM\SteamApps\half-life\hlrally\sprites\maps\rc_inyo2.spr

Filesize
64KB

MD5
0076c6e5d857af809e0938394afdd0c0

SHA1
c717514bf5591a6678aad76145b5645e20f61b21

SHA256
68ebd80d20df40f3709f2869e9003b8aeff831ba8425bb6398dfecc29edbad8e

SHA512
4193412b595baa95ed95072e13c544f97e8fcc6b11437c0f28c8a2fae9f0a0390230b6b6d2428eeee2f770b4f62b6ff8eb7f5b7caa2d4202883fc199e08a494f

Download Submit
C:\STEAM\SteamApps\half-life\hlrally\sprites\maps\rc_wintervalley.spr

Filesize
64KB

MD5
7fddbd770a51692a3ea390278c8a1fb4

SHA1
646110726a41d79eaf1af04dfd682c5c3234bf32

SHA256
ff8665d4b1585265c5325bf1247eb375c50665779287c5dc1bdab00bcfc39d84

SHA512
3b31b5025e2be45f02d1d1195c9150d54017b50e25c7b0a98e492e8d0434e01b2d1d3fa70709ca0cc4b1479f7dd664e816cd7d6e44894e86f8e5b59ec3d7595e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb96D3.tmp\ioSpecial.ini

Filesize
528B

MD5
20568586d5ae491d72a31eb22e317578

SHA1
da5567c57dae61691813d799fc9fd6c609a9942b

SHA256
0850a2c224eabd62231815ed08aac5640354a7db66f44d9c58af439df21fab7d

SHA512
5852a255def005d8b7a61acf7ef94d1eea07392c9e93a7ce9994b4f4f0505fe261db558d678435a56d317c0d54c99ffac7b7010d58ff1a9ce3c502285b9e62fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb96D3.tmp\ioSpecial.ini

Filesize
620B

MD5
5dbf886bb92e32514c8c7eaa5d2394ce

SHA1
b95733b602ca53b076b55e9e449aff445b8f3e22

SHA256
f38fe41eca9d31ba4462949645d0365c98dd28fed3345d29333717e4b9b4a5ef

SHA512
d271cabf38243de109019d9898b238b7d7499cd636bf910e59769cd0cd99035ff85114a41ae9962e4589e4d66cb0ce55f67225db57c66325f230199d1dfee92a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb96D3.tmp\ioSpecial.ini

Filesize
620B

MD5
98a0bd138570cc789f18aaf630f4eac7

SHA1
fde8bf8e5b25f8213698552d8bec62e15be50009

SHA256
2b7f9d92ec47f951a82cb12ce5054c940d41fbac3927c1d131568b24c3688c19

SHA512
ef9fd979d73fe9499da5af8dbcb26c987b242d7fbfa7becc069df6b4dea43f5572ed661f23d33610c596942d7b99b3464ca7a923524b28187acb38423fff8af8

Download Submit
\Users\Admin\AppData\Local\Temp\nsb96D3.tmp\InstallOptions.dll

Filesize
14KB

MD5
0285eac59530ff5cc91fe2634b4ed78e

SHA1
241c12aefca0740e776362f30aa1edffd66d6bdc

SHA256
44c822afaa4cc7cb95390eaa0ada076d280d3455870569f0cde03637257d9899

SHA512
1007fbfb82d4e6c04bd5fefb32cd81f4406022ceef4d409eda0f0ddeb8b1f124a2baec86498bc119778e0c241fc41b0c2440d8a8f6731a63ede936be94f81297

Download Submit
\Users\Admin\AppData\Local\Temp\nsb96D3.tmp\StartMenu.dll

Filesize
7KB

MD5
d7d5e1ae69a5108aad96eae3634394db

SHA1
68c27b7ad530bdbb39b7f3cecea63b8b2708cb1c

SHA256
76067f5d1e3df7fc72d6f0253a0bd0e1aa1b444c8a6953c10cd78f3a7cd3944e

SHA512
217884d79c896c1b4383184096964c1d559a2c906a3ec50d6715015f1981d3fdee5ed35803118bdc83354dc923e3e2e22b868b03236019185190daeaffbdd899

Download Submit