Overview

overview

7

Static

static

3

Cursor-Cus...ws.zip

windows10-2004-x64

1

Cursor Custodian.exe

windows10-2004-x64

1

SDL2.dll

windows10-2004-x64

1

SDL2_image.dll

windows10-2004-x64

1

SDL2_mixer.dll

windows10-2004-x64

1

SDL2_ttf.dll

windows10-2004-x64

1

libfreetype-6.dll

windows10-2004-x64

1

libjpeg-9.dll

windows10-2004-x64

1

libpng16-16.dll

windows10-2004-x64

1

libtiff-5.dll

windows10-2004-x64

1

libwebp-7.dll

windows10-2004-x64

1

res/fonts/...se.ttf

windows10-2004-x64

7

res/sounds/click.wav

windows10-2004-x64

6

res/sounds/fall.ps1

windows10-2004-x64

1

res/sounds/hit.wav

windows10-2004-x64

6

res/sounds/jump.wav

windows10-2004-x64

6

res/textur...ow.png

windows10-2004-x64

3

res/textur...ay.png

windows10-2004-x64

3

res/textur...er.png

windows10-2004-x64

3

res/textur...le.png

windows10-2004-x64

3

res/textur...ft.png

windows10-2004-x64

3

res/textur...ht.png

windows10-2004-x64

3

res/textur...ox.png

windows10-2004-x64

3

res/textures/logo.png

windows10-2004-x64

3

res/textur..._0.png

windows10-2004-x64

3

res/textur..._1.png

windows10-2004-x64

3

res/textur..._2.png

windows10-2004-x64

3

res/textur..._3.png

windows10-2004-x64

3

res/textur..._4.png

windows10-2004-x64

3

zlib1.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/03/2024, 17:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    res/sounds/fall.ps1

  • Size

    120KB

  • MD5

    744db9ea4c16645dab3d92e2bca2b87e

  • SHA1

    e8ed322b84e876772e0e273afe2da84a654906ec

  • SHA256

    59761a0f0148a6303e2cbfe3dfeda3ef25d15b4391fdf97d7f0838b534af8ff7

  • SHA512

    a63696491e0d27f9fd4d21870343993527adc53b90dd67ac678a971a1bc6b1b953f5f612f6e41d6e96b655bd78e501ad98b79cc54ab3f5a32abc4b64f649231f

  • SSDEEP

    3072:WExs0/UxJO3faFqCLoG4b6FW8gRCgpWrVcJlQLDAvAEItj8iWD8:WExsK3lCkG66s8gAgpRHvAEkj8

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\res\sounds\fall.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:388
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x530 0x50c
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jpddv1sc.gqd.ps1
    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

    Download Submit

  • memory/388-5-0x000002BB28590000-0x000002BB285B2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/388-10-0x00007FF9B29A0000-0x00007FF9B3461000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/388-11-0x000002BB27F50000-0x000002BB27F60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/388-12-0x000002BB27F50000-0x000002BB27F60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/388-15-0x00007FF9B29A0000-0x00007FF9B3461000-memory.dmp

    Filesize

    10.8MB

    Download