0e72ed6d89d9b89690fde8122f46fa851740ef18e850d98d45e56f85a6682994

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xbox360_64Eng.exe
Size

7.5MB
MD5

4c7fbad5bbebc0d3807129092a1de4b9
SHA1

00f7246437c53f3aba5516ac3fc572181c24c666
SHA256

0e72ed6d89d9b89690fde8122f46fa851740ef18e850d98d45e56f85a6682994
SHA512

e3acdb5b5e58e2d8aa9f77a3a70a7317fda32e9471d64b7364216cdbcf44abd8ba80088f7f275085ead1f0a536075fc185151c4e31ee472b73be1e5e26d07ab9
SSDEEP

98304:BSUCTRhlUVz71eG+Ybiy/j+Hu9Oy5fNFDm9DOTJ7AHzJJRFlzHObR8AJrYE/0eeN:BYTFEnT0y/+SrK9+JMHFDzxpE/U

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2908	setup.exe
2432	setupstb.exe

Loads dropped DLL 15 IoCs

pid	Process
3028	Xbox360_64Eng.exe
3028	Xbox360_64Eng.exe
3028	Xbox360_64Eng.exe
2908	setup.exe
2908	setup.exe
2908	setup.exe
2908	setup.exe
2908	setup.exe
2908	setup.exe
2908	setup.exe
2908	setup.exe
2432	setupstb.exe
2432	setupstb.exe
2432	setupstb.exe
2432	setupstb.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2908	3028	Xbox360_64Eng.exe	28
PID 3028 wrote to memory of 2908	3028	Xbox360_64Eng.exe	28
PID 3028 wrote to memory of 2908	3028	Xbox360_64Eng.exe	28
PID 3028 wrote to memory of 2908	3028	Xbox360_64Eng.exe	28
PID 3028 wrote to memory of 2908	3028	Xbox360_64Eng.exe	28
PID 3028 wrote to memory of 2908	3028	Xbox360_64Eng.exe	28
PID 3028 wrote to memory of 2908	3028	Xbox360_64Eng.exe	28
PID 2908 wrote to memory of 2432	2908	setup.exe	29
PID 2908 wrote to memory of 2432	2908	setup.exe	29
PID 2908 wrote to memory of 2432	2908	setup.exe	29
PID 2908 wrote to memory of 2432	2908	setup.exe	29
PID 2908 wrote to memory of 2432	2908	setup.exe	29
PID 2908 wrote to memory of 2432	2908	setup.exe	29
PID 2908 wrote to memory of 2432	2908	setup.exe	29

C:\Users\Admin\AppData\Local\Temp\Xbox360_64Eng.exe
"C:\Users\Admin\AppData\Local\Temp\Xbox360_64Eng.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3028
- \??\c:\e6b40686152245ac96a49203cb6f74\setup.exe
  c:\e6b40686152245ac96a49203cb6f74\setup.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2908
- - C:\e6b40686152245ac96a49203cb6f74\setupstb.exe
    "C:\e6b40686152245ac96a49203cb6f74\setupstb.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2432

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\e6b40686152245ac96a49203cb6f74\setup.exe

Filesize
475KB

MD5
63200900c80dc5399a739d8d1594d5a8

SHA1
559bfa9828caa99a1bd45a2e7786d345f17cf9bc

SHA256
41df875092ebaa6d7098e41b55e0a312b90e3ad1bca20fb040d78811ce71ce6b

SHA512
92f7eebadb7e17cecf21b79348af19eae3380122696dd3dd77639f636b9f7bba41c408e893e6209e123f74021e5b655e8ea08e2940129f0229d454f31e558df5

Download Submit
C:\e6b40686152245ac96a49203cb6f74\setupstb.exe

Filesize
308KB

MD5
c7eb49d3f184cebf7ce466dcf95a648f

SHA1
8c3a22d4d2ef4023748bcd984bf1471d60cb28ab

SHA256
a84ac2f802fc9fcf0c570a9bdb980742788f806040de2352c19ab97f9f6e4d03

SHA512
1c84a682b7ae5bd24e68557ca6c0e9a53970a54275486c31f93c4c42dffcfbbf6332a75f7f570d3a60d9dece3fe593770e915320b53009c85df98cfaff079205

Download Submit
C:\e6b40686152245ac96a49203cb6f74\setupstb.exe

Filesize
382KB

MD5
3faeacfb815a5f5814b12a34eb4e667d

SHA1
9353bf326455a76ce51b3c1e98788016fd28801d

SHA256
c11013d00526135e78021f861900d473523e200d47653ad04b81ff2334f31de8

SHA512
4e685bab20bcbc26cf5f494ad5f5fab9be78512eed46f3b4e55fd98b8b5aa9162b934a45e4fe8c6077772bfad5f00bd3efd1374f030ba92d01567ce720e2dcca

Download Submit
C:\e6b40686152245ac96a49203cb6f74\xbox360\Setup64\Files\1033\Eng.rtf

Filesize
27KB

MD5
9ce52f91919e9a813572d62b5eb3d07a

SHA1
a6dfdcd594ce080f374d3bd0bbc6f461b699c0fc

SHA256
a61c6406dd3166ca09b9646e1db3f050aa27a20ea16e186d1844f9c2439031cf

SHA512
328b29e6187b89bab7f7c89e09fb64936a40b9a02efacf7f9a9ffce087c228cb5535e309b1ee3635ff178cf0ddfc10afa9c6ff93f337e5efb88b67a28a375792

Download Submit
\??\c:\e6b40686152245ac96a49203cb6f74\lang.ini

Filesize
23B

MD5
37eb4d739414162ab9b2dc924b9f88da

SHA1
64cac5f7b74914f3de6bf5e06ff03c267c087ad4

SHA256
ebb498ec3498be69ffce90a25ba3b67af4d518347b7e28181c7f97905101c6c5

SHA512
1d859870defe1b231948a5484df6758c1d02a5624cae51f63b55e7c8a7d64249e398b37f943dd3d2526491cb105c147fdb000bf37ca901629585b3173ee104a9

Download Submit
\??\c:\e6b40686152245ac96a49203cb6f74\setup.exe

Filesize
524KB

MD5
2e1d54643edda8fcd625820d19ed208a

SHA1
771fadea6f8aeb680d3d258257e062342c9a80c9

SHA256
f87fcfb5e448307dc8e05fb56de8fc68320da1e91a3dc28927a8759b10a942e6

SHA512
4b4df155bc1e0f9db95029bb667511ad6c3dee1d59ce5e9abe8195e221347f57408ebae335094f0e0c162220b2f5ead22b1318e8c201ebbf2c739967eec82563

Download Submit
\??\c:\e6b40686152245ac96a49203cb6f74\xbox360\Setup64\Files\1033\setupres.dll

Filesize
359KB

MD5
3aa7a730b20b47001e3d9a5e3217e33f

SHA1
5fb192c0b6a816578dde8ca0ec9392d991135a18

SHA256
12b727f59798f7bba45a2c5416d85042a42b0ddfe033eeb24b047ffe7ec8951b

SHA512
495488c04e892f292cf4e041e60a5fe57e38637c8c434f5a9b2d0d37d1130dfa316bd7ad1d695f71f5ccdc4a567123bd4b7a41ec551bc7db705c6903473a1481

Download Submit
\e6b40686152245ac96a49203cb6f74\setup.exe

Filesize
689KB

MD5
4d5b5599f1cb63d895307f8dea8b674c

SHA1
111eecba8c0c1f39b4c9e252644ad586a4bb10dd

SHA256
9d8f858ca3201b7b04cc0564d70d3e8a809c93c69170799854d0e949d46685ff

SHA512
f905402444250de754d08d3fe25184d17f95220d589d7091673c93ae57a528c0d2b11fef34bb665f04ab14f5d90b1b88ecb125702c543cbe510392ae777dc2c9

Download Submit
\e6b40686152245ac96a49203cb6f74\setup.exe

Filesize
492KB

MD5
157a6e2683a01a536c0a0fee923e8f79

SHA1
a03a6a9845d3ae411023e3b794d2cf8b7f48863e

SHA256
e01b30ac4e1b24749794d105b8308d0031f289ed544d6c989d2a9e0f1f5c9ac9

SHA512
0a6ee1591437c364974525a563abba1c7413dbab939d6ab1f24a9cc5ab35344375b38fe29772dc9f551d045ff8abb81e4fb03d7435874c45798516c178075adc

Download Submit
\e6b40686152245ac96a49203cb6f74\setup.exe

Filesize
535KB

MD5
f92495405fd967f58a597d2bc3319010

SHA1
52b43c1ad1a85c270afd587219d3dae1e89bf2ea

SHA256
4d6798ccb80dc8870198d369efa47ddfef94425e43a8ee68b57e092ed6fabf48

SHA512
017bbbbf5c673d363920ad6784fb422ae6580710150086a057a80a4c2416b16b19d80d2b988724dd64d235ef2a446fda7214177633c14776b042ec355e297d08

Download Submit
\e6b40686152245ac96a49203cb6f74\setup.exe

Filesize
640KB

MD5
8b4f5d085db79ca1bef73e4b9d4bc8ce

SHA1
55ca57b7413d8f014cb9dafe1d2985ef8545f5e4

SHA256
8120b426fef30633ad5588cdf27bbe4c0a07ff51e8023cc34bb2bb42b850d91a

SHA512
a0a981a22d7180f6f076e5617aa71bcfb091c4bdcc82e52f372c51f0fe669dd10451ba2ca3c8e3d80cdd2abec186d1094b12fcfc4fb60a324fcdbf94a5966f27

Download Submit
\e6b40686152245ac96a49203cb6f74\setupstb.exe

Filesize
917KB

MD5
1affb5275b299ff887b4783cddd14992

SHA1
f463a948fbfcb61a52e7353adfc0a966ee79232b

SHA256
93d0ab42d292ea420915873b3eee5146f798c8ac6859cb4c018613339ae4b4bc

SHA512
71da41cea4b48b4aa37cfa518d51c40be1dbdbabf752cfbfc061bbf197d8819278d10e37b918eab49d640430c95e344430b99acb102abea2621c2ba19ffe8389

Download Submit
\e6b40686152245ac96a49203cb6f74\setupstb.exe

Filesize
412KB

MD5
319c102201caf1ecc60eea3602960b7b

SHA1
72c6eec1ffdd52a63a49af71604ca8e05d8ab5d0

SHA256
c4e4c5fd5e07a70253bf13943bc5991ccd1b8cfe15f90cc313c661241d43179a

SHA512
54ce5ac06c320609dd143b1a0357d0c934cf82818c74821154dc277c896c2896d320f91e07d19f36959f799581f88b37ba885846b06542e06b9aae76003e1ee5

Download Submit
\e6b40686152245ac96a49203cb6f74\setupstb.exe

Filesize
292KB

MD5
da67ca04dc9d598292cd2fe4dd77857b

SHA1
c5d55310a911522a57ebcdb9158f7c5f486b55bd

SHA256
f07df45840da8fb409e40247645387cde3067466a0d77d0fb9738ddea9a911ae

SHA512
fdb1c63ba41e7e6d3e1d8bb53a8a60beab9e32ceb0d69b54083fd2d04c19078e4a8becb627870decd39e69478a352d54cd244de6b1d39faf063ae7896894b8f7

Download Submit
\e6b40686152245ac96a49203cb6f74\setupstb.exe

Filesize
368KB

MD5
30ce72860102659c0f6a3fb919e8f636

SHA1
f71995f231038b219f8f4d9a027e8c4c65e66ba8

SHA256
9ebcfe81fb2d7bf6e408b8cd2f70d5c5b0e2027c8bec2ce264ee0d92cd37a7d7

SHA512
e63869ae3da0565d21cef5f1e54011b213e5b94c4f7671ab5de8822a6a6ed01e0e2f5240ff14b9323756b83bdecf40f414671d180cd81d32e54afff46b9388b8

Download Submit
\e6b40686152245ac96a49203cb6f74\setupstb.exe

Filesize
198KB

MD5
49499a5275db66d88e47e257ce3f6876

SHA1
c1df9ec7f84bf72fa7503ed3ccdadc3a5eb1c67c

SHA256
308b4658a74a9c0212d3b2ba247dfa5ef88de6db7820f7001d4e13a3e4dac515

SHA512
a22d471b6a7a86db4abc78163ca633aae5b05b7d8b78e89a7c672cf0d2ac4e9ff891d50ef45b18d7e21ed75dc7bb2dd10266c8200283b47318dde5a05fb62b12

Download Submit
\e6b40686152245ac96a49203cb6f74\setupstb.exe

Filesize
495KB

MD5
8e9628c4811e596e058dbe1a0edea797

SHA1
386c1d108d4a0d3cd0e774bede20b62dd419ca52

SHA256
17402e4b4409993e21056418e10e1f5e863b53ffbdff0ef365688efb7071b00d

SHA512
1ef9072537503ba9723ca6dc8d06558ff1d116e53f550ee98ed6f44036a208a061bc9307f62b4cad9a6437b9dc85cdca891166a837c5f72908b93d5f3bc536e5

Download Submit
\e6b40686152245ac96a49203cb6f74\setupstb.exe

Filesize
306KB

MD5
f87e69781bfc234a190bad48362706d6

SHA1
ab27a686f7144a5e8f528ff8e1bf9cf966ccb40e

SHA256
adb22025219ca02b7b5d0e597f91b217202cef9d5002031a321428bee9b82ae4

SHA512
de18e5f9385a6d0d12e84c38bcda0ea677684dd80e5489e7122e2cc71cf2331b5125049777c8f028c77ec674a28dbed1fdfab51c6eea6372bdb4c9b5f955fe8d

Download Submit
\e6b40686152245ac96a49203cb6f74\setupstb.exe

Filesize
329KB

MD5
68787d1847ff71ec087539c65d88827d

SHA1
cb1b25853166b5bac40fed84dac513bc8675291b

SHA256
646b20887bde7c506c7baf31aa2714ab2962bd5da50b0b755072cdf6b557b16c

SHA512
844f1bea041a444de5af249c568b78dfedfb78e7ba45b47040cbe56f2b959c6bad6c89d4d28dc0babaa961827ecc6be2d5e72d85a440896ee8b4c97ccc88bb96

Download Submit
\e6b40686152245ac96a49203cb6f74\xbox360\setup64\files\1033\setupres.dll

Filesize
375KB

MD5
1e709c33e99d584690a076cf4c522692

SHA1
8b90b2771d5f5d20e886eb64ae5def6fa8d01303

SHA256
efbfe72994b5154a7874bb312c242d8c60497f639c78188c2d5dfec97565c282

SHA512
205919441548fb900887456862907d37ab46c96c952f5882528c7f6031b8cb9626785d3206e376d293f2dade30c850f5e8630426f2590035f2011f50548eac89

Download Submit
\e6b40686152245ac96a49203cb6f74\xbox360\setup64\files\1033\setupres.dll

Filesize
411KB

MD5
1a8d9adc3ab411b8e0f31339f745f982

SHA1
71e8bcc46ff0ff4d52741ecee083fc7f9aace045

SHA256
f1fbd00f553deb3ce75999713e5e143dd9e2b7281f04c083fb66cca3773367ef

SHA512
61e55db1fb6ec5aa7dc37837e1f29ff8c151d0491d133f756cbfca242a4830a04286bb9b3e752dc11e6738286dc3af43295b929b014f883b4a226a295424b33d

Download Submit