Overview

overview

3

Static

static

1

ваня3�...lc.zip

windows7-x64

1

ваня3�...lc.zip

windows10-2004-x64

1

DLC/dlc040...40.dlc

windows7-x64

3

DLC/dlc040...40.dlc

windows10-2004-x64

3

DLC/dlc040...ry.gfx

windows7-x64

3

DLC/dlc040...ry.gfx

windows10-2004-x64

3

DLC/dlc040...es.gfx

windows7-x64

3

DLC/dlc040...es.gfx

windows10-2004-x64

3

DLC/dlc040...ks.gfx

windows7-x64

3

DLC/dlc040...ks.gfx

windows10-2004-x64

3

DLC/dlc040...es.gfx

windows7-x64

3

DLC/dlc040...es.gfx

windows10-2004-x64

3

DLC/dlc040....asset

windows7-x64

3

DLC/dlc040....asset

windows10-2004-x64

3

DLC/dlc040....asset

windows7-x64

3

DLC/dlc040....asset

windows10-2004-x64

3

DLC/dlc040....asset

windows7-x64

3

DLC/dlc040....asset

windows10-2004-x64

3

DLC/dlc040....asset

windows7-x64

3

DLC/dlc040....asset

windows10-2004-x64

3

DLC/dlc040....asset

windows7-x64

3

DLC/dlc040....asset

windows10-2004-x64

3

DLC/dlc040....asset

windows7-x64

3

DLC/dlc040....asset

windows10-2004-x64

1

DLC/dlc040...ns.txt

windows7-x64

1

DLC/dlc040...ns.txt

windows10-2004-x64

1

DLC/dlc040...ns.txt

windows7-x64

1

DLC/dlc040...ns.txt

windows10-2004-x64

1

DLC/dlc040...ll.dds

windows7-x64

3

DLC/dlc040...ll.dds

windows10-2004-x64

3

DLC/dlc040...ll.dds

windows7-x64

3

DLC/dlc040...ll.dds

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19-03-2024 15:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DLC/dlc040_trial_of_allegiance/gfx/entities/TOA_units_tanks.asset

  • Size

    69KB

  • MD5

    5605a84a774bd6a298c7ac4d0f01f124

  • SHA1

    7d98231401257e28cb7359a9afeda4bbc6027ee4

  • SHA256

    8133b3d57353493ccbef89ac6825cdbacb98b1f124681bf7ec624f8d5bddef43

  • SHA512

    cc64b1be5593382b662224cb145218f44363c52eec4de1e5ee1d2feec9d0253165b307e49ef26c38ed56294ef1f8210f4c27fbcd2d46e70261762527e2eadce5

  • SSDEEP

    1536:7QKrMeWLQ9Y+IEeQO/+IEmQ2XxIHbQX6PRdoQX6PRdQQ9YhzXjQKrhzXNQ9YhzXH:7QKrMeWLQ9Y+IEeQO/+IEmQ2XxIHbQX6

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\DLC\dlc040_trial_of_allegiance\gfx\entities\TOA_units_tanks.asset
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1692
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\DLC\dlc040_trial_of_allegiance\gfx\entities\TOA_units_tanks.asset
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2812
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\DLC\dlc040_trial_of_allegiance\gfx\entities\TOA_units_tanks.asset"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2596

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    d69314f8b0fc80efb99f17080a54f7b3

    SHA1

    446ec65dfd0ad51f89ecd8bb8f6ec4ebfbbde550

    SHA256

    bb326bff1cd124c2fc8ccfb6042933d87a25853c14aff60f27327fb7e387036e

    SHA512

    7d697894d4ade6c2ba08c932890a0e52e51050aeb38c5b1b6d35aaa908e0a65f452c4d8881b88e274bc02df5012fe0d1aa54e3a94317eed39ec84175426d6dfb

    Download Submit