Overview

overview

3

Static

static

3

PSMoveService.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-04-2024 21:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PSMoveService.exe

  • Size

    6.8MB

  • MD5

    2a34078e9190ca09862f333eb566879a

  • SHA1

    f63689db4341b01409a2ba22d80750cb5eab0469

  • SHA256

    9c165def819c75e08d2ff62e8f3edd80690f020e02cb15d695caa2adde349b62

  • SHA512

    56cf3f454eb42b6c34ba831643d1a5deccbe5287dfe141f678c592ca0aab21b77e08f494e680cd40a5718a4aaa9df3fe651e2eee6c48071e945db48985f9a830

  • SSDEEP

    98304:Ac4NUeb+9eeXT4ZbESZumhjniAUmXnkk:V4NuUdhESDdniAUl

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 39 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PSMoveService.exe
    "C:\Users\Admin\AppData\Local\Temp\PSMoveService.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4748
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2956
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:2300

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2956-6-0x000001D472A20000-0x000001D472A21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2956-7-0x000001D472A20000-0x000001D472A21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2956-8-0x000001D472A20000-0x000001D472A21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2956-18-0x000001D472A20000-0x000001D472A21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2956-17-0x000001D472A20000-0x000001D472A21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2956-16-0x000001D472A20000-0x000001D472A21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2956-15-0x000001D472A20000-0x000001D472A21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2956-14-0x000001D472A20000-0x000001D472A21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2956-13-0x000001D472A20000-0x000001D472A21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2956-12-0x000001D472A20000-0x000001D472A21000-memory.dmp

      Filesize

      4KB

      Download