Analysis Overview
SHA256
38ba384cdb7c9cfc9c6ab60138b1b62dc465fb60e5abab17500249b39827f124
Threat Level: Shows suspicious behavior
The file Black Myth Wukong 64-bit.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Detects Pyinstaller
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-09 07:12
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-09 07:12
Reported
2024-04-09 07:12
Platform
win11-20240221-en
Max time kernel
0s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Black Myth Wukong 64-bit.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Black Myth Wukong 64-bit.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Black Myth Wukong 64-bit.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Black Myth Wukong 64-bit.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3088 wrote to memory of 2864 | N/A | C:\Users\Admin\AppData\Local\Temp\Black Myth Wukong 64-bit.exe | C:\Users\Admin\AppData\Local\Temp\Black Myth Wukong 64-bit.exe |
| PID 3088 wrote to memory of 2864 | N/A | C:\Users\Admin\AppData\Local\Temp\Black Myth Wukong 64-bit.exe | C:\Users\Admin\AppData\Local\Temp\Black Myth Wukong 64-bit.exe |
| PID 3088 wrote to memory of 2864 | N/A | C:\Users\Admin\AppData\Local\Temp\Black Myth Wukong 64-bit.exe | C:\Users\Admin\AppData\Local\Temp\Black Myth Wukong 64-bit.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Black Myth Wukong 64-bit.exe
"C:\Users\Admin\AppData\Local\Temp\Black Myth Wukong 64-bit.exe"
C:\Users\Admin\AppData\Local\Temp\Black Myth Wukong 64-bit.exe
"C:\Users\Admin\AppData\Local\Temp\Black Myth Wukong 64-bit.exe"
Network
Files
C:\Users\Admin\AppData\Local\Temp\_MEI30882\python312.dll
| MD5 | 6b6a180cd4d0258ba1f1482215b5ff02 |
| SHA1 | f991096b14cf25420064d443a31bd3185ba31661 |
| SHA256 | cac3864fb3fd40b9d32c34ff4f63794b80157d93557bf4bcd26b05ff4419b526 |
| SHA512 | 849d043262edab7708cee9474fe5f2626cddfddc999d5f8d95c97d3ef42f5c2a14c468505e975ecf09451e3eb9a8dc6693b09b7e12e9c3c9a0c442e1cccc0156 |
C:\Users\Admin\AppData\Local\Temp\_MEI30882\VCRUNTIME140.dll
| MD5 | 17f01742d17d9ffa7d8b3500978fc842 |
| SHA1 | 2da2ff031da84ac8c2d063a964450642e849144d |
| SHA256 | 70dd90f6ee01854cecf18b1b6d1dfbf30d33c5170ba07ad8b64721f0bdcc235e |
| SHA512 | c4e617cd808e48cc803343616853adf32b7f2e694b5827392219c69145a43969384d2fc67fa6fa0f5af1ca449eb4932004fbcdd394a5ba092212412b347586f0 |
C:\Users\Admin\AppData\Local\Temp\_MEI30882\base_library.zip
| MD5 | 630153ac2b37b16b8c5b0dbb69a3b9d6 |
| SHA1 | f901cd701fe081489b45d18157b4a15c83943d9d |
| SHA256 | ec4e6b8e9f6f1f4b525af72d3a6827807c7a81978cb03db5767028ebea283be2 |
| SHA512 | 7e3a434c8df80d32e66036d831cbd6661641c0898bd0838a07038b460261bf25b72a626def06d0faa692caf64412ca699b1fa7a848fe9d969756e097cba39e41 |
C:\Users\Admin\AppData\Local\Temp\_MEI30882\_ctypes.pyd
| MD5 | 911cf3bbd1bc0280b5105379e6d9dddd |
| SHA1 | 127fd9d7508c9c63b16dd5bb64bf893e8c252cdc |
| SHA256 | cbf5248b652b56a071e2fd5b8870dbed8322138a7c374de3c3116df7e51ed4b3 |
| SHA512 | ef4d0549d575fff5dd6874f340618b1307701e1458ea8096a32790266c56e85a929533c2f08a88e550b48302c099e7739e1d856c2e9d64b4528ec5704f73fd23 |
C:\Users\Admin\AppData\Local\Temp\_MEI30882\libffi-8.dll
| MD5 | 74d2b5e0120a6faae57042a9894c4430 |
| SHA1 | 592f115016a964b7eb42860b589ed988e9fff314 |
| SHA256 | b982741576a050860c3f3608c7b269dbd35ab296429192b8afa53f1f190069c0 |
| SHA512 | f3c62f270488d224e24e29a078439736fa51c9ac7b0378dd8ac1b6987c8b8942a0131062bd117977a37046d4b1488f0f719f355039692bc21418fdfbb182e231 |
C:\Users\Admin\AppData\Local\Temp\_MEI30882\_socket.pyd
| MD5 | da77aa88903b13ebf6139d0aa6b2eaa3 |
| SHA1 | 5c12270118338336e3ef44fc85d57c7fed4e8d56 |
| SHA256 | 04d4649b658ca3f392af0634efc29dfc2abcddb92ec3397c9913a444268ce86e |
| SHA512 | e192144d1ebeb63815c1d32c5239d78d88624801e1a745a6779e17f982d2a77e13374831381d00bc99c69060c016edf5ecf048c1f35e090296398ea4dc139b90 |
C:\Users\Admin\AppData\Local\Temp\_MEI30882\_lzma.pyd
| MD5 | f86b9f26e410a25cb8efda504702dd34 |
| SHA1 | 5a4b7e39058133d8fb12492e90dd090be5fab735 |
| SHA256 | 9234f38b7b514cdf8ce091dcc1f944385db2c908e7b852a8296492c1f7685eef |
| SHA512 | a5af18aa013bdde18c09ff88a257519e5ce615ae61333fc8cecc4e219f48dafb2533c4e4c5ec42360c7885ac363d772370aa1c731b2b0a9ccb3ccd9b0ae02409 |
C:\Users\Admin\AppData\Local\Temp\_MEI30882\_hashlib.pyd
| MD5 | 7a9548fa712b1ad8a023ae1253a2793a |
| SHA1 | b90a45c35426d8a3ac6c106f932a93f1efffa865 |
| SHA256 | 0de6c73d4334d01de7d38bcf1648ed42354c170e7c765b9995d4bf40823bc5fc |
| SHA512 | 6f517e4853548bc709192d66c433f0b8f51b73ab0839f4f2fea5c3820f82256d525f00ec5f78adc5660c80aadd88068625e2b6b60f25f3787942a4e3422e378c |
C:\Users\Admin\AppData\Local\Temp\_MEI30882\_decimal.pyd
| MD5 | f3f47709cb9449473c1158f10b949a1d |
| SHA1 | d44c8798d5d096e0fa24a7f113983190d59be3d0 |
| SHA256 | 7b734f4f8e29ad8eb1eb03ebced277299be839727ee645f7eefaa93b7ff23d24 |
| SHA512 | 8e22838b2457403f681fa23c467433d2db3cbb67e90e4f9350fcc0dd52755a60eb33236b06b29b099f95d64ba2c2ead2788ce38c57a86c7c82524b701cd4dd7c |
C:\Users\Admin\AppData\Local\Temp\_MEI30882\_bz2.pyd
| MD5 | 8cb92a62222c203a9a5d1ba7cca4f1aa |
| SHA1 | da58d20fedc582d9d1fed4611c6c059de5868f33 |
| SHA256 | 1985dface64121d35d8288d62b909f4196a608a4e5b83cbfc5695e53c3e63935 |
| SHA512 | 9289450ced220f1b9166cfa6d3596c50995e7f15cabd6ffa137f371b7952b0775bc1f850d4581473ad842d77c9dfb83cb85ee6d3cd92374b716d62e8d06f1976 |
C:\Users\Admin\AppData\Local\Temp\_MEI30882\unicodedata.pyd
| MD5 | 860e9244e11536bba7aa8c2441b3c726 |
| SHA1 | bf3be8d8123b0cfe9027dcd63ab913fe863d20e5 |
| SHA256 | 583719afaaa86d6136db250972080592fa2785a0861e836c402d5950bd45ae53 |
| SHA512 | 05a18d2af244d312f15f2d8b4e14b4f863262ae809af77345ce3b3abc830600cfb06711008a9dd966d0ee5b4866a9493c2eac63715bf84d92b838062df3e3092 |
C:\Users\Admin\AppData\Local\Temp\_MEI30882\select.pyd
| MD5 | 42be65fc2b54263b72cf1fd319b3059e |
| SHA1 | daeebbedfad3ba64da00e3ecee7242e15807073b |
| SHA256 | dc4baa048c6453580a199c76fd0f8d6d9c9ec272e40eb7eee5168bec00b43b12 |
| SHA512 | 9b8fb9650cbae70f10171637cb9fa9e52e1be43bbcb8aed0e86ca9c80c403fe6a5a5113c4790ea25707b7cd7f18b30d7ce79ab1e27500006c299b9aed39ef693 |
C:\Users\Admin\AppData\Local\Temp\_MEI30882\libcrypto-3.dll
| MD5 | 2e9277a5dd088949086d450da0e5f4e8 |
| SHA1 | c939886464bb65dc4667d8e477d97a619eadddfc |
| SHA256 | 7de51a1913ca3b10027f83d99ccccb166d6a3c06ca5d6358f260342dbacdbf6a |
| SHA512 | 9f16c77cd90e1b6657f3d2cbd131273bf24becff01c198690ebadb2c454e3f84b88a7e9c6fecdb7f564e1aa99a5583bbd1933e5db408efce3a9095776fa1a056 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-09 07:12
Reported
2024-04-09 07:13
Platform
win11-20240214-en
Max time kernel
1s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\BSR.pyc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding