Overview
overview
7Static
static
3dolphin-x64-5.0.exe
windows10-1703-x64
7$PLUGINSDI...ns.dll
windows10-1703-x64
3$PLUGINSDI...LL.dll
windows10-1703-x64
3$PLUGINSDI...em.dll
windows10-1703-x64
3infinst.exe
windows10-1703-x64
4xinput1_3.dll
windows10-1703-x64
1xinput1_3.dll
windows10-1703-x64
1$TEMP/dxre...UP.dll
windows10-1703-x64
4$TEMP/dxre...UP.exe
windows10-1703-x64
4$TEMP/dxre...32.dll
windows10-1703-x64
4dxupdate.dll
windows10-1703-x64
3$TEMP/vcre...64.exe
windows10-1703-x64
7Dolphin.exe
windows10-1703-x64
6OpenAL32.dll
windows10-1703-x64
1Sys/GameSe...r2.ps1
windows10-1703-x64
1Sys/GameSe...01.ps1
windows10-1703-x64
1Analysis
-
max time kernel
312s -
max time network
1590s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
11-04-2024 16:31
Static task
static1
Behavioral task
behavioral1
Sample
dolphin-x64-5.0.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
infinst.exe
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
xinput1_3.dll
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
xinput1_3.dll
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
$TEMP/dxredist/DSETUP.dll
Resource
win10-20240404-en
Behavioral task
behavioral9
Sample
$TEMP/dxredist/DXSETUP.exe
Resource
win10-20240404-en
Behavioral task
behavioral10
Sample
$TEMP/dxredist/dsetup32.dll
Resource
win10-20240404-en
Behavioral task
behavioral11
Sample
dxupdate.dll
Resource
win10-20240404-en
Behavioral task
behavioral12
Sample
$TEMP/vcredist/vc_redist.x64.exe
Resource
win10-20240404-en
Behavioral task
behavioral13
Sample
Dolphin.exe
Resource
win10-20240404-en
Behavioral task
behavioral14
Sample
OpenAL32.dll
Resource
win10-20240404-en
Behavioral task
behavioral15
Sample
Sys/GameSettings/GALE01r2.ps1
Resource
win10-20240404-en
Behavioral task
behavioral16
Sample
Sys/GameSettings/GZ2J01.ps1
Resource
win10-20240404-en
General
-
Target
$TEMP/dxredist/dsetup32.dll
-
Size
1.5MB
-
MD5
d8fa7bb4fe10251a239ed75055dd6f73
-
SHA1
76c4bd2d8f359f7689415efc15e3743d35673ae8
-
SHA256
fb0e534f9b0926e518f1c2980640dfd29f14217cdfa37cf3a0c13349127ed9a8
-
SHA512
73f633179b1340c1c14d0002b72e44cab1919d0ef174f307e4bfe6de240b0b6ef233e67a8b0a0cd677556865ee7b88c6de152045a580ab9fbf1a50d2db0673b4
-
SSDEEP
24576:CIQ+ddddddddddddddxOOOOOOOOOOOOOO2iWeXiWeXiWeXiWeXiWeXiWeXiWeXi+:CIQsOOOOOOOOOOOOOO2iWeXiWeXiWeXf
Malware Config
Signatures
-
Drops file in Windows directory 2 IoCs
description ioc Process File opened for modification C:\Windows\Logs\DXError.log rundll32.exe File opened for modification C:\Windows\Logs\DirectX.log rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2276 wrote to memory of 4804 2276 rundll32.exe 73 PID 2276 wrote to memory of 4804 2276 rundll32.exe 73 PID 2276 wrote to memory of 4804 2276 rundll32.exe 73
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\dxredist\dsetup32.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2276 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\dxredist\dsetup32.dll,#12⤵
- Drops file in Windows directory
PID:4804
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
186B
MD56a0a257d3198d48cd1a53cfbb6fee822
SHA17de98bf57904aed4d19a4cc652585363c0aaf31a
SHA256835b1df88f4887f9bf4752407f4ca34c07f81ce5ca3de137c47261fa4c04dd8d
SHA512467eede81ad988cab369177d3a9499e0415af15e650cac27f2a72c914e74fd6303e71c402059900f2b2cf440a7b8ce05217874671116a2110e284f0384b23c12
-
Filesize
679B
MD5f80cd5cf7dcee0b8ad8a3cd3428964d7
SHA13ad9fa6130896259e5ef903f8533e0ab01f9b23f
SHA2560c8c6c359e8d3081163d17152e4606cd9c26d220ffd92c251a01f7ec9c3d1f56
SHA51249e9e18c23615c22c5afa56c2d46b75eaa42418509ab750e8dfda719791cb737761822039147fa02086c6a6d3f1c034de0a8b29487f15fa518d73a1ee1171a29