Overview
overview
7Static
static
3DXSETUP.exe
windows11-21h2-x64
4Call of Du...12.exe
windows11-21h2-x64
7Call of Du...64.exe
windows11-21h2-x64
7Call of Du...64.exe
windows11-21h2-x64
7Call of Du...86.exe
windows11-21h2-x64
7Call of Du...64.exe
windows11-21h2-x64
7Call of Du...86.exe
windows11-21h2-x64
7Call of Du...64.exe
windows11-21h2-x64
7Call of Du...86.exe
windows11-21h2-x64
7Call of Du...64.exe
windows11-21h2-x64
7Call of Du...86.exe
windows11-21h2-x64
7Call of Du...64.exe
windows11-21h2-x64
7Call of Du...86.exe
windows11-21h2-x64
7Call of Du...64.exe
windows11-21h2-x64
7Call of Du...86.exe
windows11-21h2-x64
7Analysis
-
max time kernel
86s -
max time network
192s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system -
submitted
19-04-2024 17:36
Static task
static1
Behavioral task
behavioral1
Sample
DXSETUP.exe
Resource
win11-20240412-en
Behavioral task
behavioral2
Sample
Call of Duty Modern Warfare 3 DX12 Error Fixed Pack By ZOHAIB ROCK/Directx 12.exe
Resource
win11-20240412-en
Behavioral task
behavioral3
Sample
Call of Duty Modern Warfare 3 DX12 Error Fixed Pack By ZOHAIB ROCK/RuntimePack_x86_x64.exe
Resource
win11-20240412-en
Behavioral task
behavioral4
Sample
Call of Duty Modern Warfare 3 DX12 Error Fixed Pack By ZOHAIB ROCK/runtime c++/vcredist2005_x64.exe
Resource
win11-20240412-en
Behavioral task
behavioral5
Sample
Call of Duty Modern Warfare 3 DX12 Error Fixed Pack By ZOHAIB ROCK/runtime c++/vcredist2005_x86.exe
Resource
win11-20240412-en
Behavioral task
behavioral6
Sample
Call of Duty Modern Warfare 3 DX12 Error Fixed Pack By ZOHAIB ROCK/runtime c++/vcredist2008_x64.exe
Resource
win11-20240412-en
Behavioral task
behavioral7
Sample
Call of Duty Modern Warfare 3 DX12 Error Fixed Pack By ZOHAIB ROCK/runtime c++/vcredist2008_x86.exe
Resource
win11-20240412-en
Behavioral task
behavioral8
Sample
Call of Duty Modern Warfare 3 DX12 Error Fixed Pack By ZOHAIB ROCK/runtime c++/vcredist2010_x64.exe
Resource
win11-20240412-en
Behavioral task
behavioral9
Sample
Call of Duty Modern Warfare 3 DX12 Error Fixed Pack By ZOHAIB ROCK/runtime c++/vcredist2010_x86.exe
Resource
win11-20240412-en
Behavioral task
behavioral10
Sample
Call of Duty Modern Warfare 3 DX12 Error Fixed Pack By ZOHAIB ROCK/runtime c++/vcredist2012_x64.exe
Resource
win11-20240412-en
Behavioral task
behavioral11
Sample
Call of Duty Modern Warfare 3 DX12 Error Fixed Pack By ZOHAIB ROCK/runtime c++/vcredist2012_x86.exe
Resource
win11-20240412-en
Behavioral task
behavioral12
Sample
Call of Duty Modern Warfare 3 DX12 Error Fixed Pack By ZOHAIB ROCK/runtime c++/vcredist2013_x64.exe
Resource
win11-20240412-en
Behavioral task
behavioral13
Sample
Call of Duty Modern Warfare 3 DX12 Error Fixed Pack By ZOHAIB ROCK/runtime c++/vcredist2013_x86.exe
Resource
win11-20240412-en
Behavioral task
behavioral14
Sample
Call of Duty Modern Warfare 3 DX12 Error Fixed Pack By ZOHAIB ROCK/runtime c++/vcredist2015_2017_2019_x64.exe
Resource
win11-20240412-en
Behavioral task
behavioral15
Sample
Call of Duty Modern Warfare 3 DX12 Error Fixed Pack By ZOHAIB ROCK/runtime c++/vcredist2015_2017_2019_x86.exe
Resource
win11-20240412-en
General
-
Target
Call of Duty Modern Warfare 3 DX12 Error Fixed Pack By ZOHAIB ROCK/Directx 12.exe
-
Size
285KB
-
MD5
bcbb7c0cd9696068988953990ec5bd11
-
SHA1
3c8243734cf43dd7bb2332ba05b58ccacfa4377c
-
SHA256
34f64699d4830145cae69bd40115b1f326e70fc6a98456cb3df996d947dddca4
-
SHA512
551a2e3aa5fc7c0e79c3bd7c5333df5f1920ea83fe35b99adbbe865ea926fa772d72709bde2ea8f2685f4914cd96ff7b5b6f894f9b99f1120c2abe89c390a786
-
SSDEEP
6144:3WK8fc2liXmrLxcdRDLiH1vVRGVOhMp421/7YQ43:mcvgLARDI1KIOzOR3
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
dxwsetup.exepid process 3488 dxwsetup.exe -
Loads dropped DLL 2 IoCs
Processes:
dxwsetup.exepid process 3488 dxwsetup.exe 3488 dxwsetup.exe -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
Directx 12.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" Directx 12.exe -
Drops file in System32 directory 7 IoCs
Processes:
dxwsetup.exedescription ioc process File created C:\Windows\SysWOW64\directx\websetup\SET6A14.tmp dxwsetup.exe File opened for modification C:\Windows\SysWOW64\directx\websetup\dsetup.dll dxwsetup.exe File opened for modification C:\Windows\SysWOW64\directx\websetup\SET6A25.tmp dxwsetup.exe File created C:\Windows\SysWOW64\directx\websetup\SET6A25.tmp dxwsetup.exe File opened for modification C:\Windows\SysWOW64\directx\websetup\dsetup32.dll dxwsetup.exe File opened for modification C:\Windows\SysWOW64\DirectX\WebSetup dxwsetup.exe File opened for modification C:\Windows\SysWOW64\directx\websetup\SET6A14.tmp dxwsetup.exe -
Drops file in Windows directory 1 IoCs
Processes:
dxwsetup.exedescription ioc process File opened for modification C:\Windows\Logs\DirectX.log dxwsetup.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Directx 12.exedescription pid process target process PID 2652 wrote to memory of 3488 2652 Directx 12.exe dxwsetup.exe PID 2652 wrote to memory of 3488 2652 Directx 12.exe dxwsetup.exe PID 2652 wrote to memory of 3488 2652 Directx 12.exe dxwsetup.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Call of Duty Modern Warfare 3 DX12 Error Fixed Pack By ZOHAIB ROCK\Directx 12.exe"C:\Users\Admin\AppData\Local\Temp\Call of Duty Modern Warfare 3 DX12 Error Fixed Pack By ZOHAIB ROCK\Directx 12.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dsetup.dllFilesize
93KB
MD5984cad22fa542a08c5d22941b888d8dc
SHA13e3522e7f3af329f2235b0f0850d664d5377b3cd
SHA25657bc22850bb8e0bcc511a9b54cd3da18eec61f3088940c07d63b9b74e7fe2308
SHA5128ef171218b331f0591a4b2a5e68dcbae98f5891518ce877f1d8d1769c59c0f4ddae43cc43da6606975078f889c832f0666484db9e047782e7a0ae4a2d41f5bef
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeFilesize
515KB
MD5ac3a5f7be8cd13a863b50ab5fe00b71c
SHA1eee417cd92e263b84dd3b5dcc2b4b463fe6e84d9
SHA2568f5e89298e3dc2e22d47515900c37cca4ee121c5ba06a6d962d40ad6e1a595da
SHA512c8bbe791373dad681f0ac9f5ab538119bde685d4f901f5db085c73163fc2e868972b2de60e72ccd44f745f1fd88fcde2e27f32302d8cbd3c1f43e6e657c79fba
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.infFilesize
477B
MD5ad8982eaa02c7ad4d7cdcbc248caa941
SHA14ccd8e038d73a5361d754c7598ed238fc040d16b
SHA256d63c35e9b43eb0f28ffc28f61c9c9a306da9c9de3386770a7eb19faa44dbfc00
SHA5125c805d78bafff06c36b5df6286709ddf2d36808280f92e62dc4c285edd9176195a764d5cf0bb000da53ca8bbf66ddd61d852e4259e3113f6529e2d7bdbdd6e28
-
C:\Windows\SysWOW64\directx\websetup\dsetup32.dllFilesize
1.5MB
MD5a5412a144f63d639b47fcc1ba68cb029
SHA181bd5f1c99b22c0266f3f59959dfb4ea023be47e
SHA2568a011da043a4b81e2b3d41a332e0ff23a65d546bd7636e8bc74885e8746927d6
SHA5122679a4cb690e8d709cb5e57b59315d22f69f91efa6c4ee841943751c882b0c0457fd4a3376ac3832c757c6dfaffb7d844909c5665b86a95339af586097ee0405