Overview

overview

7

Static

static

3

Undertale.rar

windows10-2004-x64

3

Undertale/SKIDROW.txt

windows10-2004-x64

1

Undertale/...om.jpg

windows10-2004-x64

3

Undertale/..._a.ogg

windows10-2004-x64

7

Undertale/credits.txt

windows10-2004-x64

1

Undertale/data.win

windows10-2004-x64

3

Undertale/diffPatch

windows10-2004-x64

1

Undertale/lua5.1.dll

windows10-2004-x64

3

Undertale/mus_a2.ogg

windows10-2004-x64

7

Undertale/...ix.ogg

windows10-2004-x64

7

Undertale/...am.ogg

windows10-2004-x64

7

Undertale/...er.ogg

windows10-2004-x64

7

Undertale/...um.ogg

windows10-2004-x64

7

Undertale/mus_bad.ogg

windows10-2004-x64

7

Undertale/...er.ogg

windows10-2004-x64

7

Undertale/...e1.ogg

windows10-2004-x64

7

Undertale/...e2.ogg

windows10-2004-x64

7

Undertale/...ng.ogg

windows10-2004-x64

7

Undertale/...eA.ogg

windows10-2004-x64

7

Undertale/...se.ogg

windows10-2004-x64

7

Undertale/...ng.ogg

windows10-2004-x64

7

Undertale/...s1.ogg

windows10-2004-x64

7

Undertale/..._1.ogg

windows10-2004-x64

7

Undertale/..._2.ogg

windows10-2004-x64

7

Undertale/..._3.ogg

windows10-2004-x64

7

Undertale/..._4.ogg

windows10-2004-x64

7

Undertale/..._5.ogg

windows10-2004-x64

7

Undertale/..._6.ogg

windows10-2004-x64

7

Undertale/..._7.ogg

windows10-2004-x64

7

Undertale/...up.ogg

windows10-2004-x64

7

Undertale/...ll.ogg

windows10-2004-x64

7

Undertale/...00.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/04/2024, 21:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Undertale/mus_churchbell.ogg

  • Size

    77KB

  • MD5

    e9034a286c982f8828076ef768717eb2

  • SHA1

    f234643262586ae443e70014b7e70969d09a7730

  • SHA256

    1ae68de7e36cfc091a188b24c89e1d349310fe8264f73efb88eda5389049d530

  • SHA512

    06d32c243eaa3f5ca0f4833833bd73303837a4a555f228b5996be3ae99d2636bcceb66416da9a1a264ac401349777136b7c0cb4cc8a47de7f52732d2622cf47b

  • SSDEEP

    1536:8Z2tHf0mm0RBmPpl0+qUJNC7DzdETyap4lH0Kp8bI7KHDxU7GH:NHMmm0Rae/zdWyagDp8btHuM

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Undertale\mus_churchbell.ogg
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3392
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Undertale\mus_churchbell.ogg"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2724
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x46c 0x3c0
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2724-6-0x00007FFC46750000-0x00007FFC46784000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2724-5-0x00007FF77B500000-0x00007FF77B5F8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/2724-8-0x00007FFC49F30000-0x00007FFC49F48000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2724-14-0x00007FFC46170000-0x00007FFC46181000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2724-13-0x00007FFC46190000-0x00007FFC461AD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2724-12-0x00007FFC461B0000-0x00007FFC461C1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2724-11-0x00007FFC461D0000-0x00007FFC461E7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2724-10-0x00007FFC46270000-0x00007FFC46281000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2724-9-0x00007FFC46650000-0x00007FFC46667000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2724-15-0x00007FFC36240000-0x00007FFC3644B000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2724-22-0x00007FFC45810000-0x00007FFC45821000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2724-20-0x00007FFC45900000-0x00007FFC45911000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2724-21-0x00007FFC35190000-0x00007FFC36240000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/2724-19-0x00007FFC45920000-0x00007FFC45931000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2724-18-0x00007FFC46150000-0x00007FFC46168000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2724-17-0x00007FFC45A10000-0x00007FFC45A31000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2724-16-0x00007FFC45940000-0x00007FFC45981000-memory.dmp

    Filesize

    260KB

    Download

  • memory/2724-7-0x00007FFC36640000-0x00007FFC368F6000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2724-39-0x00007FFC35190000-0x00007FFC36240000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/2724-57-0x00007FFC35190000-0x00007FFC36240000-memory.dmp

    Filesize

    16.7MB

    Download