Overview

overview

6

Static

static

3

YandereSim...er.exe

windows11-21h2-x64

6

Analysis

  • max time kernel
    129s
  • max time network
    133s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240419-en
  • resource tags

    arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    04-05-2024 20:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    YandereSimulatorLauncher.exe

  • Size

    4.7MB

  • MD5

    ab495cbad9cce547dc6b9d53d375305d

  • SHA1

    558090bb37ad5d7eca7579268695363f380bf81e

  • SHA256

    f4911aca41a0bf0a0aea29ef832965123d794bac2e8c6e9f36986f640c45f19b

  • SHA512

    3e90c455ada7ad2eaeba31d330c875cb945babb55dce613aa900e1178438499eb4883e8f07bec760f621283daa3f6a41904a2e96bf70e10b7cf8a14091cff85b

  • SSDEEP

    98304:ZRXG+U5FP7zOnKWjcghx10+HvYOumBfEzsTb6S6yhv1M9lc:5UzfOKWF3gOumBf/lbv69

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 33 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\YandereSimulatorLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\YandereSimulatorLauncher.exe"
    1⤵
    • Enumerates connected drives
    • Checks processor information in registry
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1380
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x000000000000049C 0x00000000000004E4
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4956

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    896KB

    MD5

    bfd7ff1889337dcbd98ad4a781709240

    SHA1

    9efa2ae3cc1b3b1804699ac4a3d941282223a56e

    SHA256

    169cd71ae6597d29ea7d9ac85caf83af5135247a8634260f77c36d899be77039

    SHA512

    57ec5b714613b533b860503655ce2494ba2026e019c925886f89fd1c758d469080637131afc6f3202a0de2d2e77f7a3a1592ed8f9bb8e4101ba8ac4a383056de

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
    Filesize

    9KB

    MD5

    7050d5ae8acfbe560fa11073fef8185d

    SHA1

    5bc38e77ff06785fe0aec5a345c4ccd15752560e

    SHA256

    cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

    SHA512

    a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{514C7D78-0C49-4426-948E-883DD850A91F}\mainpanel-dere.wmv
    Filesize

    2.5MB

    MD5

    42d071324f3a2d8ee2f67c49fded4f32

    SHA1

    2f91d68905ede16c22bdad2687f3df38641b2706

    SHA256

    15d880ab2da5eecc1ea9d3349341eefd6d19118c772da1314ce09f1febb0df90

    SHA512

    ccdf815463b30deb7c1d4afa292b0dc7735ce7218ce17d339bd8c103f2b72d1f59f50f0d9aee72c63bf6282dbea08cd8b00867c596150a16f04c2747e56e7577

    Download Submit

  • memory/1380-1-0x000001C452750000-0x000001C452C06000-memory.dmp

    Filesize

    4.7MB

    Download

  • memory/1380-0-0x00007FFF13F73000-0x00007FFF13F75000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1380-4-0x00007FFF13F70000-0x00007FFF14A32000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1380-15-0x00007FFF13F70000-0x00007FFF14A32000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1380-17-0x000001C46D6B0000-0x000001C46D6BE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1380-16-0x000001C470E50000-0x000001C470E88000-memory.dmp

    Filesize

    224KB

    Download

  • memory/1380-18-0x00007FFF13F70000-0x00007FFF14A32000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1380-20-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-21-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-22-0x00007FFF13F70000-0x00007FFF14A32000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1380-35-0x00007FFF13F70000-0x00007FFF14A32000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1380-46-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-45-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-44-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-49-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-43-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-52-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-54-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-51-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-53-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-50-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-42-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-41-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-55-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-59-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-58-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-57-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-56-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-40-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-39-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-65-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-64-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-63-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-62-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-61-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-60-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-38-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-37-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-36-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-67-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-71-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-68-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-70-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-69-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-66-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-76-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-75-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-74-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-73-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-72-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-80-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-79-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-78-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-77-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-83-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-84-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-82-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-81-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-88-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-87-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-86-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-85-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-92-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-91-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-90-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-89-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-95-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-96-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-97-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-94-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-93-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-99-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-98-0x000001C472910000-0x000001C472920000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1380-138-0x000001C472BC0000-0x000001C472BE0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1380-148-0x000001C472A20000-0x000001C472AD0000-memory.dmp

    Filesize

    704KB

    Download

  • memory/1380-149-0x000001C472B20000-0x000001C472B42000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1380-186-0x00007FFF13F70000-0x00007FFF14A32000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1380-376-0x00007FFF13F73000-0x00007FFF13F75000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1380-454-0x00007FFF13F70000-0x00007FFF14A32000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1380-580-0x00007FFF13F70000-0x00007FFF14A32000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1380-697-0x00007FFF13F70000-0x00007FFF14A32000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1380-1066-0x00007FFF13F70000-0x00007FFF14A32000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1380-1258-0x00007FFF13F70000-0x00007FFF14A32000-memory.dmp

    Filesize

    10.8MB

    Download