Overview

overview

3

Static

static

3

xash3d-fwg...d64.7z

windows7-x64

3

SDL2.dll

windows7-x64

1

activities.txt

windows7-x64

1

filesystem_stdio.dll

windows7-x64

1

filesystem_stdio.pdb

windows7-x64

3

mdldec.exe

windows7-x64

1

mdldec.pdb

windows7-x64

3

menu.dll

windows7-x64

1

menu.pdb

windows7-x64

3

ref_gl.dll

windows7-x64

1

ref_gl.pdb

windows7-x64

3

ref_soft.dll

windows7-x64

1

ref_soft.pdb

windows7-x64

3

valve/extras.zip

windows7-x64

1

touch_default/map.png

windows7-x64

3

touch_defa...nu.png

windows7-x64

3

touch_defa...ap.png

windows7-x64

3

touch_defa...rs.cfg

windows7-x64

3

touch_defa...ap.png

windows7-x64

3

touch_defa...ad.png

windows7-x64

3

touch_defa...ve.png

windows7-x64

3

touch_defa...gs.png

windows7-x64

3

touch_defa...ot.png

windows7-x64

3

touch_defa...lt.png

windows7-x64

3

touch_defa...ns.png

windows7-x64

3

touch_defa...ay.png

windows7-x64

3

touch_defa...ck.png

windows7-x64

3

touch_default/use.png

windows7-x64

3

xash.dll

windows7-x64

1

xash.pdb

windows7-x64

3

xash3d.exe

windows7-x64

1

xash3d.pdb

windows7-x64

3

Analysis

  • max time kernel
    1566s
  • max time network
    1567s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 00:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ref_gl.pdb

  • Size

    7.2MB

  • MD5

    27fd3d866162f77d6b9e510045e77437

  • SHA1

    61d5821265aede7ea6110fbaa741796743832353

  • SHA256

    904f2f77c167f5309fb4c77ae12c3193b00c63b4188e8e1ec877a8fc6136155b

  • SHA512

    8db6acbc1c0ef35f4e7c45c7a90ec0de6104976eef7c2460f374d837290af3fd7d76f85d73849d4850a49c590428e95766898ca18a6e79a09e6338ff7c876057

  • SSDEEP

    98304:n9fp1Oq/LT9pk+xmwhHl8mtJbLHsyR9JmUmXmzARHjTP16G4uq/LT9pk+xmwhHln:n9fp1FARHjp4iAsp81

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\ref_gl.pdb
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2420
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\ref_gl.pdb
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2676
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ref_gl.pdb"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2664

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    7adace0c82d820434cf4afe71f78fd53

    SHA1

    64091a916c2df434bcc6dc2f544b9922607535e7

    SHA256

    0efffac22d200ac3a9d9f9de28fbc91e7c9c852f1f83efbc6d6493e8b32e98be

    SHA512

    ee8cfacf679c8b32d404d89e93097497b448d409df6e53876d42b3657eb397517f14d46cf5c9c80b16aaa53964f8a8cbc4f903a38236b680e84cbce1aa8a9e3a

    Download Submit