Overview

overview

3

Static

static

3

xash3d-fwg...d64.7z

windows7-x64

3

SDL2.dll

windows7-x64

1

activities.txt

windows7-x64

1

filesystem_stdio.dll

windows7-x64

1

filesystem_stdio.pdb

windows7-x64

3

mdldec.exe

windows7-x64

1

mdldec.pdb

windows7-x64

3

menu.dll

windows7-x64

1

menu.pdb

windows7-x64

3

ref_gl.dll

windows7-x64

1

ref_gl.pdb

windows7-x64

3

ref_soft.dll

windows7-x64

1

ref_soft.pdb

windows7-x64

3

valve/extras.zip

windows7-x64

1

touch_default/map.png

windows7-x64

3

touch_defa...nu.png

windows7-x64

3

touch_defa...ap.png

windows7-x64

3

touch_defa...rs.cfg

windows7-x64

3

touch_defa...ap.png

windows7-x64

3

touch_defa...ad.png

windows7-x64

3

touch_defa...ve.png

windows7-x64

3

touch_defa...gs.png

windows7-x64

3

touch_defa...ot.png

windows7-x64

3

touch_defa...lt.png

windows7-x64

3

touch_defa...ns.png

windows7-x64

3

touch_defa...ay.png

windows7-x64

3

touch_defa...ck.png

windows7-x64

3

touch_default/use.png

windows7-x64

3

xash.dll

windows7-x64

1

xash.pdb

windows7-x64

3

xash3d.exe

windows7-x64

1

xash3d.pdb

windows7-x64

3

Analysis

  • max time kernel
    1561s
  • max time network
    1562s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 00:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xash.pdb

  • Size

    14.1MB

  • MD5

    023bbc2f97cf72ab71bf06cf948b9311

  • SHA1

    1c1bd28ef9e4aac0695c409323753b12458518ae

  • SHA256

    43fd694fda8a6d95c94e896ce1535be2551f8d5054d05bf271a8a9003ec41a62

  • SHA512

    13e43c1bd6e1c7c4158781c668c3ec27485539aade787d1bd7e291b1020ac5a4222014d5eeb294d2529ad29eb175e6cd10d37fed8298f4c2691b32576899375a

  • SSDEEP

    98304:Wmzrl1VhyHMd6zOXp9zWpnaInlPF8x5OI4qs870aHq:WelhyHRzOXp9zWpl0x5OI48i

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\xash.pdb
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:824
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\xash.pdb
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2732
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\xash.pdb"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2644

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    9d86cadfca3c2843fda39d0958699af9

    SHA1

    c62323bd962e0c8f018eed238b71a96e90a01d8e

    SHA256

    51fb0fd0d194ecdf8d723bb82a769d16031dd6ee2a7e357e16cc402ab39c7ff2

    SHA512

    982cf88c37351ff191a2a472f2a052de6280270c81195b062e568f43468217724c6513e82f98b0b10e396db8fba6cd8f9cae72f7526c8bf6414c914c794846de

    Download Submit