add6e5e9235665b251a900bb358f99ee6668873fb07ddcc7eeaec67a4a8d0189

Analysis

max time kernel
144s
max time network
220s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
26/05/2024, 10:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Monmusu Paradise.exe
Size

561KB
MD5

9cd59b24f096c8d871de6bb00bd93256
SHA1

3529eeae7e42bccbcc00c1b6b30c6c13eab042fa
SHA256

c643975fb0c5f7a9e591daed1a5e786afbc25b40b94e5328b776295ee3ea2385
SHA512

ae0b23efc1ba95a160129f38e88c350d0628f2bcdb0e55ba619984be6da72509a8f3f034c7014c8f3389a243b308750ee6b41669881fb416c88369743173d565
SSDEEP

768:A+PENif9LnCCrYFIPPPLDx8RQrd3euQItdcO0WVRAly5N3gFQkpvLwIfz7nvRyC:cQf9LPYFK4WVR11k9/vvhvF7RpS

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 3580	1628	Monmusu Paradise.exe	79
PID 1628 wrote to memory of 3580	1628	Monmusu Paradise.exe	79

C:\Users\Admin\AppData\Local\Temp\Monmusu Paradise.exe
"C:\Users\Admin\AppData\Local\Temp\Monmusu Paradise.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Users\Admin\AppData\Local\Temp\data\bakinplayer.exe
  "C:\Users\Admin\AppData\Local\Temp\data\bakinplayer.exe" /TMP="C:\Users\Admin\AppData\Local\Temp\data"|"C:\Users\Admin\AppData\Local\Temp\Monmusu Paradise.exe"|"C:\Users\Admin\AppData\Local\Temp\bakin_engine_tmp\tmp771F.tmp"|1
  2⤵
  PID:3580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\bakin_engine_tmp\tmp771F.tmp\Item.rbr

Filesize
17B

MD5
28b2846b20f5d42f7190240dc50e7b8d

SHA1
e1964e1fa0c45a596b0282b773ed0d5cc8e0e272

SHA256
8d86eee940f8bd239429c74013d723bc63b3b7d7a96aaeeb7ca9d45c96dc127d

SHA512
3bea81ed058a26995c4ee81a09c1318be352310bc449347a7eb8e81f11ff5855bdf12640c0f33af48ac4fe8ca3505ea17c35743daada07b4646e1fb489dbb43d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bakin_engine_tmp\tmp771F.tmp\lib\sysresource\shader\Builtin\OceanWave_KAI\OceanWave_KAI_2.cg

Filesize
12KB

MD5
b56f4a288c99ee998674ee675cc8dd63

SHA1
d309af326797ada6f4efa7c6b263bef3e224a826

SHA256
c0062ab970dd0b4bbc8ae26b1c72ebc3d26d9e37883931ab01b8ccbc2cbf538e

SHA512
675f7c90c7cef44543c5dc25a2ad9cadc253b17a3b98b58e85855ec643dc503b6e332a8cedf198ea6e2c2162ad120b163c3bfa8d02c98c3f6d9419706733c504

Download Submit
C:\Users\Admin\AppData\Local\Temp\bakin_engine_tmp\tmp771F.tmp\lib\sysresource\shader\Builtin\OceanWave_KAI\OceanWave_KAI_30.cg

Filesize
12KB

MD5
b1b8237c1f160f4ad9bf31b5db5510b8

SHA1
4f2260beb4cd813c8800a55185658679a9ca5e7b

SHA256
a9388346e7d1f297082412b51fe15511b7d0df90a019583ee1a3daa736ad7b88

SHA512
393b08f775f4436b32a689ceece023b145cdf800d72caef192fa3b5df729e7aabeb9f7fa9f82a98f35145c37c881674b0cd380605332996d4f133a4b07b7101e

Download Submit
memory/1628-5-0x0000000074CE0000-0x0000000075491000-memory.dmp

Filesize
7.7MB

Download
memory/1628-4-0x0000000005710000-0x000000000571A000-memory.dmp

Filesize
40KB

Download
memory/1628-0-0x0000000074CEE000-0x0000000074CEF000-memory.dmp

Filesize
4KB

Download
memory/1628-6-0x0000000008720000-0x0000000008732000-memory.dmp

Filesize
72KB

Download
memory/1628-7-0x0000000008700000-0x000000000870A000-memory.dmp

Filesize
40KB

Download
memory/1628-3-0x0000000005770000-0x0000000005802000-memory.dmp

Filesize
584KB

Download
memory/1628-2-0x0000000005C80000-0x0000000006226000-memory.dmp

Filesize
5.6MB

Download
memory/1628-1-0x0000000000BC0000-0x0000000000C52000-memory.dmp

Filesize
584KB

Download
memory/1628-766-0x0000000074CE0000-0x0000000075491000-memory.dmp

Filesize
7.7MB

Download
memory/3580-759-0x000001FBDB0C0000-0x000001FBDB10E000-memory.dmp

Filesize
312KB

Download
memory/3580-760-0x000001FBF5760000-0x000001FBF588A000-memory.dmp

Filesize
1.2MB

Download
memory/3580-761-0x000001FBF5630000-0x000001FBF570A000-memory.dmp

Filesize
872KB

Download
memory/3580-762-0x000001FBDB540000-0x000001FBDB541000-memory.dmp

Filesize
4KB

Download
memory/3580-763-0x000001FBDCE90000-0x000001FBDCECA000-memory.dmp

Filesize
232KB

Download
memory/3580-765-0x000001FBFDF40000-0x000001FBFE182000-memory.dmp

Filesize
2.3MB

Download
memory/3580-758-0x00007FF9A4513000-0x00007FF9A4515000-memory.dmp

Filesize
8KB

Download
memory/3580-767-0x000001FBDCD20000-0x000001FBDCD26000-memory.dmp

Filesize
24KB

Download
memory/3580-768-0x00007FF9A4510000-0x00007FF9A4FD2000-memory.dmp

Filesize
10.8MB

Download
memory/3580-769-0x00007FF9A4510000-0x00007FF9A4FD2000-memory.dmp

Filesize
10.8MB

Download