Overview
overview
3Static
static
3DCGO_Stand...GO.exe
windows7-x64
1DCGO_Stand...GO.exe
windows10-2004-x64
1DCGO_Stand...ss.dll
windows7-x64
1DCGO_Stand...ss.dll
windows10-2004-x64
1DCGO_Stand...rp.dll
windows7-x64
1DCGO_Stand...rp.dll
windows10-2004-x64
1DCGO_Stand...ne.dll
windows7-x64
1DCGO_Stand...ne.dll
windows10-2004-x64
1DCGO_Stand...le.dll
windows7-x64
1DCGO_Stand...le.dll
windows10-2004-x64
1DCGO_Stand...UI.dll
windows7-x64
1DCGO_Stand...UI.dll
windows10-2004-x64
1DCGO_Stand...en.dll
windows7-x64
1DCGO_Stand...en.dll
windows10-2004-x64
1DCGO_Stand...ib.dll
windows7-x64
1DCGO_Stand...ib.dll
windows10-2004-x64
1DCGO_Stand...in.dll
windows7-x64
1DCGO_Stand...in.dll
windows10-2004-x64
1DCGO_Stand...nt.dll
windows7-x64
1DCGO_Stand...nt.dll
windows10-2004-x64
1DCGO_Stand...re.dll
windows7-x64
1DCGO_Stand...re.dll
windows10-2004-x64
1DCGO_Stand...ty.dll
windows7-x64
1DCGO_Stand...ty.dll
windows10-2004-x64
1DCGO_Stand...on.dll
windows7-x64
1DCGO_Stand...on.dll
windows10-2004-x64
1DCGO_Stand...3D.dll
windows7-x64
1DCGO_Stand...3D.dll
windows10-2004-x64
1DCGO_Stand...at.dll
windows7-x64
1DCGO_Stand...at.dll
windows10-2004-x64
1DCGO_Stand...me.dll
windows7-x64
1DCGO_Stand...me.dll
windows10-2004-x64
1Analysis
-
max time kernel
133s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 07:37
Static task
static1
Behavioral task
behavioral1
Sample
DCGO_Standalone/Game/DCGO.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
DCGO_Standalone/Game/DCGO.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/Assembly-CSharp-firstpass.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/Assembly-CSharp-firstpass.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/Assembly-CSharp.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/Assembly-CSharp.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/Cinemachine.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/Cinemachine.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/Coffee.UIParticle.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/Coffee.UIParticle.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/Coffee.UnmaskForUGUI.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/Coffee.UnmaskForUGUI.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/DOTween.dll
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/DOTween.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/ICSharpCode.SharpZipLib.dll
Resource
win7-20231129-en
Behavioral task
behavioral16
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/ICSharpCode.SharpZipLib.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/MHLab.Patch.Core.Admin.dll
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/MHLab.Patch.Core.Admin.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/MHLab.Patch.Core.Client.dll
Resource
win7-20240220-en
Behavioral task
behavioral20
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/MHLab.Patch.Core.Client.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/MHLab.Patch.Core.dll
Resource
win7-20240419-en
Behavioral task
behavioral22
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/MHLab.Patch.Core.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/Mono.Security.dll
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/Mono.Security.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/Newtonsoft.Json.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/Newtonsoft.Json.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral27
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/Photon3Unity3D.dll
Resource
win7-20231129-en
Behavioral task
behavioral28
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/Photon3Unity3D.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/PhotonChat.dll
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/PhotonChat.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/PhotonRealtime.dll
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
DCGO_Standalone/Game/DCGO_Data/Managed/PhotonRealtime.dll
Resource
win10v2004-20240226-en
General
-
Target
DCGO_Standalone/Game/DCGO.exe
-
Size
638KB
-
MD5
233f36c2e7db7cf46936c2fb59335b16
-
SHA1
513c53664198ed5354bc8e51c645ea0571e08eee
-
SHA256
4b40d1204adb0547de839e584ebfb5b63f5ac4774fd0bac7fbc60bb3fcea0355
-
SHA512
27c113caed90be8acf183ae3b5ef42b8f4a6e41cf39d8f3cf1510e0aaeff1afe56fc60eb70bc5e58d0c0983e6f81c1d5734157eec90236a68144585845b023c5
-
SSDEEP
6144:AEbaWnBUCGnYXSpfseuzC7VQGpweHApY2pHIgBN1D6LKSSsNH8k9RbpT/lRxXemh:AoCC8cSyx6Dreu
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 1020 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1020 AUDIODG.EXE -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4048 DCGO.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4048 wrote to memory of 4376 4048 DCGO.exe 84 PID 4048 wrote to memory of 4376 4048 DCGO.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\DCGO_Standalone\Game\DCGO.exe"C:\Users\Admin\AppData\Local\Temp\DCGO_Standalone\Game\DCGO.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4048 -
C:\Users\Admin\AppData\Local\Temp\DCGO_Standalone\Game\UnityCrashHandler64.exe"C:\Users\Admin\AppData\Local\Temp\DCGO_Standalone\Game\UnityCrashHandler64.exe" --attach 4048 19755876392962⤵PID:4376
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x50c 0x3081⤵
- Suspicious use of AdjustPrivilegeToken
PID:1020