Overview

overview

6

Static

static

6

AetherSX2 ...47.zip

windows7-x64

1

AetherSX2 ...47.zip

windows10-2004-x64

1

AetherSX2 ...47.apk

android-13-x64

1

CHD MAN An...S2.zip

windows7-x64

1

CHD MAN An...S2.zip

windows10-2004-x64

1

ISO or GDI to CHD.bat

windows7-x64

1

ISO or GDI to CHD.bat

windows10-2004-x64

1

chdman.exe

windows7-x64

1

chdman.exe

windows10-2004-x64

1

CODEBREAKE...er.elf

debian-9-mipsel

CodeBreake...00.zip

windows7-x64

1

CodeBreake...00.zip

windows10-2004-x64

1

GS.bin

windows7-x64

3

GS.bin

windows10-2004-x64

3

PAD.bin

windows7-x64

3

PAD.bin

windows10-2004-x64

3

PCSX2 Inte...es.dat

windows7-x64

3

PCSX2 Inte...es.dat

windows10-2004-x64

3

PCSX2 Save...ion.id

windows7-x64

3

PCSX2 Save...ion.id

windows10-2004-x64

3

SPU2.bin

windows7-x64

3

SPU2.bin

windows10-2004-x64

3

Scratchpad.bin

windows7-x64

3

Scratchpad.bin

windows10-2004-x64

3

Screenshot.png

windows7-x64

3

Screenshot.png

windows10-2004-x64

3

eeHwRegs.bin

windows7-x64

3

eeHwRegs.bin

windows10-2004-x64

3

eeMemory.bin

windows7-x64

3

eeMemory.bin

windows10-2004-x64

3

iopHwRegs.bin

windows7-x64

3

iopHwRegs.bin

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 13:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PCSX2 Internal Structures.dat

  • Size

    134KB

  • MD5

    e347547a20a70081da7bf2caa7ce64b3

  • SHA1

    03920f532c3eb7d8a070bf7f086a30c279f8f7c4

  • SHA256

    037b140527b1cdd67de23e156c2a844e6dd20d0a8a018de44bbe5555cc4832bd

  • SHA512

    b28f57717882f85269cd53963c7406c75c9973b6ac0a563f33398be9e2e7fa3b7fe50c4ebb04d2f1fa96b86a0ec8a077c77337b028c0b383a28632b481733ed5

  • SSDEEP

    48:KsLE/B68kszbruUdSsyf15/eJJJzYBUbA6jYZU5/3K8TJOFuVKi6YlK:m/fks/ruUUzuJzYBUbAtPaKdYlK

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\PCSX2 Internal Structures.dat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2420
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\PCSX2 Internal Structures.dat
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2716
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\PCSX2 Internal Structures.dat"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2900

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    0342387763845ac8337e845edef7a603

    SHA1

    6eb9cf923502e31fbcc05db298e31bd73e380a64

    SHA256

    1be6c04027dcccc0769a5c76ee5707e8b7e658fda28439d379bae5af4f5ffc59

    SHA512

    ac198b4ddeae579f8b033412182d6ef7cd56a2af0e86f034c00d3143b7ebc489eb9b08d35614d86302a1ab7912a26a67bd984f9c31c30a512c7819baac86d4d0

    Download Submit