Overview
overview
7Static
static
7PS22PS4-GUI.exe
windows7-x64
1PS22PS4-GUI.exe
windows10-2004-x64
1bin/dlls/D...re.dll
windows7-x64
1bin/dlls/D...re.dll
windows10-2004-x64
1bin/dlls/D...60.dll
windows7-x64
1bin/dlls/D...60.dll
windows10-2004-x64
1bin/dlls/D...et.dll
windows7-x64
1bin/dlls/D...et.dll
windows10-2004-x64
1bin/dlls/D...ry.dll
windows7-x64
1bin/dlls/D...ry.dll
windows10-2004-x64
1bin/dlls/D...ms.dll
windows7-x64
1bin/dlls/D...ms.dll
windows10-2004-x64
1bin/dlls/H...ck.dll
windows7-x64
1bin/dlls/H...ck.dll
windows10-2004-x64
1bin/dlls/N...on.dll
windows7-x64
1bin/dlls/N...on.dll
windows10-2004-x64
1bin/dlls/l...et.dll
windows7-x64
1bin/dlls/l...et.dll
windows10-2004-x64
1bin/dlls/lzo.net.dll
windows7-x64
1bin/dlls/lzo.net.dll
windows10-2004-x64
1bin/dlls/n...rk.dll
windows7-x64
1bin/dlls/n...rk.dll
windows10-2004-x64
1bin/emulat...V2.pkg
macos-10.15-amd64
bin/tools/ext/di.exe
windows7-x64
1bin/tools/ext/di.exe
windows10-2004-x64
1bin/tools/...c9.dll
windows7-x64
1bin/tools/...c9.dll
windows10-2004-x64
3bin/tools/ext/sc.exe
windows7-x64
4bin/tools/ext/sc.exe
windows10-2004-x64
4bin/tools/gengp4.exe
windows7-x64
7bin/tools/gengp4.exe
windows10-2004-x64
7bin/tools/...ch.exe
windows7-x64
7Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
19-06-2024 03:07
Behavioral task
behavioral1
Sample
PS22PS4-GUI.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
PS22PS4-GUI.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
bin/dlls/DiscUtils.Core.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
bin/dlls/DiscUtils.Core.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
bin/dlls/DiscUtils.Iso9660.dll
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
bin/dlls/DiscUtils.Iso9660.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
bin/dlls/DiscUtils.Net.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
bin/dlls/DiscUtils.Net.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
bin/dlls/DiscUtils.Registry.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
bin/dlls/DiscUtils.Registry.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
bin/dlls/DiscUtils.Streams.dll
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
bin/dlls/DiscUtils.Streams.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
bin/dlls/HtmlAgilityPack.dll
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
bin/dlls/HtmlAgilityPack.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
bin/dlls/Newtonsoft.Json.dll
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
bin/dlls/Newtonsoft.Json.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
bin/dlls/lzfse-net.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
bin/dlls/lzfse-net.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
bin/dlls/lzo.net.dll
Resource
win7-20240611-en
Behavioral task
behavioral20
Sample
bin/dlls/lzo.net.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
bin/dlls/nunit.framework.dll
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
bin/dlls/nunit.framework.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral23
Sample
bin/emulators/JakV2.pkg
Resource
macos-20240611-en
Behavioral task
behavioral24
Sample
bin/tools/ext/di.exe
Resource
win7-20240220-en
Behavioral task
behavioral25
Sample
bin/tools/ext/di.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral26
Sample
bin/tools/ext/libatrac9.dll
Resource
win7-20240611-en
Behavioral task
behavioral27
Sample
bin/tools/ext/libatrac9.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral28
Sample
bin/tools/ext/sc.exe
Resource
win7-20240508-en
Behavioral task
behavioral29
Sample
bin/tools/ext/sc.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral30
Sample
bin/tools/gengp4.exe
Resource
win7-20240221-en
Behavioral task
behavioral31
Sample
bin/tools/gengp4.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral32
Sample
bin/tools/gengp4_patch.exe
Resource
win7-20240220-en
General
-
Target
PS22PS4-GUI.exe
-
Size
340KB
-
MD5
91013483c99543a0aeec408933159f9f
-
SHA1
0db890c886f58fa1d61f643a7866460900f1de35
-
SHA256
0d79fa3f02b7bfc5950c6b0a210746fa2d5fd5e51fc7ee7e08851a0fce1a6df1
-
SHA512
5ff774054856900084b6bd40e4839fdbd6a64ac9db7a73b155757668347c2f55282738cb639e7ed5b2856b2c4a5f9c86906c1b314cecad2138a44f10defc498c
-
SSDEEP
6144:5EOSd8ybz1qMF1tdF/G4F1tdF/GA28Fs2k7TbqEANd0IF1tdF/G/:5EO7+hNd04Nd04s2kGEAgINd0/
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{205359D1-2DE9-11EF-9ED8-52FE85537310} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b05b3cf6f5c1da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dd93e84a7de7854fb8617d3bed6d1382000000000200000000001066000000010000200000004cf5f58f08c1df2fc6d3562d9f3e24411d409a1fb89a0137fb6c3b9690352613000000000e800000000200002000000094c57757f6a6b6ad1d24a14fc3ae353b190a73dd95761abed981fd4421accdbf900000008ffd54e9a4d8fabd02902aa3076cc1ebf14fd37a9ea9ed610227d525bbc2277c208f0b636a39a787e9a0a0f864f9be0a5a5cc015a35719d04a90eaa577c273bb40f29d803be73bec5317e624131683e4feeab1a98aad8ea95da292873595f1e7a62aa9899c247aa85ec0973fef9f52251ca80d110348740464d1afa735212d58bb3a50a3d5c218b9aaba51072bdaf1cc400000008739bb9c96c061c69b488311c9881114b81c00a11c04b4aaae167533b4512eab3d66fac65f11ed5a6f40f581ff464fb56d73ac874d678f472aedae8ea1c4ab54 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dd93e84a7de7854fb8617d3bed6d138200000000020000000000106600000001000020000000b30b8dcf33db8074c0c8aa493993ef56966a19384406b6e5e7d94de1d53d4a54000000000e8000000002000020000000dbd647788f9aa18b8917630699b2d94dcdf29c9c5239cb7ab566102eaa5e885e2000000098cebeb7d2433c4b5141a5d9751eb71d7c3efb6d37113f0860624e42f69cf03e400000006d314f1acdb59dc451e1b447ce1a7fa7bd551084aa6b838b76396ff76e1c435f917c40f00ac1f43a71133d39fd43ccb4c65b67cd55e577074e595f3e165cf633 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 2948 iexplore.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2948 iexplore.exe 2948 iexplore.exe 2556 IEXPLORE.EXE 2556 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
PS22PS4-GUI.exeiexplore.exedescription pid process target process PID 2700 wrote to memory of 2948 2700 PS22PS4-GUI.exe iexplore.exe PID 2700 wrote to memory of 2948 2700 PS22PS4-GUI.exe iexplore.exe PID 2700 wrote to memory of 2948 2700 PS22PS4-GUI.exe iexplore.exe PID 2948 wrote to memory of 2556 2948 iexplore.exe IEXPLORE.EXE PID 2948 wrote to memory of 2556 2948 iexplore.exe IEXPLORE.EXE PID 2948 wrote to memory of 2556 2948 iexplore.exe IEXPLORE.EXE PID 2948 wrote to memory of 2556 2948 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\PS22PS4-GUI.exe"C:\Users\Admin\AppData\Local\Temp\PS22PS4-GUI.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2700 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=PS22PS4-GUI.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.02⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2948 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2948 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2556
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2792
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD553b2a3d4938cb88e9a7e5843d85b97d0
SHA11ede9638529dcd2007650092e55c3152449aa875
SHA256795aef9f6c4b1fea217c86d53e2eaf3416d4eab87aff9afa250f9e4069d1ee75
SHA51287d1b8b0fc7e86a82fd650e441e1b71c687bb3a82c11284b9c7860f986fffcc03151fa3c238471869746a812865c73803cd76dbec09c9cf0187abc763c832f24
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59a079122b054f3d740c79801dbaccd1b
SHA13a7572f94396fdda2826b8ab4c2c23f444df02c4
SHA2567c945e4d0f26f9683dacd0ef4710bf68ccc2c5e99e6fb6f068f58e25a0026684
SHA5126f06c474047d0b48c770adbf63bddecc61cd9b2324746ca7fe0c6e55e6e1eedb7735a693d98f2e0ae818549bffe47cd30060e9a54b37cfe460f5d91aeb5c2108
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54b5126e86628aefdd794caa5a9cc9b14
SHA11a50a47b0b93bfab9ddb72d6f9b55bd4c4e51780
SHA256f3f6aabb355c0e151595bb99be11a3db02584360655fd6443a9c18e9cebeb211
SHA5126f931dc4a236418d3d24e495593b2d86c917c6295357a0761634d5d4bf3ee8c905c95256040571ab82def89f782ecc8c2d52f31e8847fc495cc0e2133072bd4b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD586383064a64416763eaf538bb4f41b8c
SHA16740aaf2fd4840618bd4344e09ab4682a6d9a717
SHA256a397df86f4b6c20e98a47506e1c5d19df340077d974795f03330e82578c074fa
SHA5127a2b36c0b5206f34ca9250e04c65b6daf9ff7bbc4b00cc08cf681078446fab63dbc548933f54f7d63eabd7b6f536270619b28121ec87074e5f0f6959cf9fd55f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fa093683dbff2c40c70d6ad47cca6f02
SHA1b319792acdbd7767743709f78dcd368ad1f3313b
SHA2569eed54f24eb15308fd301df36ee7a814cfe639d62b485ee40730bed9c118ec1a
SHA512222249c2190714f28aeb2d7fe54ba147cfacea6ac79b3c32ebe7790c0a22bac6fdda32f8750b0a34ecb7201bd8fd67b8e224952a63a3664a7c7320220d550e7e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e0128553b04340a76aca9883b18d2394
SHA15f710a7787b66787720b0984fdfe8f2765de3996
SHA256bff51b5c468da50ee816feb80096c8ed8f2ac3a1dbf137d565c40a4d763b5acf
SHA5127e2a586b8c62e142c361e2bba30800df0ff840b8019833d2d4c31855029c573264f7e0dad043a0fa7871b9af057fc42f909e551566a38253c08f400361b42a25
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e0786878ec464f2b28f2318eb8d2ec8c
SHA1d6c4e74176afd39b1fc09ee64b14f7850301b95b
SHA2566a039170db506a2e96a5f8d503db0120d99a57f09f78e0c27c4b988a63d77e5a
SHA5128bdcafca82bd79d2193ab9858b14853305d158b60d4a7c96072ef0462784fdae1e0dc40e979cf8d699153052bf48d7ac9c7f353616d9dd566c9638b568b06228
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a2fb71ffd0e54e2f37e48f3c37466adb
SHA1253a1dda64c8f3bdd2cf31f7cb8f1602658d7aed
SHA256c19dcf50ff961239d35508ff10fb80415c292bcccfca9a0cfaff2ca059f274ce
SHA512bdb3b0bb6438ebbd111aa40971a55d3b2b360803807467a46ca3ed00f325cbd0a643dcaab70fe66c6b3a643f1687786b417c124a0816f425fc116ec7545e4ade
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD524c95f5ad956fe9fb9dbdf8aec8060ae
SHA1762ce5b3a1bbc33afc4bef8b123b0757c1f8d0d6
SHA2563775fd5e32c95392d2919b5b51cbba8b2504d6d37efc686025ab77db86a793bd
SHA512e4a38803d1c7f2c6f6ba4731a8a6797d3dfab592f8cc3a173e1c25ccba2de708cc42a6ecbd8aac425af9e7cead2ef47c8cc16e7c4ad9a78ba7d821069f5270a2
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b