Overview

overview

10

Static

static

3

PartyRoyale.exe

windows11-21h2-x64

10

$PLUGINSDI...er.dll

windows11-21h2-x64

1

$PLUGINSDI...ls.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

LICENSES.c...m.html

windows11-21h2-x64

1

PartyRoyaleSetup.exe

windows11-21h2-x64

1

d3dcompiler_47.dll

windows11-21h2-x64

1

ffmpeg.dll

windows11-21h2-x64

1

libEGL.dll

windows11-21h2-x64

1

libGLESv2.dll

windows11-21h2-x64

1

resources/elevate.exe

windows11-21h2-x64

1

vk_swiftshader.dll

windows11-21h2-x64

1

vulkan-1.dll

windows11-21h2-x64

1

$PLUGINSDI...ec.dll

windows11-21h2-x64

3

$PLUGINSDI...7z.dll

windows11-21h2-x64

3

$R0/Uninst...up.exe

windows11-21h2-x64

3

$PLUGINSDI...ls.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...ll.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    1483s
  • max time network
    1496s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240611-en
  • resource tags

    arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21/06/2024, 13:57 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $R0/Uninstall PartyRoyaleSetup.exe

  • Size

    523KB

  • MD5

    3d8a3003e36f130e3fc31eb216c38b53

  • SHA1

    2f3cf0f34aeedb0eb64fa1e90a94023ccd8be892

  • SHA256

    f545edd6fc66d2334fcac9d2e1b0a736cbaaaf19b44fcc45052eeca9d23339c8

  • SHA512

    d923ce78c7476d10824b0c5320870b0066634b1596cf90ff2436444f4578a438437a25274b68c96e00a318ab3457afa36b79be9ea201b19e80086777754e7e7d

  • SSDEEP

    12288:sKD2mx+D04QlBxyuIk+22FMumSLr+O4NRKsw:sKD2mx34uBxXIk+2+MumSXOMV

Score
3/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\$R0\Uninstall PartyRoyaleSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\$R0\Uninstall PartyRoyaleSetup.exe"
    1⤵
      PID:124

    Network

    • flag-us
      DNS
      13.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      13.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      self.events.data.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      self.events.data.microsoft.com
      IN A
      Response
      self.events.data.microsoft.com
      IN CNAME
      self-events-data.trafficmanager.net
      self-events-data.trafficmanager.net
      IN CNAME
      onedscolprdwus16.westus.cloudapp.azure.com
      onedscolprdwus16.westus.cloudapp.azure.com
      IN A
      20.189.173.23
    • flag-us
      DNS
      ctldl.windowsupdate.com
      Remote address:
      8.8.8.8:53
      Request
      ctldl.windowsupdate.com
      IN A
      Response
      ctldl.windowsupdate.com
      IN CNAME
      ctldl.windowsupdate.com.delivery.microsoft.com
      ctldl.windowsupdate.com.delivery.microsoft.com
      IN CNAME
      wu-b-net.trafficmanager.net
      wu-b-net.trafficmanager.net
      IN CNAME
      download.windowsupdate.com.edgesuite.net
      download.windowsupdate.com.edgesuite.net
      IN CNAME
      a767.dspw65.akamai.net
      a767.dspw65.akamai.net
      IN A
      2.17.197.240
    • flag-us
      DNS
      240.197.17.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.197.17.2.in-addr.arpa
      IN PTR
      Response
      240.197.17.2.in-addr.arpa
      IN PTR
      a2-17-197-240deploystaticakamaitechnologiescom
    • flag-us
      DNS
      ctldl.windowsupdate.com
      Remote address:
      8.8.8.8:53
      Request
      ctldl.windowsupdate.com
      IN A
      Response
      ctldl.windowsupdate.com
      IN CNAME
      ctldl.windowsupdate.com.delivery.microsoft.com
      ctldl.windowsupdate.com.delivery.microsoft.com
      IN CNAME
      wu-b-net.trafficmanager.net
      wu-b-net.trafficmanager.net
      IN CNAME
      bg.microsoft.map.fastly.net
      bg.microsoft.map.fastly.net
      IN A
      199.232.214.172
      bg.microsoft.map.fastly.net
      IN A
      199.232.210.172
    • flag-us
      DNS
      login.live.com
      Remote address:
      8.8.8.8:53
      Request
      login.live.com
      IN A
      Response
      login.live.com
      IN CNAME
      login.msa.msidentity.com
      login.msa.msidentity.com
      IN CNAME
      www.tm.lg.prod.aadmsa.akadns.net
      www.tm.lg.prod.aadmsa.akadns.net
      IN CNAME
      prdv4a.aadg.msidentity.com
      prdv4a.aadg.msidentity.com
      IN CNAME
      www.tm.v4.a.prd.aadg.trafficmanager.net
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      40.126.32.68
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      40.126.32.136
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      20.190.160.14
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      40.126.32.74
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      40.126.32.133
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      40.126.32.72
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      20.190.160.20
      www.tm.v4.a.prd.aadg.trafficmanager.net
      IN A
      40.126.32.140
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
      Response
      arc.msn.com
      IN CNAME
      arc.trafficmanager.net
      arc.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.com
      iris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.com
      IN A
      20.199.58.43
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      ax-0001.ax-msedge.net
      ax-0001.ax-msedge.net
      IN A
      150.171.28.10
      ax-0001.ax-msedge.net
      IN A
      150.171.27.10
    • flag-us
      DNS
      10.28.171.150.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      10.28.171.150.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      ris.api.iris.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      ris.api.iris.microsoft.com
      IN A
      Response
      ris.api.iris.microsoft.com
      IN CNAME
      ris-prod.trafficmanager.net
      ris-prod.trafficmanager.net
      IN CNAME
      asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
      asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
      IN A
      20.234.120.54
    • flag-us
      DNS
      54.120.234.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      54.120.234.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
      Response
      arc.msn.com
      IN CNAME
      arc.trafficmanager.net
      arc.trafficmanager.net
      IN CNAME
      iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
      iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
      IN A
      20.223.35.26
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
    • flag-us
      DNS
      arc.msn.com
      Remote address:
      8.8.8.8:53
      Request
      arc.msn.com
      IN A
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls
      1.6kB
       7.2kB
       17
      15
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls
      103.7kB
       2.7MB
       1981
      1976
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls
      1.6kB
       7.2kB
       17
      15
    • 150.171.28.10:443
      tse1.mm.bing.net
      tls
      1.6kB
       7.2kB
       17
      15
    • 8.8.8.8:53
      13.227.111.52.in-addr.arpa
      dns
      751 B
       2.2kB
       11
      11

      DNS Request

      13.227.111.52.in-addr.arpa

      DNS Request

      self.events.data.microsoft.com

      DNS Response

      20.189.173.23

      DNS Request

      ctldl.windowsupdate.com

      DNS Response

      2.17.197.240

      DNS Request

      240.197.17.2.in-addr.arpa

      DNS Request

      ctldl.windowsupdate.com

      DNS Response

      199.232.214.172
      199.232.210.172

      DNS Request

      login.live.com

      DNS Response

      40.126.32.68
      40.126.32.136
      20.190.160.14
      40.126.32.74
      40.126.32.133
      40.126.32.72
      20.190.160.20
      40.126.32.140

      DNS Request

      arc.msn.com

      DNS Response

      20.199.58.43

      DNS Request

      43.58.199.20.in-addr.arpa

      DNS Request

      tse1.mm.bing.net

      DNS Response

      150.171.28.10
      150.171.27.10

      DNS Request

      10.28.171.150.in-addr.arpa

      DNS Request

      ris.api.iris.microsoft.com

      DNS Response

      20.234.120.54

    • 8.8.8.8:53
      54.120.234.20.in-addr.arpa
      dns
      243 B
       333 B
       4
      2

      DNS Request

      54.120.234.20.in-addr.arpa

      DNS Request

      arc.msn.com

      DNS Request

      arc.msn.com

      DNS Request

      arc.msn.com

      DNS Response

      20.223.35.26

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.