Overview

overview

10

Static

static

3

PartyRoyale.exe

windows11-21h2-x64

10

$PLUGINSDI...er.dll

windows11-21h2-x64

1

$PLUGINSDI...ls.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

LICENSES.c...m.html

windows11-21h2-x64

1

PartyRoyaleSetup.exe

windows11-21h2-x64

1

d3dcompiler_47.dll

windows11-21h2-x64

1

ffmpeg.dll

windows11-21h2-x64

1

libEGL.dll

windows11-21h2-x64

1

libGLESv2.dll

windows11-21h2-x64

1

resources/elevate.exe

windows11-21h2-x64

1

vk_swiftshader.dll

windows11-21h2-x64

1

vulkan-1.dll

windows11-21h2-x64

1

$PLUGINSDI...ec.dll

windows11-21h2-x64

3

$PLUGINSDI...7z.dll

windows11-21h2-x64

3

$R0/Uninst...up.exe

windows11-21h2-x64

3

$PLUGINSDI...ls.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...ll.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    1485s
  • max time network
    1498s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240611-en
  • resource tags

    arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21/06/2024, 13:57 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/WinShell.dll

  • Size

    1KB

  • MD5

    13f4acd25d834aeac74ca16a6bfc47de

  • SHA1

    a0437cc1d7c9da40cb3bfcc065abec87416fda88

  • SHA256

    2dc09d9a820cf710951198d286faf102459830af85eee59461fdbee15297aa46

  • SHA512

    e715142960959e535a87c7e973badbe00d080d074991735a6e0fb36748589d8a663a3afa8227c47c183157a1601c6f60aabfb66b7b48efd9c1c8e08ca778cd39

Score
1/10

Malware Config

Signatures

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
    1⤵
      PID:2464

    Network

    • flag-us
      DNS
      54.120.234.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      54.120.234.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      ris.api.iris.microsoft.com
      Remote address:
      8.8.8.8:53
      Request
      ris.api.iris.microsoft.com
      IN A
      Response
      ris.api.iris.microsoft.com
      IN CNAME
      ris-prod.trafficmanager.net
      ris-prod.trafficmanager.net
      IN CNAME
      asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
      asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
      IN A
      20.234.120.54
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls
      148.3kB
       4.2MB
       3039
      3034
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls
      1.6kB
       7.2kB
       17
      15
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls
      1.6kB
       7.2kB
       17
      15
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls
      1.6kB
       7.2kB
       17
      15
    • 150.171.27.10:443
      tse1.mm.bing.net
      tls
      1.6kB
       7.2kB
       17
      15
    • 8.8.8.8:53
      54.120.234.20.in-addr.arpa
      dns
      144 B
       350 B
       2
      2

      DNS Request

      54.120.234.20.in-addr.arpa

      DNS Request

      ris.api.iris.microsoft.com

      DNS Response

      20.234.120.54

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.