Overview

overview

7

Static

static

3

dolphin-x64-5.0.exe

windows7-x64

7

dolphin-x64-5.0.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

infinst.exe

windows7-x64

4

infinst.exe

windows10-2004-x64

4

xinput1_3.dll

windows7-x64

1

xinput1_3.dll

windows10-2004-x64

1

xinput1_3.dll

windows7-x64

1

xinput1_3.dll

windows10-2004-x64

1

$TEMP/dxre...UP.dll

windows7-x64

4

$TEMP/dxre...UP.dll

windows10-2004-x64

4

$TEMP/dxre...UP.exe

windows7-x64

4

$TEMP/dxre...UP.exe

windows10-2004-x64

4

$TEMP/dxre...32.dll

windows7-x64

4

$TEMP/dxre...32.dll

windows10-2004-x64

4

dxupdate.dll

windows7-x64

3

dxupdate.dll

windows10-2004-x64

3

$TEMP/vcre...64.exe

windows7-x64

7

$TEMP/vcre...64.exe

windows10-2004-x64

7

Dolphin.exe

windows7-x64

1

Dolphin.exe

windows10-2004-x64

6

OpenAL32.dll

windows7-x64

1

OpenAL32.dll

windows10-2004-x64

1

Sys/GameSe...r2.ps1

windows7-x64

3

Sys/GameSe...r2.ps1

windows10-2004-x64

3

Sys/GameSe...01.ps1

windows7-x64

3

Sys/GameSe...01.ps1

windows10-2004-x64

3

Analysis

  • max time kernel
    554s
  • max time network
    567s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-06-2024 22:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/dxredist/dsetup32.dll

  • Size

    1.5MB

  • MD5

    d8fa7bb4fe10251a239ed75055dd6f73

  • SHA1

    76c4bd2d8f359f7689415efc15e3743d35673ae8

  • SHA256

    fb0e534f9b0926e518f1c2980640dfd29f14217cdfa37cf3a0c13349127ed9a8

  • SHA512

    73f633179b1340c1c14d0002b72e44cab1919d0ef174f307e4bfe6de240b0b6ef233e67a8b0a0cd677556865ee7b88c6de152045a580ab9fbf1a50d2db0673b4

  • SSDEEP

    24576:CIQ+ddddddddddddddxOOOOOOOOOOOOOO2iWeXiWeXiWeXiWeXiWeXiWeXiWeXi+:CIQsOOOOOOOOOOOOOO2iWeXiWeXiWeXf

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\dxredist\dsetup32.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3448
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\dxredist\dsetup32.dll,#1
      2⤵
      • Drops file in Windows directory
      PID:4080
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    PID:3560
  • C:\Windows\system32\srtasks.exe
    C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:408

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Logs\DXError.log
    Filesize

    238B

    MD5

    79d98c5d22049fedc50a0e430c4363f8

    SHA1

    be547420fa1c622e678a9dfae6708729c601bb8c

    SHA256

    94044c4df729132c201d993e8aaf6466c378a97f657483f51419a050b855fe22

    SHA512

    79113a5d9f42e748c4a9227575de0ab052b8100cfcc735887db751a14c3c2c3facc39651def747156b4d5051db1422be9f05f2f9f71604eeadbf117e1f199229

    Download Submit

  • C:\Windows\Logs\DirectX.log
    Filesize

    517B

    MD5

    559fc56326a73713c29096329f9092ff

    SHA1

    82ea138cb4eb2282f894b401ccc1a2df485e4fa9

    SHA256

    5e039aac3d70d514cc50d01726fbbf3318b48943ec55b7a318c64054b63cbd88

    SHA512

    2b24780cae8275f9088b31e40be548131519f6392c3f86ee2b32e27d9b959978fb354bb3091836ed90d541f0fb8afe8b9f54732f1cc2951a09a0889b59b22d41

    Download Submit