Overview

overview

7

Static

static

3

SuperMario...pc.exe

windows7-x64

7

SuperMario...pc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-06-2024 03:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SuperMarioBrothers2Screensaver_pc.exe

  • Size

    6.0MB

  • MD5

    a7af24ab2f95e6b51779cce3977a36b3

  • SHA1

    1e62018c76a44cb34bcb1ba50b4a17c8cf903d05

  • SHA256

    5d8dc30e2df4a2002f5fb93935910fbdf2321e826b3f84312efc573c15343c2b

  • SHA512

    318d62b30ac8815b6aa11603db44feeebc5b4dd5ac56d54a70f8394763eefda6fbd567a2f10646cb71c85816300e242a15c666391f0d19cb82db22ef185338e8

  • SSDEEP

    98304:75IjZb8gFMTYr6UjJv3BmU0fA97gAVl71kbgWJK5i8M8LbWfsAa1HIWAC6E5qiOG:LiM8uS2mVRibgeKpzWkrXV59

Score
7/10
evasiontrojan

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SuperMarioBrothers2Screensaver_pc.exe
    "C:\Users\Admin\AppData\Local\Temp\SuperMarioBrothers2Screensaver_pc.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3812
    • C:\Users\Admin\AppData\Local\Screentime\STF1\SuperMarioBrothers2Screensaver_pc.exe
      "C:\Users\Admin\AppData\Local\Screentime\STF1\SuperMarioBrothers2Screensaver_pc.exe" /l=786540
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3968
      • C:\Users\Admin\AppData\Local\Screentime\STF2\FlashPlayer_10_3_32bit.exe
        C:\Users\Admin\AppData\Local\Screentime\STF2\FlashPlayer_10_3_32bit.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        • Suspicious behavior: EnumeratesProcesses
        PID:5028
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4256,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=1300 /prefetch:8
    1⤵
      PID:60

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Screentime\STF1\SuperMarioBrothers2Screensaver_pc.exe
      Filesize

      5.4MB

      MD5

      5699672c11e4feb6d6a7112d268754c4

      SHA1

      67baf75c5e53aff52af659e147e0eb76bd46d44f

      SHA256

      43d6e877667eee8ac8c989351171ce3cce061858a20c8d86b16028622825a736

      SHA512

      f828a4e50d5467ef6a14a05e24d6df6be164967aba6852b16362a114ee4aed98be49f182f62d21193eee9b908e312198ffbfbc37ac0898bc29089e15fb6868eb

      Download Submit

    • C:\Users\Admin\AppData\Local\Screentime\STF2\FlashPlayer_10_3_32bit.exe
      Filesize

      3.0MB

      MD5

      4074ba7e75cd599dad9c88fc249ebd2e

      SHA1

      d86ca46afc312b14375aad483d1c7e5f12c707a4

      SHA256

      72bbb5a2f4f58bc086b49a58b18fe60f8b616d46c705ee55c507490d67b7395e

      SHA512

      d879d4898dae049ae592bc349573e615a209dccf46103dde3914f45f74a5c51c17ba953864dec6c1d8dd574e6008dd74c9069ebb302ebd863f90d74ab3ee8e4c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\178A.tmp
      Filesize

      321KB

      MD5

      19d518aed5f3c9fac67e2556f78ced02

      SHA1

      24d3bd66057918b0f469fe34ed42d32390ce8187

      SHA256

      9e9d10f1b347a0f1d827277fcf2cbfa8c95343dcf585b62eb3baba5df2b6f8cd

      SHA512

      04b43688d8a67c2994977d0e320bd1934c89134f20007ff171604a8c1ccaecb0e0f0f80ff6979926aafc87b8fc3faaad11ada1e247a74a9ce0b7e005517d6d95

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\178B.tmp
      Filesize

      239KB

      MD5

      e5f6086284a27624615f1061e05485ac

      SHA1

      6f758703805a9e96346551345426d3323ba60845

      SHA256

      19cc04da0536ebccd252b1bad8d7731a30366e62d043a93e793447f502f410bc

      SHA512

      f1b87db8c32262c4db79d324d9f11012e366860a4e50e88381cd8d4e8345388e298a964ce2833a604069067789d410d1b281c149ce14d24c4ae676a656b28d33

      Download Submit

    • memory/3812-0-0x0000000000630000-0x0000000000631000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3812-23-0x0000000000400000-0x0000000000488000-memory.dmp

      Filesize

      544KB

      Download

    • memory/3812-44-0x0000000000630000-0x0000000000631000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3968-19-0x0000000002250000-0x0000000002251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3968-24-0x0000000000400000-0x00000000004F7000-memory.dmp

      Filesize

      988KB

      Download

    • memory/3968-43-0x0000000000400000-0x00000000004F7000-memory.dmp

      Filesize

      988KB

      Download

    • memory/3968-45-0x0000000002250000-0x0000000002251000-memory.dmp

      Filesize

      4KB

      Download