Overview

overview

5

Static

static

3

d3d12.dll

windows7-x64

5

d3d12.dll

windows10-2004-x64

5

d3dcompiler_47.dll

windows10-2004-x64

1

mods/RDR2Upscaler.dll

windows7-x64

1

mods/RDR2Upscaler.dll

windows10-2004-x64

1

mods/RDR2Upscaler.dll

windows7-x64

5

mods/RDR2Upscaler.dll

windows10-2004-x64

5

mods/Upsca...in.dll

windows7-x64

1

mods/Upsca...in.dll

windows10-2004-x64

1

mods/Upsca...64.dll

windows7-x64

1

mods/Upsca...64.dll

windows10-2004-x64

1

mods/Upsca...64.dll

windows7-x64

1

mods/Upsca...64.dll

windows10-2004-x64

1

mods/Upsca...64.dll

windows7-x64

1

mods/Upsca...64.dll

windows10-2004-x64

1

mods/Upsca...64.dll

windows7-x64

1

mods/Upsca...64.dll

windows10-2004-x64

1

mods/Upsca...64.dll

windows7-x64

1

mods/Upsca...64.dll

windows10-2004-x64

1

mods/Upsca...ss.dll

windows7-x64

1

mods/Upsca...ss.dll

windows10-2004-x64

1

mods/Upsca...ss.dll

windows7-x64

1

mods/Upsca...ss.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    83s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/07/2024, 04:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    mods/RDR2Upscaler.dll

  • Size

    6.9MB

  • MD5

    c1855cfbf83c491123f65022878204bc

  • SHA1

    56459fa89154a62f467088c31c5b4de4ba4ec0cb

  • SHA256

    dcb51d09023069cd24067c92a0a51ed908cdd4fc90f227ced04c6bbadabf8b3c

  • SHA512

    4b0c8d4ea10b6e5441770dfadc8066fc4c0c66820d6f0b8fb3b5f4057569dc7e529e2bab53e438367cbe0325cbe547ab4cca356cc1c2ea2ca26608e404f88762

  • SSDEEP

    98304:O/wBKqI22QCN2zxZKYlCxNZ6r1kVoqZIt1j7quFwXiyfqydthXUokPZU7k9SCEq9:8wRI22g2Y8VVdIL7h6XicqEC67k9aLI

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\mods\RDR2Upscaler.dll,#1
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:1484

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1484-0-0x00007FFE3AD10000-0x00007FFE3AD12000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1484-3-0x00007FFE1C7A6000-0x00007FFE1CB1C000-memory.dmp

          Filesize

          3.5MB

          Download

        • memory/1484-1-0x00007FFE1C300000-0x00007FFE1D20F000-memory.dmp

          Filesize

          15.1MB

          Download

        • memory/1484-6-0x00007FFE1C300000-0x00007FFE1D20F000-memory.dmp

          Filesize

          15.1MB

          Download