Overview

overview

10

Static

static

3

ResIL.dll

windows7-x64

1

ResIL.dll

windows10-1703-x64

3

ResIL.dll

windows10-2004-x64

1

ResIL.dll

windows11-21h2-x64

3

libGLESv2.dll

windows7-x64

3

libGLESv2.dll

windows10-1703-x64

3

libGLESv2.dll

windows10-2004-x64

3

libGLESv2.dll

windows11-21h2-x64

3

res_mods/1...zA.exe

windows7-x64

1

res_mods/1...zA.exe

windows10-1703-x64

1

res_mods/1...zA.exe

windows10-2004-x64

1

res_mods/1...zA.exe

windows11-21h2-x64

1

setup.exe

windows7-x64

10

setup.exe

windows10-1703-x64

10

setup.exe

windows10-2004-x64

10

setup.exe

windows11-21h2-x64

10

updates/Un...00.exe

windows7-x64

7

updates/Un...00.exe

windows10-1703-x64

7

updates/Un...00.exe

windows10-2004-x64

7

updates/Un...00.exe

windows11-21h2-x64

7

res/vehicl...sh.dds

windows7-x64

3

res/vehicl...sh.dds

windows10-1703-x64

3

res/vehicl...sh.dds

windows10-2004-x64

3

res/vehicl...sh.dds

windows11-21h2-x64

3

vivoxsdk.dll

windows7-x64

1

vivoxsdk.dll

windows10-1703-x64

1

vivoxsdk.dll

windows10-2004-x64

1

vivoxsdk.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    05/07/2024, 16:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    res/vehicles/tank_crash.dds

  • Size

    192B

  • MD5

    4f4d7fe02a793313fb9966531f7076e0

  • SHA1

    b352b14c3fc589541504c11257ccf14928c2f322

  • SHA256

    c9d19ed823de4bafecb5b16f999239e9f59ed1c20e596da4108bfe74e51d864a

  • SHA512

    3fb3bef437ffbf1f7bfe2776aadd214e4f17aaec82dc6b7ce6cb595cb0cbfb4d3ede13dd838f9786f23e9f8f14a62253bfb55a99efaef6e18733823790add248

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\res\vehicles\tank_crash.dds
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1668
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\res\vehicles\tank_crash.dds
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1696
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\res\vehicles\tank_crash.dds"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2724

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    a79473ab2d81e61ee5a1105a3b9aeb2e

    SHA1

    6911a0f9bd82dadcb959552efffee74c5ba725da

    SHA256

    32181284d8df88c817cfb3b664ae33723d46ff35b8029315f7cd0ac513e2a586

    SHA512

    417bdc76ede227a2b8f67e9a2aeb68623df3f5ed4496eebf6580f017b01cf3295190b3d472cf98ed01789c29729c97ecf1b0edf0337c2621f7b81af86f2ba07a

    Download Submit