Overview
overview
3Static
static
3xash/cstri.../cs.so
ubuntu-24.04-amd64
1xash/cstri...d64.so
ubuntu-22.04-amd64
1xash/cstri...mp.dll
windows7-x64
1xash/cstri...mp.dll
windows10-2004-x64
3xash/cstri...cz.dll
windows7-x64
3xash/cstri...cz.dll
windows10-2004-x64
3xash/cstri...al.htm
windows7-x64
1xash/cstri...al.htm
windows10-2004-x64
1xash/cstri...d.html
windows7-x64
1xash/cstri...d.html
windows10-2004-x64
1xash/cstrike/user.scr
windows7-x64
xash/cstrike/user.scr
windows10-2004-x64
xash/valve...UI.dll
windows7-x64
1xash/valve...UI.dll
windows10-2004-x64
1xash/valve...an.dll
windows7-x64
3xash/valve...an.dll
windows10-2004-x64
3xash/valve...ft.ps1
windows7-x64
3xash/valve...ft.ps1
windows10-2004-x64
3xash/valve...rt.ps1
windows7-x64
3xash/valve...rt.ps1
windows10-2004-x64
3xash/valve...zy.ps1
windows7-x64
3xash/valve...zy.ps1
windows10-2004-x64
3xash/valve...gs.scr
windows7-x64
xash/valve...gs.scr
windows10-2004-x64
xash/valve...m1.ps1
windows7-x64
3xash/valve...m1.ps1
windows10-2004-x64
3xash/valve/user.scr
windows7-x64
xash/valve/user.scr
windows10-2004-x64
Analysis
-
max time kernel
121s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
11/07/2024, 00:34
Static task
static1
Behavioral task
behavioral1
Sample
xash/cstrike/dlls/cs.so
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
Behavioral task
behavioral2
Sample
xash/cstrike/dlls/cs_amd64.so
Resource
ubuntu2204-amd64-20240522.1-en
ubuntu-22.04-amd64
Behavioral task
behavioral3
Sample
xash/cstrike/dlls/mp.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral4
Sample
xash/cstrike/dlls/mp.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
xash/cstrike/dlls/zbotcz.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral6
Sample
xash/cstrike/dlls/zbotcz.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
xash/cstrike/manual/manual.htm
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral8
Sample
xash/cstrike/manual/manual.htm
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
xash/cstrike/motd.html
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral10
Sample
xash/cstrike/motd.html
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
xash/cstrike/user.scr
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral12
Sample
xash/cstrike/user.scr
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
xash/valve/cl_dlls/GameUI.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral14
Sample
xash/valve/cl_dlls/GameUI.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
xash/valve/cl_dlls/particleman.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral16
Sample
xash/valve/cl_dlls/particleman.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
xash/valve/gfx/env/2desertft.ps1
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral18
Sample
xash/valve/gfx/env/2desertft.ps1
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
xash/valve/gfx/env/cliffrt.ps1
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral20
Sample
xash/valve/gfx/env/cliffrt.ps1
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
xash/valve/overviews/frenzy.ps1
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral22
Sample
xash/valve/overviews/frenzy.ps1
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
xash/valve/settings.scr
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral24
Sample
xash/valve/settings.scr
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
xash/valve/sound/ambience/rocket_steam1.ps1
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral26
Sample
xash/valve/sound/ambience/rocket_steam1.ps1
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
xash/valve/user.scr
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral28
Sample
xash/valve/user.scr
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
xash/valve/cl_dlls/GameUI.dll
-
Size
823KB
-
MD5
4c8de6f302d592b6da05b386efe8afac
-
SHA1
1bf6ab88c0cd99f0d196a39bdd0e0903e3457fb8
-
SHA256
0c43c0c20f33c5d79fe48e3fa0fefcf37f626ce5a74581a1048171dbf000c10b
-
SHA512
cca592a78f9188a83c35187220dda69dee813427610af0a802377e3ee1a52eee4341f56ecdd02d748a4eca832f0984801146232df70b869c3b817a1545f8beb8
-
SSDEEP
24576:Mtbf+OJdHg811+XochIxmj/a+UkhmqRdi+Kre/lo:b1Ljew48o
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2780 wrote to memory of 2984 2780 rundll32.exe 30 PID 2780 wrote to memory of 2984 2780 rundll32.exe 30 PID 2780 wrote to memory of 2984 2780 rundll32.exe 30 PID 2780 wrote to memory of 2984 2780 rundll32.exe 30 PID 2780 wrote to memory of 2984 2780 rundll32.exe 30 PID 2780 wrote to memory of 2984 2780 rundll32.exe 30 PID 2780 wrote to memory of 2984 2780 rundll32.exe 30