Overview

overview

7

Static

static

3

underversebattles.exe

windows7-x64

7

underversebattles.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/vcre...15.exe

windows7-x64

7

$TEMP/vcre...15.exe

windows10-2004-x64

7

GMS-WinDev.dll

windows7-x64

1

GMS-WinDev.dll

windows10-2004-x64

1

NekoPresence_x64.dll

windows7-x64

1

NekoPresence_x64.dll

windows10-2004-x64

1

UnderverseBattles.exe

windows7-x64

1

UnderverseBattles.exe

windows10-2004-x64

1

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

gamepad_fo...us.dll

windows7-x64

1

gamepad_fo...us.dll

windows10-2004-x64

1

netlog/netlog.exe

windows7-x64

1

netlog/netlog.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-07-2024 23:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    UnderverseBattles.exe

  • Size

    11.8MB

  • MD5

    99046feb2eaaacfc31797895bd3eaf00

  • SHA1

    f39c66c46c2d506b01db36d3b9a0226418470906

  • SHA256

    d8eb91a821585b3dc778222a7782515a5b404e59dd92a9988ccb1b1003f4e621

  • SHA512

    de88ec355a37596488caefe6f6862743144b90ca9389118d52215d240e87e6452f8b317d125c7e9892e6e9f3ae8c5823e546fe6ca573358f6244e5182a021e81

  • SSDEEP

    196608:OXDu1wa1XYwsUkxCWU8lAuIUTcEM2QDoQaMRq+AraAuLOUUjrsQUSKNjeI2Cmzls:OIHrmaNO0/L

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\UnderverseBattles.exe
    "C:\Users\Admin\AppData\Local\Temp\UnderverseBattles.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1840
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x2c8 0x464
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads