505e786f8a6e6d0ef413036b10177f619d4c2e65960063e20d1cbcdb8ac4099b

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 00:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Super Mario 64 - N viejo/Super Mario 64 - N viejo.exe
Size

10.4MB
MD5

678f8f3e3318297ad5d10fcd0a28031c
SHA1

5bd8c9e24ccdb2b7748a5f30cc0a28579ba9d85b
SHA256

96ad2703473931cee48361aa938d27271087b23fd37965989fd7aad629f92cea
SHA512

58e94ecf6338c781b45bcbf1fb4beebfa0eeed5e74a10589041f3ede1f287eb79c5d9c6f3a31d1534a43dd8bf738fb6d73a99ef65d07470917fa5739c83984c3
SSDEEP

196608:WiSoon4CXXfQd541qhf1LSAMXKHn2thR+2fIbyToI/hf8tDw0SvnaBwMMd1T:Wv34CXPQd541g3qKHSNyyToINE00Ywwr

Score

7^/10

aspackv2 discovery upx

Malware Config

Signatures

ASPack v2.12-2.42 6 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x0006000000016d30-78.dat	aspack_v212_v242
behavioral1/files/0x0006000000016d39-84.dat	aspack_v212_v242
behavioral1/files/0x0006000000016d5d-90.dat	aspack_v212_v242
behavioral1/files/0x0006000000016ceb-93.dat	aspack_v212_v242
behavioral1/files/0x0006000000016d20-102.dat	aspack_v212_v242
behavioral1/files/0x0006000000016d49-109.dat	aspack_v212_v242

Executes dropped EXE 2 IoCs

pid	Process
2704	Mario64.exe
2492	Emulador.exe

Loads dropped DLL 13 IoCs

pid	Process
2344	Super Mario 64 - N viejo.exe
2344	Super Mario 64 - N viejo.exe
1164	cmd.exe
1164	cmd.exe
2492	Emulador.exe
2492	Emulador.exe
2492	Emulador.exe
2492	Emulador.exe
2492	Emulador.exe
2492	Emulador.exe
2492	Emulador.exe
2492	Emulador.exe
2492	Emulador.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0009000000015eb1-46.dat	upx
behavioral1/memory/2704-55-0x0000000000400000-0x0000000000452000-memory.dmp	upx
behavioral1/memory/2704-94-0x0000000000400000-0x0000000000452000-memory.dmp	upx
behavioral1/memory/2704-132-0x0000000000400000-0x0000000000452000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Super Mario 64\Plugin\Zilmar_Audio.$$A	Super Mario 64 - N viejo.exe
File opened for modification	C:\Program Files (x86)\Super Mario 64\Logs\Direct3D8 Error.log	Emulador.exe
File created	C:\Program Files (x86)\Super Mario 64\Desinstalador.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Plugin\Jabo_Direct3D8.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Plugin\NRage_DInput8_V2.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Plugin\Jabo_DInput.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Plugin\Jabo_Dsound.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Project64.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Save\SUPER MARIO 64.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\ico.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Mario64.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Plugin\Adaptoid_v1_0.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Super Mario 64.$$A	Super Mario 64 - N viejo.exe
File opened for modification	C:\Program Files (x86)\Super Mario 64\Desinstalador.exe	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Emulador.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Plugin\No Sound.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Project64.exe.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Plugin\Jabo_Direct3D6.$$A	Super Mario 64 - N viejo.exe
File created	C:\Program Files (x86)\Super Mario 64\Plugin\RSP.$$A	Super Mario 64 - N viejo.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2492	Emulador.exe
2492	Emulador.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2704 wrote to memory of 1164	2704	Mario64.exe	33
PID 2704 wrote to memory of 1164	2704	Mario64.exe	33
PID 2704 wrote to memory of 1164	2704	Mario64.exe	33
PID 2704 wrote to memory of 1164	2704	Mario64.exe	33
PID 1164 wrote to memory of 2492	1164	cmd.exe	35
PID 1164 wrote to memory of 2492	1164	cmd.exe	35
PID 1164 wrote to memory of 2492	1164	cmd.exe	35
PID 1164 wrote to memory of 2492	1164	cmd.exe	35

C:\Users\Admin\AppData\Local\Temp\Super Mario 64 - N viejo\Super Mario 64 - N viejo.exe
"C:\Users\Admin\AppData\Local\Temp\Super Mario 64 - N viejo\Super Mario 64 - N viejo.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:2344

C:\Program Files (x86)\Super Mario 64\Mario64.exe
"C:\Program Files (x86)\Super Mario 64\Mario64.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\1A16.tmp\Mario64.bat" "
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1164
- - C:\Program Files (x86)\Super Mario 64\Emulador.exe
    Emulador.exe Super Mario 64.n64
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious use of SetWindowsHookEx
    PID:2492

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc
1⤵
PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Super Mario 64\Emulador.exe

Filesize
189KB

MD5
be5961ce4de0b363069910edb897498b

SHA1
ffed3dd42551d0e560eb2596defdd16547d8d5fa

SHA256
8d7d373d024206f7513721b320ef3359b885aa6ea73dc2c14b3a42f0c099be2b

SHA512
a4c73543926b68922c86000ed3b966acba53fb25521cf473d3f5f98b4bb416dc9ba50224406764d3bf890c9fbd9394cb1a5c9d4eb88d7fbff3869c73f7b2013d

Download Submit
C:\Program Files (x86)\Super Mario 64\Mario64.exe

Filesize
155KB

MD5
5925382327d825d10a9b169490bd9a64

SHA1
3c3d4bfb6190da8b94a25126c24e91601d1a8d24

SHA256
449b360739a7c667ddfb44f9a7b9a77967765b4a915c7b64a09d077acd0768e0

SHA512
6ffab3fbc57330072c46d8f3c0c7a108575e61bb3333bbac3cbb3950e165a58fabc39782337068faeb755c7660d8d379d1a18ba29fd9f9fa07379ae9dd376d76

Download Submit
C:\Program Files (x86)\Super Mario 64\Plugin\RSP.dll

Filesize
107KB

MD5
23706412ee7a8e7c2c2aa218f9258dd8

SHA1
67fab0e559f4068298b4ca8a682dd2e63be4ac07

SHA256
cdf1a04e877aa9ed57f9446b34a2bdf12cf263542bd461f6a4354d458721abf9

SHA512
b77e1ff74269c7c031bec751162e92305038192952d282e8853d37766f71db62b0dfb99ffcd1139fe866f7b1290a41804c279d7e06fc4718bb7c1c3e2c6404a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\1A16.tmp\Mario64.bat

Filesize
31B

MD5
87d6025ae92be37a310adc5ba90d105e

SHA1
ba032dbc50129b1513fa630a69c3dc6e89575c3e

SHA256
28be29da2836e6de8890bb709fb57058dc40cee6c7ebf3e98ec559ef11ef4b35

SHA512
0a131368444ce396883001556c127a61350de3faa16db87e12372d5ff03b65f25f7ab8611a48d0d05d01d9144d9a244433f0e6852ece8474455be10c3d2724d1

Download Submit
\Program Files (x86)\Super Mario 64\Plugin\Adaptoid_v1_0.dll

Filesize
4KB

MD5
e88b25e65403638f5ca3f6e373f3d4e5

SHA1
514818c42c22990266e4269822a4ca6c07acc0cf

SHA256
127ade4ef446ea5a10345b0b3161e9e3c30f4adbf010f5a7f8c2fec40fb08daa

SHA512
86fbbddb8e89b52def31fedac31fdd5ab7d26f3e390311ae502622e90743da04b71b73dba4453e71ac9ee259d52fe3cd6f77505462a049d67b7099df3ec96153

Download Submit
\Program Files (x86)\Super Mario 64\Plugin\Jabo_DInput.dll

Filesize
67KB

MD5
d5f798c360aaac128b0fc4a211688ccd

SHA1
4b55d92fda42f108bd0e22503afd905754e95caf

SHA256
0468fc03d5bfd4e47fb0c5f69c657cab62e4bbb2c8948949b4a1d106648ab99e

SHA512
517bce1e5fd1ce06d9d8986e936a0029bf05fd8b6518ea56df7257eb540a2fa722bb799ac2c36a2223f973f074cee29c648720fe01c7b25a77578e828bb1b5d5

Download Submit
\Program Files (x86)\Super Mario 64\Plugin\Jabo_Direct3D6.dll

Filesize
126KB

MD5
2811a6d5a8052833ef0162e47fda3ad1

SHA1
e5e4532c6831def6cce487eb48af043e4ba7d836

SHA256
fad4e693de17021dd7b2598789f80346047940191d3ca8ed3144bba33a4823ab

SHA512
b53a91e17ad6b6a971ad183eb86ecfb1f40720b65bad934fd5c44fb56d69f4eb3e98955779e99f6b0bc1dc659b8fa94bc7d181d27274a95f26bc284c46b4b592

Download Submit
\Program Files (x86)\Super Mario 64\Plugin\Jabo_Direct3D8.dll

Filesize
232KB

MD5
ff57f60c58ede6364b980edcb311873b

SHA1
5ec6e231f780d9eafa6ee855e0f4968a7f8c347d

SHA256
05536c82c764f24038bd6f22d47a5427318ce3118bbe1bb798c8309d40f00fcf

SHA512
1e3b5d1bd93cf36dcd862869374d7931eedb1578ceec635c1972f302bd1abaa2d9a63721a2ca9ab4fe1fda8f268f352c70e8a35c8bae91253cb2b4eb1bc7234d

Download Submit
\Program Files (x86)\Super Mario 64\Plugin\Jabo_Dsound.dll

Filesize
53KB

MD5
d5f1a6d72a4eb2e7adf1f5b803e97419

SHA1
d8a93e436e488279d40e0e79a4a04f4ff175f36a

SHA256
9955b91ace2f7e87ec5034274228906e43dac4961abbd296aedfb378b7b3ccf6

SHA512
238b8fd0115f6a820498445d6a2c1cd21e46138272edcb7355cce28ae8aad070e10065c99c95e5d4b03238b8d3b66d2652ad6162e1bb687a99ee6d900ce17ec7

Download Submit
\Program Files (x86)\Super Mario 64\Plugin\NRage_DInput8_V2.dll

Filesize
52KB

MD5
f5296ecc4d6ea5605291de9203032a82

SHA1
8e72558a56adb82f3ed939c39f67718a0068400e

SHA256
f73c37453aaa866e3fac9cc495b5ccad2822889dda731f36fc3e66d4cb91c1e3

SHA512
659578baaaa5711b440c0e717f6404ecdb3001dc7c49bacd6cd63f43f4e556c8f67461d5e4ce34d1a0d1fd3ce834d6734df431dc4c2c414dbdb1094ab7ce38ce

Download Submit
\Program Files (x86)\Super Mario 64\Plugin\No Sound.dll

Filesize
36KB

MD5
4d43f52f54c1db281839c2510c4b641d

SHA1
1367b1a1e868df1def9a3cd3d677a3ab53e6f9d0

SHA256
f28d8965860ae4b9d6360d14e47ea31752d83797d5616b5aaac2a5834b8701da

SHA512
94016510b0f4f319423a1772ced572e8c83a875491eb577e1d5647af1ee6a2ef0e37978cf4f44d132c8f68a2068cfa7503c2a387732b3472c8dc52edb5d37e47

Download Submit
\Program Files (x86)\Super Mario 64\Plugin\Zilmar_Audio.dll

Filesize
56KB

MD5
0795c9f1a13113701e5d15b725f21f70

SHA1
0a7424444930a233564deb0bc9d5330a3ae84ce8

SHA256
b652923c13c759d9a4425322e5867342e42f1289e2158bf86679d4958403a9c8

SHA512
30b10ef6534534030365f64d6e25f0ae634bf2201fbb5c7b9de06cf25372fc06734c019a68fe19a8db9deec48748da6cb3d35b835983305ecc29b54d6c73eff6

Download Submit
memory/1164-76-0x0000000002320000-0x0000000002474000-memory.dmp

Filesize
1.3MB

Download
memory/1164-75-0x0000000002320000-0x0000000002474000-memory.dmp

Filesize
1.3MB

Download
memory/2344-47-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/2344-53-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/2492-81-0x0000000010000000-0x00000000100A0000-memory.dmp

Filesize
640KB

Download
memory/2492-103-0x0000000004F60000-0x0000000005047000-memory.dmp

Filesize
924KB

Download
memory/2492-89-0x0000000003DB0000-0x0000000003DE6000-memory.dmp

Filesize
216KB

Download
memory/2492-87-0x0000000003940000-0x0000000003965000-memory.dmp

Filesize
148KB

Download
memory/2492-127-0x0000000010000000-0x00000000100A0000-memory.dmp

Filesize
640KB

Download
memory/2492-97-0x0000000004640000-0x0000000004660000-memory.dmp

Filesize
128KB

Download
memory/2492-96-0x00000000045D0000-0x0000000004617000-memory.dmp

Filesize
284KB

Download
memory/2492-95-0x0000000004660000-0x0000000004685000-memory.dmp

Filesize
148KB

Download
memory/2492-85-0x00000000038C0000-0x0000000003932000-memory.dmp

Filesize
456KB

Download
memory/2492-98-0x0000000004690000-0x0000000004699000-memory.dmp

Filesize
36KB

Download
memory/2492-86-0x0000000002E40000-0x0000000002EDA000-memory.dmp

Filesize
616KB

Download
memory/2492-82-0x0000000002E10000-0x0000000002E31000-memory.dmp

Filesize
132KB

Download
memory/2492-107-0x0000000004DE0000-0x0000000004DEB000-memory.dmp

Filesize
44KB

Download
memory/2492-80-0x0000000001FC0000-0x00000000020C5000-memory.dmp

Filesize
1.0MB

Download
memory/2492-104-0x0000000004E90000-0x0000000004F5F000-memory.dmp

Filesize
828KB

Download
memory/2492-88-0x0000000003970000-0x00000000039A9000-memory.dmp

Filesize
228KB

Download
memory/2492-113-0x0000000004DE0000-0x0000000004DF0000-memory.dmp

Filesize
64KB

Download
memory/2492-79-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/2492-110-0x0000000004E00000-0x0000000004E30000-memory.dmp

Filesize
192KB

Download
memory/2492-128-0x0000000002E40000-0x0000000002EDA000-memory.dmp

Filesize
616KB

Download
memory/2492-114-0x0000000004DE0000-0x0000000004DFF000-memory.dmp

Filesize
124KB

Download
memory/2492-117-0x0000000010000000-0x00000000100A0000-memory.dmp

Filesize
640KB

Download
memory/2492-120-0x0000000004640000-0x0000000004660000-memory.dmp

Filesize
128KB

Download
memory/2492-118-0x0000000002E40000-0x0000000002EDA000-memory.dmp

Filesize
616KB

Download
memory/2492-116-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/2492-122-0x0000000000400000-0x0000000000554000-memory.dmp

Filesize
1.3MB

Download
memory/2492-130-0x0000000004640000-0x0000000004660000-memory.dmp

Filesize
128KB

Download
memory/2492-129-0x00000000045D0000-0x0000000004617000-memory.dmp

Filesize
284KB

Download
memory/2704-55-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2704-94-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2704-132-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download