f80cedec9c416f9afc98a4a6eff4494dc6683cd9c1ef2916317de89965222ae5

Analysis

max time kernel
0s
max time network
3s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
23-07-2024 07:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dxgi.dll
Size

15.9MB
MD5

74da2e84e093cf37ddf7fafa8efb69d9
SHA1

03006ceaab59ad848f29102ce240eeff72a80ca0
SHA256

2d378420cc0e6ff92e14eb49eef8f2f86ce1c8d9603dddc7fafff3a0dd3f5d12
SHA512

391703fa33a0dda54d85b4555a88398f37edc3a527414bcdfe2f60437c56f65ccc8d32b5c1c4ccf601407ffe22571ce332421a3ed97b124f525ed7af9c89391a
SSDEEP

196608:ZogZ0YaiLAr7xXwThm8DQD4fAoRSpeDU7AC6oQFQNXyr:d73sJw1D8EgNkC6otX

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2764	rundll32.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\system32\logs\game_output.log	rundll32.exe
File opened for modification	C:\Windows\system32\logs\crash\07-23-2024__07'22'51\crash.log	rundll32.exe
File opened for modification	C:\Windows\system32\logs\crash\07-23-2024__07'22'51\dxgi.log	rundll32.exe
File created	C:\Windows\system32\logs\crash\07-23-2024__07'22'51\dxgi.log	rundll32.exe
File created	C:\Windows\system32\logs\crash\07-23-2024__07'22'51\game_output.log	rundll32.exe
File opened for modification	C:\Windows\system32\logs\crash\07-23-2024__07'22'51\modules.log	rundll32.exe
File created	C:\Windows\system32\logs\dxgi.log	rundll32.exe
File created	C:\Windows\system32\logs\modules.log	rundll32.exe
File created	C:\Windows\system32\logs\crash\07-23-2024__07'22'51\crash.log	rundll32.exe
File opened for modification	C:\Windows\system32\logs\crash\07-23-2024__07'22'51\game_output.log	rundll32.exe
File created	C:\Windows\system32\logs\crash\07-23-2024__07'22'51\modules.log	rundll32.exe
File created	C:\Windows\system32\logs\crash.log	rundll32.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2764	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dxgi.dll,#1
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:2764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\logs\crash\07-23-2024__07'22'51\dxgi.log

Filesize
948B

MD5
3eebc0d932d3ef1fc36ccb77451b72bf

SHA1
d48201e7dc6cd44250f76b2c91c63b73abb15ef6

SHA256
cda83e7b347942528edcbac9e624980e49d28e90d8a42ed596eb34f3a622d5e0

SHA512
dc1ccd46cb1019f22561c2be4ebd83dd83f67dd860c7a9585154621c5bb06009ec7859b5d88dce14a897f59ab78378e41d9be4c82b038767738f94b11c53db4b

Download Submit
C:\Windows\System32\logs\modules.log

Filesize
18KB

MD5
4f3fa764d89c03f082da4db00330da80

SHA1
0e66d9549d3a8ea56b3329a39c59e63874d669d9

SHA256
4cb94931c8ab38bbf03bbd4a4d2a5d5e3a2bab3e03fa0e8a0a518ff74cbcce0f

SHA512
e59a32760947a761835040c0ec9e8b4e91f45e37082962af96f79e4b7d92e8e014f4df14874103a6084c5317439a2454692141e7e437166093d3ff27c338d112

Download Submit
\Users\Admin\Documents\My Mods\SpecialK\Drivers\Dbghelp\dbghelp_sk64.dll

Filesize
1.0MB

MD5
a7a8ca53d9c9fd90c07ab0eb38e5316b

SHA1
8835dbda73b15f87cceedfe707b9166bad409440

SHA256
b98722e76601a98f038f40703c4b8bd21b5ec3b65dc1b07b7c367c06448f8a0e

SHA512
0c2ff532a8505aef8437a11c5518042ab6daf76faeac2aeb952f285773e93256169332864d9c31358ae8705728961e62f6f5387df9a91215b2cc1b5c40ac9a69

Download Submit
memory/2764-3-0x0000000076AD0000-0x0000000076AD4000-memory.dmp

Filesize
16KB

Download
memory/2764-4-0x0000000076D51000-0x0000000076D52000-memory.dmp

Filesize
4KB

Download
memory/2764-17-0x0000000076D00000-0x0000000076EA9000-memory.dmp

Filesize
1.7MB

Download
memory/2764-16-0x0000000076D00000-0x0000000076EA9000-memory.dmp

Filesize
1.7MB

Download