Overview

overview

10

Static

static

10

Battlefiel...all-sh

windows10-1703-x64

1

Battlefiel...est.sh

windows10-1703-x64

3

Battlefiel...lat.sh

windows10-1703-x64

3

Battlefiel...at1.sh

windows10-1703-x64

3

Battlefiel...ian.sh

windows10-1703-x64

3

Battlefiel...eed.sh

windows10-1703-x64

3

Battlefiel...eed.sh

windows10-1703-x64

3

Battlefiel...ose.sh

windows10-1703-x64

3

Battlefiel...nts.sh

windows10-1703-x64

3

Battlefiel...st.exe

windows10-1703-x64

3

Battlefiel...PY.exe

windows10-1703-x64

3

Battlefiel...al.bat

windows10-1703-x64

3

Battlefiel...tf.dll

windows10-1703-x64

3

Battlefiel...et.dll

windows10-1703-x64

3

Battlefiel...es.bat

windows10-1703-x64

1

Battlefiel...ts.dll

windows10-1703-x64

3

Battlefiel...nv.dll

windows10-1703-x64

3

Battlefiel...tl.dll

windows10-1703-x64

3

Battlefiel...-0.dll

windows10-1703-x64

3

Battlefiel...-0.dll

windows10-1703-x64

3

Battlefiel...-0.dll

windows10-1703-x64

3

Battlefiel...-0.dll

windows10-1703-x64

3

Battlefiel...rol.py

windows10-1703-x64

3

Battlefiel...sh.bat

windows10-1703-x64

1

Battlefiel..._r.dll

windows10-1703-x64

3

Battlefiel..._r.dll

windows10-1703-x64

3

Battlefiel...st.exe

windows10-1703-x64

3

Battlefiel..._r.dll

windows10-1703-x64

3

Battlefiel..._r.dll

windows10-1703-x64

3

Battlefiel...ns.xls

windows10-1703-x64

1

Battlefiel...lp.xls

windows10-1703-x64

1

Battlefiel...or.doc

windows10-1703-x64

1

Analysis

  • max time kernel
    74s
  • max time network
    80s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    27-07-2024 00:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Battlefield 2/RendDX9_r.dll

  • Size

    5.3MB

  • MD5

    9d8aa1ab1dce45154b30da3a6ec0d4b2

  • SHA1

    ec5e4aab9d44c4ad5fef99a95a8257e1454fa957

  • SHA256

    dd0ee12ac2e3ee61f97a57cfd0d2317df9323513547fc9c4f8ea73e0ffebb219

  • SHA512

    12083fa4b8cc7876a9dc4bb41059f49d983a6bd5188efeba439c2f8c71de9e498bf46466aacb0b9e0213f8a258c8dc1eb2542d86e388f417035b73ac1e9b7278

  • SSDEEP

    49152:1tpVce1vENJ1cYkBO5OqInUYfYZV30TO8rcHo50Atm8/YcAAQ:vpee1spc4ITfKV338rb0Atxc

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Battlefield 2\RendDX9_r.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4340
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Battlefield 2\RendDX9_r.dll",#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads