Overview

overview

3

Static

static

3

Cuphead.exe

windows7-x64

1

Cuphead.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    111s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-08-2024 14:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Cuphead.exe

  • Size

    635KB

  • MD5

    25bd891aefdbb386f76f0c18b0139f4b

  • SHA1

    e30747943ab6a86b4f000dd55d50a07dc490fc29

  • SHA256

    c5fffd221234ea520b9b5d545d9fff65eba497a0ce1b852334d293770d7ee02d

  • SHA512

    b7785c8e7e7fa81e234b61267d5d1e2852062e5452b9e1b618ce3890aa1f091e84d13921a0ad387887274a5410cd738d00729f169f308898482cb99b52b2e22a

  • SSDEEP

    6144:w9fYunoPZPS4GWuoSfhzeNKs43sv72Ex:L+oBSTpzG4382Ex

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Cuphead.exe
    "C:\Users\Admin\AppData\Local\Temp\Cuphead.exe"
    1⤵
      PID:2472
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1168
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault003ba904ha2f4h48abh8235h0f4f0e773dcb
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:3056
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffad8d346f8,0x7ffad8d34708,0x7ffad8d34718
          2⤵
            PID:392
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,1217308182772318029,4341444440560554302,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
            2⤵
              PID:1448
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,1217308182772318029,4341444440560554302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 /prefetch:3
              2⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:1360
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,1217308182772318029,4341444440560554302,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
              2⤵
                PID:2888
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:4628
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:652

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  2dc1a9f2f3f8c3cfe51bb29b078166c5

                  SHA1

                  eaf3c3dad3c8dc6f18dc3e055b415da78b704402

                  SHA256

                  dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

                  SHA512

                  682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  5KB

                  MD5

                  31f1ede1270eab1f9bc525f4dfabe61b

                  SHA1

                  476dc6fe8342193d3769c6d90d0a1e7c13ae0385

                  SHA256

                  736bb098e88c0ca4a124e14030874b19a657b222e23e2e4a803e87a8674e2615

                  SHA512

                  d68f50573bbd9c172865f388a578fc7ecd54387eaba3a4e0c7d254536490bc33dbe8649a052711c6f1819ae4cc33791d6b4f5ab0a918f7c71d388d1837fee6db

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                  Filesize

                  8KB

                  MD5

                  17c8f7a7102bf64b2a93087c4826502f

                  SHA1

                  17aea51a3b1337d49060cc941f220a4c1016d28b

                  SHA256

                  732f68cf26b816ed216bd4ff9a18a3ec4ae8cbb50547a03e66b53df3673347e4

                  SHA512

                  fab0f32b23b63cd2dd5848d4fcbb55b1ba3e0ae017d67d36a56b59964097e290cfd8c58e79b5f2a69a18ac449fb871509ced09baff06868b611f7f9eda1c4e8f

                  Download Submit