Overview

overview

6

Static

static

3

ChessBot_demo.zip

windows7-x64

1

ChessBot_demo.zip

windows10-2004-x64

1

ChessBotX ...c.book

windows7-x64

3

ChessBotX ...c.book

windows10-2004-x64

3

ChessBotX ...M.book

windows7-x64

3

ChessBotX ...M.book

windows10-2004-x64

3

ChessBotX ...ot.exe

windows7-x64

5

ChessBotX ...ot.exe

windows10-2004-x64

5

ChessBotX ...+0.cfg

windows7-x64

3

ChessBotX ...+0.cfg

windows10-2004-x64

3

ChessBotX ...y).cfg

windows7-x64

3

ChessBotX ...y).cfg

windows10-2004-x64

3

ChessBotX ...em.cfg

windows7-x64

3

ChessBotX ...em.cfg

windows10-2004-x64

3

ChessBotX ...st.ini

windows7-x64

1

ChessBotX ...st.ini

windows10-2004-x64

1

ChessBotX ...sh.cfg

windows7-x64

3

ChessBotX ...sh.cfg

windows10-2004-x64

3

ChessBotX ...32.cfg

windows7-x64

3

ChessBotX ...32.cfg

windows10-2004-x64

3

ChessBotX ...gs.ini

windows7-x64

1

ChessBotX ...gs.ini

windows10-2004-x64

1

ChessBotX ...ys.cfg

windows7-x64

3

ChessBotX ...ys.cfg

windows10-2004-x64

3

ChessBotX ...ts.cfg

windows7-x64

3

ChessBotX ...ts.cfg

windows10-2004-x64

3

ChessBotX ...s.dcfg

windows7-x64

3

ChessBotX ...s.dcfg

windows10-2004-x64

3

ChessBotX ...a1.mp3

windows7-x64

1

ChessBotX ...a1.mp3

windows10-2004-x64

6

ChessBotX ...a2.mp3

windows7-x64

1

ChessBotX ...a2.mp3

windows10-2004-x64

6

Analysis

  • max time kernel
    18s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    26/08/2024, 01:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ChessBotX Trial/Config/system.cfg

  • Size

    28KB

  • MD5

    f2d495f2d48fa663dddd3e7854bdd090

  • SHA1

    e11753d83d66ae0e2192ec87de4787c09d377d1d

  • SHA256

    41781b442fc1d620ad58f59e2797dec3756f4cb817482339240fbc90ff2d8089

  • SHA512

    23fce4d25818589a4179ab3344a04848c7a859288fd2a5951ea16e101dbbba2b670cfc7b7ac98d45d1c8d8f5e5f259d07747e679d3b45eb7749f7c6e340ad206

  • SSDEEP

    384:FJdzwzoMZSFbnJn5lJxTAE5ruZfeqxrkf8myv5z:i

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 9 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\ChessBotX Trial\Config\system.cfg"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\ChessBotX Trial\Config\system.cfg
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2212
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ChessBotX Trial\Config\system.cfg"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    1660973968304e474c9d15468d46ad0d

    SHA1

    1622d8c93ea4457fd73b4ab750470c63fd9abd28

    SHA256

    e0c826ffcdaae239e535d6c3998aa47e59cbf580435f8b8debb06f13cc6637bc

    SHA512

    2237c930aeb4a8a3962b1460fc9facfd25778a998e3f39cf813ed1e88be202db59f6e2c601005675d21cf54c2d79cd047f8643654aa1c4c30cf9933d8a395bd8

    Download Submit