Overview

overview

7

Static

static

3

HyperPlay-...1).exe

windows7-x64

4

HyperPlay-...1).exe

windows10-2004-x64

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

HyperPlay.exe

windows7-x64

1

HyperPlay.exe

windows10-2004-x64

7

LICENSES.c...m.html

windows7-x64

3

LICENSES.c...m.html

windows10-2004-x64

3

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows7-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

1

libGLESv2.dll

windows10-2004-x64

1

resources/...dl.exe

windows7-x64

7

resources/...dl.exe

windows10-2004-x64

7

resources/...ry.exe

windows7-x64

7

resources/...ry.exe

windows10-2004-x64

7

resources/...d-0.js

windows7-x64

3

resources/...d-0.js

windows10-2004-x64

3

resources/...d-1.js

windows7-x64

3

resources/...d-1.js

windows10-2004-x64

3

resources/...d-2.js

windows7-x64

3

resources/...d-2.js

windows10-2004-x64

3

resources/...d-3.js

windows7-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-09-2024 18:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    resources/app.asar.unpacked/build/bin/win32/legendary.exe

  • Size

    8.0MB

  • MD5

    b1a5b3b4e07abfc2ee05060f22c1f5ce

  • SHA1

    20742af782f46c7ac1fd8ae082e2f6df118245bd

  • SHA256

    a9e49373c3e683bb6250fa3edb5c40f7d855799d4bdadc8bfeceebffda13e5f7

  • SHA512

    0de6522cc0b069c58334e52f768a6089c058bd0b53859262b0067292cba001e62b4b1d6832e71047fa5d71e5437463d4f33f41001619546106a4f0fbbf92b545

  • SSDEEP

    196608:2UQaoaQQ8Sf/MnfICteEroXx7IP0oTcMsABqlofymn1lGT06y3R:DQaoaQQd/gfInEroXOMogFABqS/14T0r

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 17 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\build\bin\win32\legendary.exe
    "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\build\bin\win32\legendary.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4892
    • C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\build\bin\win32\legendary.exe
      "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\build\bin\win32\legendary.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:4836
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c "ver"
        3⤵
          PID:1748
        • C:\Windows\SYSTEM32\cmd.exe
          cmd /K echo>nul
          3⤵
            PID:2224

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\_MEI48922\VCRUNTIME140.dll
        Filesize

        94KB

        MD5

        a87575e7cf8967e481241f13940ee4f7

        SHA1

        879098b8a353a39e16c79e6479195d43ce98629e

        SHA256

        ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

        SHA512

        e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI48922\_bz2.pyd
        Filesize

        84KB

        MD5

        4fdf3bc5548f98264ccedca2e400e8ef

        SHA1

        9254a0a3f16a0dabc11504bbd8bd3b425702a0b6

        SHA256

        cb2b8853ccf149b0b175769cb8ed6e2f9c2cbec0af3d8835c43570fd91da1b4f

        SHA512

        3bc15f142da4708c9e564fded1207f9502c5efb93c63e9db34caa931ee3d628c3eef66dc2adb42d796f7a2e1908bbe26d917aecd151fbc241d9efc67c8a7f63d

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI48922\_ctypes.pyd
        Filesize

        123KB

        MD5

        a1b81ce092c5a2c9afd13b5cae872441

        SHA1

        05b695dbb5e62adb368d8bd142f667b2e7e9d437

        SHA256

        eb5ebeb25888ff124abd0db3e08577b84538e62610107fe4e008d7c188a78210

        SHA512

        5158e462b0aeebf711e42363cf9ca1ac546958154257cc3063ba4575da28c2a7c95b1527a54adfa00d9b3c6f8832aedd97e6c79f5cd70a47146afb0f1afa288a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI48922\_hashlib.pyd
        Filesize

        64KB

        MD5

        cc06750ac9811e6b0ebe1482c032b0cf

        SHA1

        db0e43e4c0082d44b9385d6d94a68ecc72fd99e7

        SHA256

        9a1ffa72a808fdfe88dd8f9e7083b285edf246df07c35ac032dc45d905f58fce

        SHA512

        ededec073f5651cdf2f0ed6a74278b0df630871f2ccad7d831a908a7e3efa4e5bed96d38647706add29963a515c9a13051f1457ae934d5ff75129e41bb4cd8dd

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI48922\_lzma.pyd
        Filesize

        159KB

        MD5

        ce4a35fc25d50497e8be0e75ff8d61b3

        SHA1

        19325e4bfe74289f062b657df082e47ac7bc14eb

        SHA256

        e352c77f7810ea83617ed096626ac9c3d628726def47551f90741d201c1f3b3d

        SHA512

        380b2be74d440b44c0abad4cfe3cddffbb36ca53d844dfe262b869cff0309f0758a86d220eb8c19eea4f18e823906c90ca2c8566e8e59e5c3e25ddc9d149cdb9

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI48922\_queue.pyd
        Filesize

        28KB

        MD5

        1b1a7cb8fd95c0d9741462de11abd43d

        SHA1

        6ec962cfd0d9f0dc69c9c1d424fe6fee591fe278

        SHA256

        3c907316271b15935ff400b65d24f229feb980a5be9cb4ad9f79f210ff0b884c

        SHA512

        8136ec741210ce8be2d2bccd013ee29d154f61f41188faff81c16fa8cfd143870200a757cda7d0f5da738409339c87d6b5c80517c8596fd5d6291dd8164a57cf

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI48922\_socket.pyd
        Filesize

        78KB

        MD5

        439b4d756cde64fba441e640df56dd60

        SHA1

        881dbf2366915399b3bb8be6083f94f46eebaaf7

        SHA256

        acb377fd6967b2ce819601c7d6a102d30af570eaee9e312e383f34aecd5df142

        SHA512

        ef4b78e9f6cc740696836062dffa956ee5b9d1f0be8d809497ea778fea80761fc5b3baa938756344edc18dbaeeae6fe660f2ee8fcc25e0d7985e55f4461e3c33

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI48922\_ssl.pyd
        Filesize

        151KB

        MD5

        5e2ee0a0277ffe2bd854abb898310d43

        SHA1

        774cf06c1e6f68c86bf107353e3f4e9df0ec40dd

        SHA256

        75ae15b70eaa1950cf259fed95ade499d7c6dfefffdf4c3292c46bd24da25902

        SHA512

        4b593b35373d69b59dd01164e09919862ac76f0e38a97fec458265add610a0dc9bca7287462668eea5b312c741e3c3644019df2f31b20bc6f764c95c968792bd

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI48922\_uuid.pyd
        Filesize

        23KB

        MD5

        c6ced76f58eb9bcc88dfea9b4a11d974

        SHA1

        de636f32fa2e32785b2dbbd697ae8e0bce3c6540

        SHA256

        e4cd5a2b7be54e858592f451b84280397aa8d6546906bc6834170a24a3857fae

        SHA512

        7fc5d18ed6165713164aaa6e84377517d5f8c3129bbf65659952a5ee108bebd4da27b1a40053885577bc2cf478fa60cf73e0c97f5b0b2cb0fe63b5712385c80b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI48922\base_library.zip
        Filesize

        678KB

        MD5

        3ae15fe280ecda05eed0cab7624af175

        SHA1

        17b9c742b740ac67674963a2e57a9a3a2cc90e48

        SHA256

        5a189878f57afdcc6b45f03f641f58bf736ace225d5f7f0a4898b802bfabf090

        SHA512

        750c11240a5df35edbdd1e45a4cb1d0aa67ba117fd0ce4bb999ac85940322d33694645f9c104c888f3e265bb476055aaa5d4f99fe991d594369f02d2b903a2ef

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI48922\libcrypto-1_1.dll
        Filesize

        3.3MB

        MD5

        63c4f445b6998e63a1414f5765c18217

        SHA1

        8c1ac1b4290b122e62f706f7434517077974f40e

        SHA256

        664c3e52f914e351bb8a66ce2465ee0d40acab1d2a6b3167ae6acf6f1d1724d2

        SHA512

        aa7bdb3c5bc8aeefbad70d785f2468acbb88ef6e6cac175da765647030734453a2836f9658dc7ce33f6fff0de85cb701c825ef5c04018d79fa1953c8ef946afd

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI48922\libffi-7.dll
        Filesize

        32KB

        MD5

        eef7981412be8ea459064d3090f4b3aa

        SHA1

        c60da4830ce27afc234b3c3014c583f7f0a5a925

        SHA256

        f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

        SHA512

        dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI48922\libssl-1_1.dll
        Filesize

        678KB

        MD5

        bd857f444ebbf147a8fcd1215efe79fc

        SHA1

        1550e0d241c27f41c63f197b1bd669591a20c15b

        SHA256

        b7c0e42c1a60a2a062b899c8d4ebd0c50ef956177ba21785ce07c517c143aeaf

        SHA512

        2b85c1521edeadf7e118610d6546fafbbad43c288a7f0f9d38d97c4423a541dfac686634cde956812916830fbb4aad8351a23d95cd490c4a5c0f628244d30f0a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI48922\pyexpat.pyd
        Filesize

        198KB

        MD5

        ea357d1bb9d07864ed9328273d903ab7

        SHA1

        68ca51aa0d6bc2f127e3d1203449ad28115c1099

        SHA256

        395540306001f1b0efc4cdb3a061d851cb0ea13279fc470428379c7ad04402a7

        SHA512

        abb990e33c205b8aa513ffbb13e2caf8027cb69e7ca57ed4dcef011e87dd6e328862e708e007684d0e5bb191ecbc34bfeb55cfb0f8fc731672fff4fb8b02d6ae

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI48922\python39.dll
        Filesize

        4.3MB

        MD5

        789b4ecbce732a7e8479e8909f097d16

        SHA1

        a79c2e1ca0ad675a48f3bba0fbdeff1b888f0e74

        SHA256

        8314174dacfc1c4f177be8266c78f147621cf577a39742642a76ec27e7b87b02

        SHA512

        b9b57ff21735c06f4b3957cdd5a3ab54602a7141f1792de52aea0e6fc41be957070b958ab75b1a26a302b6fb17a02e9a187ad289a6af0c72a5ade43b4bf06e6d

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI48922\select.pyd
        Filesize

        28KB

        MD5

        db414debf94abe8d159f42f71fd4c292

        SHA1

        1b585a565d6c769a9323885d0f3af2038fb06dfe

        SHA256

        2a451074afe05260fc274fba6851f8f96cd46ad32b657d876dd55f237244b6e3

        SHA512

        16a35bacd1511a327dd490304b48d7b2b87e906e693283950c46b3ae4da5db1f68d50b937f3e31329d106e92751456a9f31637495b2b8190b5f2a4a49c9146a5

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI48922\ucrtbase.dll
        Filesize

        977KB

        MD5

        5b1c91b53ac3c3026d50de8c05aba139

        SHA1

        b9c2d160b1ce856d9904a340362236473a3d559c

        SHA256

        d804ea40eacfc22a5e029b66d6d4f83d81f76a7ead80313b33839253f90af6b7

        SHA512

        8e01056830e65320d684245bf055305e03ef136545efb51aad484a5b1b006f7d534c30b7973da8628f49c31710ae23d3420f941156c941172b97efe9e1ef9a1f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI48922\unicodedata.pyd
        Filesize

        1.1MB

        MD5

        8a888fc01d0ed182f4c6e3ddc27665eb

        SHA1

        1c5af90831ca65c4ece4c0b23110ad81c28d281c

        SHA256

        3efd2cfb8f29e914e002a244b2072ad9ed595abcb9179759020f3a10c9089204

        SHA512

        e3f85f612a02681d972f26683ee69b9f454497e0c32e8d44a8cc63fa496604467a3be3cd924fdb503d1eb6c9af030d44c462da0bdffed3d83e6b42c211ddc19a

        Download Submit