Overview

overview

3

Static

static

3

Data/Data.pkg

windows7-x64

3

Data/Data.pkg

windows11-21h2-x64

3

Data/MiniGames.pkg

windows10-2004-x64

3

Data/MiniGames.pkg

windows11-21h2-x64

3

Data/Wallpapers.pkg

windows10-1703-x64

3

Data/Wallpapers.pkg

windows11-21h2-x64

3

Modmanager.exe

windows10-2004-x64

1

Modmanager.exe

windows11-21h2-x64

1

Updater.exe

windows10-2004-x64

1

Updater.exe

windows11-21h2-x64

1

fmodex64.dll

windows10-2004-x64

1

fmodex64.dll

windows11-21h2-x64

1

unrar.dll

windows7-x64

1

unrar.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    03-09-2024 03:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Data/Data.pkg

  • Size

    1.1MB

  • MD5

    aeaec052551a78e1eb781c5bf524abac

  • SHA1

    320660749ade56ed3574a8a1fb60b2a1c38caf53

  • SHA256

    b365343dde34e06b088815893978932a1364dfefddb92e398be3c0d006cbe3e9

  • SHA512

    415696f5445d02d5c87407a7531c80567394a62e7968483676554e1921df45153f851b65c569dc38ce41f69e9b6dc4fd6125936a0b1674c4c8634e7f26929268

  • SSDEEP

    24576:onfD2VTF2vXWGjlzAmVskKlVsvdoOOEys5GRCyz:ob2SPWGjlUT1lVsvdcExj4

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Data\Data.pkg
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Data\Data.pkg
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2312
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Data\Data.pkg"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:1208

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    76f8dfdfa6c82c5a970a540914211e9d

    SHA1

    8b3be7eaff4c638552cf1f65274c75e21335ddc4

    SHA256

    df456d145947805e3d38919f37fdafc30e8a2fbb5441cbf233a41cc00c7ad308

    SHA512

    9f26bb6b10b2a646ed2e1c21d4c01a83a06417c5a115d83a0141c1d1f090cc5a6b37c99a9bb8d8125aadacad79d2e080d06e170c64bbc834cc125cfab14edf32

    Download Submit