Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04/09/2024, 13:41

General

  • Target

    StardewXnbHack-develop/StardewXnbHack/Framework/PlatformContext.cs

  • Size

    5KB

  • MD5

    7d531ae18a3ffafe30d07beece4d99fb

  • SHA1

    098481b817bd766e37cc2fafff7496a0de60b54c

  • SHA256

    944663afd7dfe205b0898ab9056cf4dedb2af5d31397a2179b18ff2f1ed092a5

  • SHA512

    f4b328d0ee02b84b30bee3d31cee0e2bdfe3421b79dbe1183714c82a961d36b8262bbfbe85c29f67c874ff13d4b1a5a696a2f5a56958bd329f3ca1103c5a9d02

  • SSDEEP

    96:Cj4YP27U7U2Ot/Xnt6q2NqNR1x6+v7Js722oqH42AVcwhqyqx64NdiINzyL:tDsOlt6q2NqNdVv7JsadqH4DKgqyqg4m

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\StardewXnbHack-develop\StardewXnbHack\Framework\PlatformContext.cs
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3052
    • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
      "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\StardewXnbHack-develop\StardewXnbHack\Framework\PlatformContext.cs"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1476

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    4a5a22945ff028d0a9f7457b288c9818

    SHA1

    e0eff94760bda2a52f5cb375ee436866dcc95702

    SHA256

    63c20af1a42a0b5e74b76607ca2b5ff3909eeb275b90943479b81805055f5295

    SHA512

    3030cfc7962b35f56cc4bbab581022da99834c3cf8299e78c3f70aa722ee629f77267502f513d24d163bdd5927996607d61226d16b2975789061ba2d493370f4