2da2959a0b41a86a50b3ca17b6dd9883e804a6e78dbd0d5076d9bf65d85d0765 | Triage

Sharing

General

Target

Black_Myth_Wukong.zip
Size

11.0MB
Sample

240906-jcmststepp
MD5

95a7ee1357f299378730402369d0711d
SHA1

630c8aab2cc8022a42a27676955b0a6d8690da1d
SHA256

2da2959a0b41a86a50b3ca17b6dd9883e804a6e78dbd0d5076d9bf65d85d0765
SHA512

64630caa52229fa90376cf260bb1b6c75469c5cf80dc9ba4c1f153372e88c0aea4fbdd428ee062a427ebf454574072fbe0575f9f4327ecf5caa976bb56ea82e6
SSDEEP

196608:HeTGBPA5wJdfVpjPnR4zJTcyBaiV9BeVUggz0w+ZQU2BPS5qzS4ax77GTWCc8ehB:HhPHJZDR4zJTPB3edQgiU2BKLzx7KTW3

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  ControlzEx.dll
- Size
  
  181KB
- MD5
  
  2d5035cb5a3678f2c2f5a889bd384813
- SHA1
  
  9c4a669a30a4bf0e27d5b373919c3f6017c8ec4b
- SHA256
  
  424cbe8f24a62c330149dbe0b80e214a984950c3b79b067058671608229fc2ed
- SHA512
  
  fda0592126c9b9835380457e1f55d984cd5fc7649be172a0de17006e60d05687fbd5454a5b3adceb4497f6bc7a780d15dc09b70fd642f2db792571e996c8f56c
- SSDEEP
  
  3072:3E0E4PCRvy5/ixiBU33nC0bZqSSvKKy/f1SV666AjwbbHyH6engMHdFtp04M9Y8e:3E0E4Pyy5/ih3zbZqSGy/fk96e9Ftppn
Score

1^/10
behavioral1 behavioral2
- Target
  
  Hardcodet.Wpf.TaskbarNotification.dll
- Size
  
  66KB
- MD5
  
  d5d708e9e7625ab2c4ac1c1faa099350
- SHA1
  
  9436c35fb72c4fd0ae1420effdbe5a8a14326077
- SHA256
  
  f6fadf0375d22512b2b3f075362433c0de173adfb290b4d8999cdcb7acedb0b2
- SHA512
  
  0321bbdee6a11275fd0f86696e0b244ac0415ca5cb64cdd0230bfee028e550587929c5d03402740307fa7b5370532d2e3c044b85838489a72f29ce1748fc093d
- SSDEEP
  
  1536:KfgDdceepOS3u594ww89rRwjwPxvjLbPxHZ:KfgP59Fw89FwjgxvjLjx5
Score

1^/10
behavioral3 behavioral4
- Target
  
  Languages/Korean.txt
- Size
  
  1KB
- MD5
  
  afc32ec2724c3b4554ddd3a3b57621b7
- SHA1
  
  02d79933d2117675a8cd88021c0157fd4fb4088c
- SHA256
  
  5b51ffce65d7379e1b3b9c35319e8e699e0834bd2b89723a386364bfa7cbd0c0
- SHA512
  
  d6b745f4b69affef096a432f5ffd25886f55fe55d786a7a54a3396af89a87f0dd970d8b22fc8ae2d7e39b434977336e3ebbe42bc22d10af69047fcc60c03e0d5
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  Languages/Tamil.txt
- Size
  
  2KB
- MD5
  
  ec09cbb57a677f1ba3a9654dea22f6df
- SHA1
  
  b384c3a58a360fdc4a30adbdf4694356beb2ab40
- SHA256
  
  9ef41626a091f86039659c3ce88138b507935c86e48897a845b4503b09aca174
- SHA512
  
  3a18f58930dd9c189bb8e58c3b1e6bbe75d51106724670eaef22fd0fb2bf64f74cff74dfabdddc1ac0fd052a19d633232879f23f80838484485327942aec7beb
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  MahApps.Metro.dll
- Size
  
  1.1MB
- MD5
  
  7d12c36f4d457bf6b3b82b6965dd34f4
- SHA1
  
  1e9d123283615ae766b363ff9e910d831b9a9cfd
- SHA256
  
  c7a319bd7d3ec7146b034bb663278299c9c0b0d8ead6fc64beb9e01a4f78c8be
- SHA512
  
  bd714bdcf69dd9a389b770dbe013e7a9df37a819a62348c1177ce7b66734739dfa0288508ce5a42fc4f925b029566321c28fb7f7b777b16df0c7c2685b74db30
- SSDEEP
  
  12288:TvnycWGN57IWnvQ9vWKNxV/FZLv4IS7gG2QiH+:Ta3+5UsQxV/FZLv4IS7gG2QiH+
Score

1^/10
behavioral10 behavioral9
- Target
  
  Microsoft.WindowsAPICodePack.Shell.dll
- Size
  
  552KB
- MD5
  
  18a46202a1636b985208e2183d756617
- SHA1
  
  7f8d0ca687ac82067d7a79c011a2688336b71b82
- SHA256
  
  513d386fc084ad355d1a8668d8b4e43cc3b21f135ac3eabbc6b96adeb3ee9e84
- SHA512
  
  70420dd03f338201801afb0ea2742bb08cd860192503906734de7306d1349a5524a12fc45c84dfa2e38f1178c3ad62a8656a9bebcb2bb5b9ff02f0f5543ea851
- SSDEEP
  
  6144:vtIgLGv5WBfXkYlsL/Nz++R1yji08n3uzxRQKEPmBm9C5vEx3tcQ8Vub8xPtwZEH:nz81Dn3GQ/9C58x3tWXH9gvHYF9
Score

1^/10
behavioral11 behavioral12
- Target
  
  Microsoft.WindowsAPICodePack.dll
- Size
  
  125KB
- MD5
  
  ace419174e1e0c792d028f25f60d6e5f
- SHA1
  
  5325579a4d960fc09c359c2ec7f2b03a27a9a698
- SHA256
  
  90d56b0a1c7e631e5a12985f9b7cc943a1ebc31e40ec53d56dc9149bba74ba24
- SHA512
  
  53177394027846161c296a25527f266814157430c8620e474ab1c2f6b2b54f7c401a4db087ea26af7e854ed07a006413e99f0384e06b1b4b194acb61981c5542
- SSDEEP
  
  3072:QfBa6TWUNuRhicznzcSZRazyDG43vjyMcnFlizejgxKmjkx7:VUNuZjAI+mvuMOj9mjk
Score

1^/10
behavioral13 behavioral14
- Target
  
  System.Windows.Interactivity.dll
- Size
  
  61KB
- MD5
  
  e991d47605bc04629af29939ac2cc9b5
- SHA1
  
  70dcb9c81d5c8351d19d3a3fbc5530085ca8faff
- SHA256
  
  eda12487c479ff31202a3c60f88f1f0e2bf7392919099315d0d951683f14609c
- SHA512
  
  25355edf41f7e08b1a725a920fcab7c04d4c91c3c015a8a9ab6c7d1224b5f3f83baa81f867167369ae91a8f11f317e9a3a1092348ee4e44f89dd8b086a67f2ca
- SSDEEP
  
  1536:23wBccZdxuB8mQen6JxKjrlMZgR0Eo1jwPxb/JjAPxH:wcHmQPUk1jgxbBjwxH
Score

1^/10
behavioral15 behavioral16
- Target
  
  YLLibs.dll
- Size
  
  36KB
- MD5
  
  3744d4fd7ba093923174696b56d05f9f
- SHA1
  
  f5ce183eae50c86baae034aed1ce11c0ad15fecf
- SHA256
  
  3101a828d70c878e777a15ebb522b6a2f82e30fb2217ce66df0f161a57656301
- SHA512
  
  2269e1b99f2998accb13a23f55806a636edfe374ab14ffbe93eb653868b935b83ab38c998905e8878156f96b4f2c85c18bd61fb374c9079eff5fba7cf6ec9800
- SSDEEP
  
  768:3/ImTZNNBGXjO9hwjLZEJPx4SjL8PxWEY9iYX:pT/u6wjwPxvjoPxm
Score

1^/10
behavioral17 behavioral18
- Target
  
  [Black_Myth_Wukong].exe
- Size
  
  376KB
- MD5
  
  a8bc7fb55a324f1ba1c7807b7c1c4f29
- SHA1
  
  9286664648e7629ff1cc35ca030e22a45a913c9d
- SHA256
  
  f17b6dc2f1dc25b982d1d3da8601121a1f21e16be3fe406d3cff62100cf7562b
- SHA512
  
  726d8dca09ed5173f17a7c271cfb8faf6e83547390a55c7afcca6213c25da0e5f55599616b65b297ddaf606d0c2194ef98e9df9a45490950f23a0a3c9bb1d534
- SSDEEP
  
  6144:CNwt6ykfy77nrjTPhSVQBFD7sxBUXEe9OmGC0GoOwwmVQBFv6jOjK:CNwz3nrj4QB97sx0d9OmGcwwyQB1OyK
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral19 behavioral20
- Target
  
  wdmode.exe
- Size
  
  574KB
- MD5
  
  42badc1d2f03a8b1e4875740d3d49336
- SHA1
  
  cee178da1fb05f99af7a3547093122893bd1eb46
- SHA256
  
  c136b1467d669a725478a6110ebaaab3cb88a3d389dfa688e06173c066b76fcf
- SHA512
  
  6bc519a7368ee6bd8c8f69f2d634dd18799b4ca31fbc284d2580ba625f3a88b6a52d2bc17bea0e75e63ca11c10356c47ee00c2c500294abcb5141424fc5dc71c
- SSDEEP
  
  12288:myyKdVnyNhXCV4EkP7AIfzNXZ0b5NrnkcAqIV0A1caRI:mKvyNhXCV4E8BXAfrnkcAqU0A
Score

3^/10

discovery
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22