1f8af397e46ca3a3af91872a4d6e49d21deff551be2b19f0fc085c646e4380e1

Analysis

max time kernel
140s
max time network
126s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
10-09-2024 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Project64KSE.exe
Size

832KB
MD5

a212cb31ba4f96367c11c8c7bdb25611
SHA1

beaf115a2ae4a05f3f5713d3c7c9b21127113f54
SHA256

18d9263bf9578f492e9a299f3fc9f38d15ff0b5ef3dad1f99b1f28a7ab145524
SHA512

b072530cee7d7871d31105dfaa7f8c38cbbd990dd654a1958f5976a8d4473561ff37ca6c453a083ca1aa3a797166d8221fb17e2c57198f624b8c4189d6b11c8f
SSDEEP

12288:yuCLAt5VYrXiMjydmYXqXl1Sg4dU/XdeSWSQaBaxR4o:ynLAt3YryMjydmYaXlSdU/jWRoax2o

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

Project64KSE.exekse-launcher.exepackage-updater.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Project64KSE.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	kse-launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	package-updater.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Project64KSE.exe

pid process

2684 Project64KSE.exe

pid	process
2684	Project64KSE.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

Project64KSE.exekse-launcher.exe

description	pid	process	target process
PID 2684 wrote to memory of 5744	2684	Project64KSE.exe	kse-launcher.exe
PID 2684 wrote to memory of 5744	2684	Project64KSE.exe	kse-launcher.exe
PID 2684 wrote to memory of 5744	2684	Project64KSE.exe	kse-launcher.exe
PID 5744 wrote to memory of 2364	5744	kse-launcher.exe	package-updater.exe
PID 5744 wrote to memory of 2364	5744	kse-launcher.exe	package-updater.exe
PID 5744 wrote to memory of 2364	5744	kse-launcher.exe	package-updater.exe

C:\Users\Admin\AppData\Local\Temp\Project64KSE.exe
"C:\Users\Admin\AppData\Local\Temp\Project64KSE.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Users\Admin\AppData\Local\Temp\Tools\kse-launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\Tools\kse-launcher.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:5744
- - C:\Users\Admin\AppData\Local\Temp\Tools\package-updater.exe
    C:\Users\Admin\AppData\Local\Temp\Tools\package-updater.exe -c
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Cfg\locale.lng

Filesize
20KB

MD5
edf65e910f0ea988e29edd85fc33eedd

SHA1
f88a4a2003f2b75a47afb0c78d81af98c319a7ed

SHA256
671493510f4984e10fa2a37a510813d1823e4e4bd155ab5eb5ac430e36cac69d

SHA512
6a9e252b48e160f6971f3b71b9557282cf1f6da50b0162d0470a71c6b19f671c3659be430da3f0e384459b2ee9e70afab8c78186de697e04df6578441e7e6fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tools\user.cfg

Filesize
46B

MD5
e6b1cc7e0a19a1e0f8992e2cb6288d6d

SHA1
1b6e0c8db34fd584196651f729d77b00a667ec83

SHA256
ebd49bd08846fed579cfccebc1a115f14807e3d0da52e20693fa8efb6373b790

SHA512
d79dff26692c0fd99af96049365d3fe6e3fe8aa0b245155f6afc3ac8627268879cd0c17e8b2c63557a85f3b4142f078b0d9611f01085ae8386a2bcbf314ff28a

Download Submit
C:\Users\Admin\AppData\Local\Temp\package-updater\project64k-legacy\project64k-legacy-latest\Plugin\defaults\AudioHLE.dll

Filesize
68KB

MD5
ee54e5d42f2d9784506c37fdc235ae5a

SHA1
7ac1b10156c5cd6f3b9f7d7207970e29d23a12be

SHA256
05716607aaf34816077625a76a08e8176d69cb12d657edd9cad3ee50e1e44644

SHA512
5238f468ae7c75b839b95e34178f6d3f2783466970ed91663d1722691bae0125f81ba66965e9363e36d25660f4ce59ed3b6f2191e44112fc72ea733948888b6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\package-updater\project64k-legacy\project64k-legacy-latest\Plugin\defaults\GLideN64_40.dll

Filesize
10.5MB

MD5
79a554135880c25dc01e30c81361d0ba

SHA1
28091d283b2a11e68132164a31aad25ddafc7526

SHA256
8bd416db8218c35a8c29ffff2fffa6eb8a40c2ad817735a1b0d9f0950c8b432f

SHA512
0b76e277e82ac057c92db8aaabf8e7fa3c273370248dbb4838457595121b167b9a76d2a10834c8faf49a479ff5f4a2b4e40e2abd137f250f83952f8f9859f515

Download Submit
C:\Users\Admin\AppData\Local\Temp\package-updater\project64k-legacy\project64k-legacy-latest\Plugin\defaults\NRage_Input_V2_23c.dll

Filesize
148KB

MD5
fd98e6c7b9ccc4d2396c8d59d6ab07d3

SHA1
80edb5e58fb19875fcf6f552fe1ae1a5910ccaa7

SHA256
aba8f1317f0695988c86c93a7ea153d2c0371d032dfca3d02385353be0578bc1

SHA512
0946a4692bfb385c5f04752266a1f6b2baff5f6928df4253cf8d77a8783423dfa48ec4d994e5c1f7daa6f7b9b7b6e17827ffdb22557b9bd706fe197cecba6488

Download Submit
C:\Users\Admin\AppData\Local\Temp\package-updater\project64k-legacy\project64k-legacy-latest\Tools\updater.cfg

Filesize
11KB

MD5
04fb0122fa96c5a21f8c37a1a4035eec

SHA1
11cdf0de77c977e7a711b4a04c40e04318d09298

SHA256
19f6510d0f28b99b80d52180d1f217cac17592a1c22bb894bbcf9e127c8b8123

SHA512
ed55c40cc909899e28d3ba9d731abedd001ebdc09be5793ca7c54af5ca6fa994fc9f2cf024c738561450284be9008cedf11e49ebcab37418468b4937ba9454c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\package-updater\project64k-legacy\project64k-legacy-latest\Tools\updater\cfg\base\pj64.rdn

Filesize
56B

MD5
626ba5e37f42f28548ae1ffefd20dd7f

SHA1
ff9c354c29b6cacdc29a18904fcc8b1fb963f782

SHA256
b135451a13c38b9209b1bff0dc2b91e3525bf1937a6418267abfdb409b89806c

SHA512
0dbdaa5310c586f2dbb3608576b8f9863592ccde7e04bdb056954f71050cec1d45c127858cfd505558171a1a6af3b35343d4a1a8af9a73e0418201c7d808aa94

Download Submit
C:\Users\Admin\AppData\Local\Temp\package-updater\project64k-legacy\project64k-legacy-latest\Tools\updater\cfg\base\pj64.rdx

Filesize
56B

MD5
413b4f73a26f5de3b762ffaa325a119f

SHA1
b18aa28354a9102c625e0b106c7122b469c9605c

SHA256
223910381490fcb41571f269fd9786b9ddffd20cf47bbd0f055f6a11a651fe30

SHA512
94445cf9f4169310707f0a9639b056784f136d06151fd146e561372708ed568a10625d42e4276aed6a50682d004212079069570a7ab6ece6ee315a7738bc12dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\package-updater\project64k-legacy\project64k-legacy-latest\Tools\updater\cfg\base\tools.cfg

Filesize
1KB

MD5
064b0bea7fae7b6a3771ab18ec7b712d

SHA1
c1556db1818fc695a908072a4c074c63e469ee93

SHA256
31c074a9db64e96e1f942fcc7fc94eb05e94f82b57513797c411b2355b831785

SHA512
fd763a671185a894bd50a3ad5270137a26e8f0959061606a96f2fd84dce00c52467a5720297dba76a8752ade51a91c7981edcd31966ffcde716cdc2ae435cfd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\package-updater\project64k-legacy\project64k-legacy-latest\Tools\updater\cfg\cheats\bean.cht

Filesize
308KB

MD5
24719df99a945bdf0785c2f0b021e0ba

SHA1
75228af6d72c2892bd1952765554e664f5099e37

SHA256
0654deaeafbf88513477962770c402af25a67c64ffc4bf83f9e09f418d847a1f

SHA512
b55f36e6bebc9bdb6d8a59873613e9dc6adbd77cbede03922b7d368481683fb3384cff096d4ae021bb21f8da27f4890ecc5b1115a29d43ac832cd3fbb07974c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\package-updater\project64k-legacy\project64k-legacy-latest\Tools\updater\cfg\cheats\gent.cht

Filesize
32KB

MD5
690387f839901b8eb7e27d611b83b25b

SHA1
d622138e7d347dcd46319bb917ae48422a5c1121

SHA256
6e39ed21c209fe023111556bac724a8e86aee1f8eb610a87b1958554c3e353c5

SHA512
7ed78bc4dff37a1a32adf4c3271f7cd480366a7082f854f1bf5099c879edeee0a8784e997bdc070b00623125187a1963cfff2d08c8b1b28192834e1d363026ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\package-updater\project64k-legacy\project64k-legacy-latest\Tools\updater\cfg\cheats\pizza.cht

Filesize
298KB

MD5
14425b5f0b98724517f93dbf26cd4135

SHA1
da9d3d4ac9139e970446afc5a01b3972b4c6ae6c

SHA256
54e5e0e50388d61eeec03567f7a0f24055e7da3120db7323cf4974d72c7fafc5

SHA512
6ef9d3a2f80787eaab7bb4bef609d0c990c06176df2a46346ac8ee7b7b98594bf053048222cd7ef6d38de815bf980bc9aecc8010c71615cc7cd58e4f396b01cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\package-updater\project64k-legacy\project64k-legacy-latest\Tools\updater\cfg\cheats\smasherx74.cht

Filesize
3.5MB

MD5
96350efaa1729523da24c8904e574b05

SHA1
6c311dcfdb78b424bec67378750b765896c7c7e6

SHA256
248bf2d237f02519e83577a5b92a34c78ce1e07015cca755b129fb1b4e02023d

SHA512
9f1b0b391523c678d0ad0094cd436496265d9751330155c909fcd78d61378d6a5025527a4c73b865b8a4aa9f850692892f91c167337c43503665ffb2ec00ac11

Download Submit
C:\Users\Admin\AppData\Local\Temp\package-updater\project64k-legacy\project64k-legacy-latest\Tools\updater\cfg\locale\welsh.lng

Filesize
4KB

MD5
a44dfb7a15727b90e748cd51ec05ec8c

SHA1
2e218050736484422b9d304dda8bffb6f284d0e0

SHA256
7e9af762a4d617ea6d4cc1f006a69e767e9ef7b5b82064e659646de823530025

SHA512
20b4573c2259760aedde295fa6bf64d8543afca5c9ce56dca996578cd44bf8f33cf6e69e3df89bf6b5c502dd9a2a04720fbf1552a815e3399e43573877328790

Download Submit
C:\Users\Admin\AppData\Local\Temp\package-updater\project64k-legacy\project64k-legacy-latest\Tools\updater\plugin\base\GLideN64.ini

Filesize
4KB

MD5
45d591405f063d5fbee747ba6723ef46

SHA1
1a64a9ad0206e643a4f623843d7ea66da90c3b34

SHA256
d20853b4f1fd05a28781fc855d94d49d165c5ed24b4427e0088b5624023683bb

SHA512
a3b1ad5c15bfc47344aa3b263695e9d7df69c2d1230397ab9dd684220b1b9c445ac2c7bb1f0637286ad4d7c613f277e18e0248d30a2ef0dcdead1fbd5506bea7

Download Submit
C:\Users\Admin\AppData\Local\Temp\package-updater\project64k-legacy\project64k-legacy-latest\Tools\updater\plugin\base\GLideN64_20.ini

Filesize
1KB

MD5
441b251ac1fa83fb534640c9760e024d

SHA1
140aaf8c86bd087055c1820be3e112ec5134536e

SHA256
cfa9a4d8de81e69a344fac0d2ba89a88583491053862baf9160928a4f92e9f09

SHA512
604df1b5635ca43e88416430818715830360716ddc4cdbb2bcb50430d4685a1b926d1c30dfd72641759ceffa79219f5c535748751cc54e70331be492712c45d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\package-updater\project64k-legacy\project64k-legacy.zip

Filesize
32.7MB

MD5
654b188f9014436374a0336cdbaba603

SHA1
e5931ba52e76b64c164ac0e9990b37a842649394

SHA256
1f8af397e46ca3a3af91872a4d6e49d21deff551be2b19f0fc085c646e4380e1

SHA512
5495396380ea2e7846bbe1d1ef0ea19be9714d85977c637bbd290509d9acebc7804b390f20e284611dd0b2ff8d31d67a951e90679746b3ff103ae8648f8994d2

Download Submit
memory/2684-1724-0x0000000006A70000-0x0000000006AEB000-memory.dmp

Filesize
492KB

Download
memory/2684-1706-0x0000000004620000-0x0000000004700000-memory.dmp

Filesize
896KB

Download
memory/2684-1250-0x0000000004080000-0x000000000409F000-memory.dmp

Filesize
124KB

Download
memory/2684-1718-0x00000000047C0000-0x0000000004832000-memory.dmp

Filesize
456KB

Download
memory/2684-1726-0x0000000006C50000-0x0000000006DCE000-memory.dmp

Filesize
1.5MB

Download
memory/2684-1729-0x0000000007A90000-0x0000000007B71000-memory.dmp

Filesize
900KB

Download
memory/2684-1404-0x0000000005BE0000-0x0000000006A70000-memory.dmp

Filesize
14.6MB

Download
memory/2684-1251-0x00000000040D0000-0x000000000411B000-memory.dmp

Filesize
300KB

Download
memory/2684-1727-0x0000000006DD0000-0x0000000006DE0000-memory.dmp

Filesize
64KB

Download
memory/2684-1725-0x0000000004970000-0x0000000004994000-memory.dmp

Filesize
144KB

Download
memory/2684-1242-0x00000000035B0000-0x00000000035F2000-memory.dmp

Filesize
264KB

Download
memory/2684-1185-0x0000000002410000-0x0000000002492000-memory.dmp

Filesize
520KB

Download
memory/2684-1723-0x0000000004960000-0x000000000496E000-memory.dmp

Filesize
56KB

Download
memory/2684-1722-0x0000000004950000-0x0000000004959000-memory.dmp

Filesize
36KB

Download
memory/2684-1721-0x0000000004930000-0x000000000494F000-memory.dmp

Filesize
124KB

Download
memory/2684-1720-0x00000000048E0000-0x0000000004925000-memory.dmp

Filesize
276KB

Download
memory/2684-1719-0x0000000004840000-0x00000000048D9000-memory.dmp

Filesize
612KB

Download
memory/2684-1717-0x0000000004750000-0x000000000477E000-memory.dmp

Filesize
184KB

Download
memory/2684-1716-0x0000000004700000-0x0000000004741000-memory.dmp

Filesize
260KB

Download
memory/2684-1252-0x0000000004120000-0x00000000044FE000-memory.dmp

Filesize
3.9MB

Download
memory/2684-1089-0x0000000002A00000-0x00000000030A2000-memory.dmp

Filesize
6.6MB

Download
memory/2684-1383-0x0000000005B40000-0x0000000005BD6000-memory.dmp

Filesize
600KB

Download
memory/2684-7-0x0000000007060000-0x00000000070A7000-memory.dmp

Filesize
284KB

Download
memory/2684-1249-0x0000000004000000-0x000000000407D000-memory.dmp

Filesize
500KB

Download
memory/2684-1245-0x00000000037C0000-0x00000000037DD000-memory.dmp

Filesize
116KB

Download
memory/2684-1244-0x00000000037B0000-0x00000000037BB000-memory.dmp

Filesize
44KB

Download
memory/2684-1243-0x0000000003600000-0x00000000037A2000-memory.dmp

Filesize
1.6MB

Download
memory/2684-1248-0x0000000003FD0000-0x0000000003FF5000-memory.dmp

Filesize
148KB

Download
memory/2684-1247-0x0000000003F40000-0x0000000003FCC000-memory.dmp

Filesize
560KB

Download
memory/2684-1246-0x00000000037E0000-0x0000000003A0E000-memory.dmp

Filesize
2.2MB

Download
memory/2684-1241-0x0000000002690000-0x00000000026AD000-memory.dmp

Filesize
116KB

Download
memory/2684-1240-0x0000000002660000-0x0000000002678000-memory.dmp

Filesize
96KB

Download
memory/2684-1239-0x0000000002620000-0x000000000265B000-memory.dmp

Filesize
236KB

Download
memory/2684-1238-0x00000000031A0000-0x0000000003271000-memory.dmp

Filesize
836KB

Download
memory/2684-1182-0x0000000000D70000-0x0000000000D82000-memory.dmp

Filesize
72KB

Download
memory/2684-6-0x0000000007060000-0x00000000070A7000-memory.dmp

Filesize
284KB

Download
memory/2684-1175-0x00000000030B0000-0x000000000319A000-memory.dmp

Filesize
936KB

Download
memory/2684-5-0x0000000004780000-0x00000000047B2000-memory.dmp

Filesize
200KB

Download
memory/2684-1730-0x0000000007C70000-0x0000000007E93000-memory.dmp

Filesize
2.1MB

Download