b5260e3888677db1cd32ae9a7da3379f890f3c59069038061546622cdfb1f33a

Analysis

max time kernel
16s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
24/09/2024, 04:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ps3-disc-dumper.exe
Size

212.3MB
MD5

0818e8346729b0f2ca5bb3bbd669b515
SHA1

6171689f73a26dbf863d3e3ffb239efbf4b6b1c6
SHA256

b5260e3888677db1cd32ae9a7da3379f890f3c59069038061546622cdfb1f33a
SHA512

f3e11edb4717a3ba5e386cae9f0fbf99575709ee01341c7d374ce7baeac4c833a987d12c848cdbae739307fa5a9fd1014df0ddfe40800b76631d637cf53d55f6
SSDEEP

1572864:vPKNO3mSgfkCKqksYoE3ySRYrDKXbGg4x27qrG:vSNgkfXKqkT3yaY87qrG

Score

7^/10

evasion trojan

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1468	ps3-disc-dumper.exe
1468	ps3-disc-dumper.exe
1468	ps3-disc-dumper.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	ps3-disc-dumper.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1468	ps3-disc-dumper.exe

C:\Users\Admin\AppData\Local\Temp\ps3-disc-dumper.exe
"C:\Users\Admin\AppData\Local\Temp\ps3-disc-dumper.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of FindShellTrayWindow
PID:1468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\.net\ps3-disc-dumper\mpiP_DsCFAyrLZVflEECQAwgf+QGOHE=\av_libglesv2.dll

Filesize
4.2MB

MD5
0c6d7ef9f90b40fe51e67a2ff9f38244

SHA1
d6cbf5d5b9957028d75d2456f1209b2454072367

SHA256
caff1be1faee32f7c5bfba9162ee617c347aad40772caa9a1aff794e3a191420

SHA512
b4cf85ea6be1c8528bfa6126a81faf44132b6978a07cf01af729f68807c7db6ae16fe71eb74135c9db9fe7696094d89330a94217c953b2ee5cce9be4a4e33373

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\ps3-disc-dumper\mpiP_DsCFAyrLZVflEECQAwgf+QGOHE=\libHarfBuzzSharp.dll

Filesize
1.5MB

MD5
c22de44419d1a1f1aa059f451fc59016

SHA1
cff7fc6071b8ccfbaea2ad922071f243d265afea

SHA256
ef5923ef4cdc8612c1825b294174b5b8cc8a056ed0f06b58db56aabc56aaae12

SHA512
12f93c7d4548c1c20288d9fd1b2b1b3dd0dec7c1a0c9b12f7f2c1b8045cfbbbd1256e39112f7296c83f93bc6c8fad45390384cc80087edeff46e9d125e3bcbba

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\ps3-disc-dumper\mpiP_DsCFAyrLZVflEECQAwgf+QGOHE=\libSkiaSharp.dll

Filesize
9.0MB

MD5
26d723bd75b5c6591dfde18b71281920

SHA1
47c05d42af2968f83877bb9cbf744c938489f466

SHA256
2ca940b7c4621ecd27d2f07c5f46fafa0375f493692cd4e6e1e66c07fbc8109a

SHA512
90bbdd48588616177354402b91a3fac363f8eb7959af570e6cee1174eeab950077b71ed47645262daf0957ced5b90b3aa5a7146a5d04d52b5c7975a5d31c5ef7

Download Submit