Analysis
-
max time kernel
120s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
25-09-2024 18:12
General
-
Target
Oblivity/steamapps/common/Oblivity/Oblivity_Data/GI/level4/7d/7dd7669427274c83815459e30760b2d1.rgb
-
Size
520KB
-
MD5
71f102cd91013bfa334ca30573afd62c
-
SHA1
90e35781e1fe09a032e76a7922608bf1aedb7b0b
-
SHA256
93d9208a42c5acc64c3255fc54cc80b43ba66f59a9cafa1b93187c18754d67c4
-
SHA512
3d414432f9c1123fcd4ab952c122f327290396808d9598e2c51286238a98c103833296b535fac7a25fd9b0454e9f8ebed228dab1d501deb8e482500647365af1
-
SSDEEP
12:beaIeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee6:3ne
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Oblivity\steamapps\common\Oblivity\Oblivity_Data\GI\level4\7d\7dd7669427274c83815459e30760b2d1.rgb1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Oblivity\steamapps\common\Oblivity\Oblivity_Data\GI\level4\7d\7dd7669427274c83815459e30760b2d1.rgb2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Oblivity\steamapps\common\Oblivity\Oblivity_Data\GI\level4\7d\7dd7669427274c83815459e30760b2d1.rgb"3⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5dd0ffea045243b9930b56e901096fee9
SHA1dce555fc4e43ece9c324f6bcdb76e60019664dc4
SHA2563ad0a28b3298ba7daf563dacfc2ecedb2145fd4ab9de45f81769775db03c21f3
SHA5122b04e65056f17da4a4f5ee48b91667def0b8f981d8edbcdf8b5ae62a6d688dfa362d8f9758800c7688022d98a2501d0600b46a1c636cd47e3b8b09cfef682a9b