fc2cb33d4a9b11d1effc52e0281464abe87112b9b47378f1dee3ff728b5751d8

Resubmissions

28-09-2024 07:56

240928-js35ravdmk 7

28-09-2024 07:48

240928-jm4t4avaqj 7

Analysis

max time kernel
135s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2024 07:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

47.2MB
MD5

851eaed1e935b78977930ceaa82b87af
SHA1

cd764ca043df6413a375b9083218c7a4f89a8895
SHA256

fc2cb33d4a9b11d1effc52e0281464abe87112b9b47378f1dee3ff728b5751d8
SHA512

ba5143ebd4715a5a45afd783fa25dafb352a59aa86baeb1636dc41dd180e254854681b8357a493385a542ef1fce4393210781e9930479a5a3f49347dedea84cb
SSDEEP

786432:BJ2egoCZWRPnp5jLEaTl4BG9VZ4wIXPCbll33xPY7vky4K1rs9Iq48xFKfijSVck:BxGZ8pZLEaTAyIXPO3Bw7sy4K1eZ48xa

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4244	Jazz2.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Jazz2.exe

Modifies registry class 40 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.j2m	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.j2h	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.j2a\ = "Jazz2.Anims"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.j2s	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.j2e	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Jazz2.Video	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Jazz2.Anims\ = "Jazz2 Animation Library"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.j2m\ = "Jazz2.Macro"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Jazz2.Level	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Jazz2.Video\ = "Jazz2 Cinematic File"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Jazz2.Episode	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Jazz2.Data\ = "Jazz2 Data File"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.j2l\ = "Jazz2.Level"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.j2t	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.j2d\ = "Jazz2.Data"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Jazz2.Strings	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Jazz2.Strings\ = "Jazz2 Language Data"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Jazz2.Episode\ = "Jazz2 Episode File"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.j2l	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Jazz2.Macro\ = "Jazz2 Recorded Macro"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Jazz2.HiScores\ = "Jazz2 High Scores"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.j2b	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.j2v	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.j2v\ = "Jazz2.Video"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.j2e\ = "Jazz2.Episode"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.j2d	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Jazz2.Level\ = "Jazz2 Level File"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Jazz2.HiScores	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Jazz2.Music\ = "Jazz2 Music File"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Jazz2.Anims	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Jazz2.TileSet	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Jazz2.TileSet\ = "Jazz2 Tile Set"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.j2b\ = "Jazz2.Music"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.j2a	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Jazz2.Macro	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.j2h\ = "Jazz2.HiScores"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.j2t\ = "Jazz2.TileSet"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.j2s\ = "Jazz2.Strings"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Jazz2.Music	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Jazz2.Data	setup.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4244	Jazz2.exe
4244	Jazz2.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4244	Jazz2.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1728	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1728	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4244	Jazz2.exe
4244	Jazz2.exe

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3256

C:\Games\Jazz2\Jazz2.exe
"C:\Games\Jazz2\Jazz2.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4244

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x418
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Games\Jazz2\Anims.j2a

Filesize
9.2MB

MD5
b6b2b2511354e09cbc4fb957f12bf49f

SHA1
0362180aa245119ce9244cc162a3ef6defaf6ca2

SHA256
8437cc1d8f10e590d1eb63461d1bfe4b77eb9bc5593d78ac23417e81e375360b

SHA512
1d6d4553f86ebeef0a97fa12e610b8a8ff06ce141b53f7fb4514602bb92d4df88cc6e1089dede41b883ee8332789bb49305ca64c6b8365bcce8398251901e70c

Download Submit
C:\Games\Jazz2\BANLIST.LST

Filesize
796B

MD5
7668b7e4c6c00cc078f21edd03419b59

SHA1
26308c73e54866c1e2aa60bbef3d0a497e3a0d69

SHA256
3658d0ebd7cf1c86fd929f8b450fc6895e843c381ece722e84b344f177d9b7d0

SHA512
86618b7a26a93aee3ee0e01087f793e691202264f453fdcd92a6cf906fb2870787d900b51c77959505114e57522209dc3161c2d46f4a0c6d551545c3215f1239

Download Submit
C:\Games\Jazz2\Data.j2d

Filesize
1.2MB

MD5
e5521da053287c0c957d1198297bcb2d

SHA1
680dd3b6a8d0f0584c3230595f4382880777b359

SHA256
4195a9c904dc7f0716897243bb6638410b420b7b6cb030b56ebce09b75bbef21

SHA512
872608277eb4f7a0a8cecf31ab10f0beb98ea6a5876081e92628c6464e9ee61f09c6820778cb1cef2f31da0b223068f044d0f481c4ee83e6f37b9de7cc407f95

Download Submit
C:\Games\Jazz2\ENGLISH.J2S

Filesize
10KB

MD5
c90d6492858c0c106d6e93c18a63b82d

SHA1
8730afd624a2199459ee6ba5f1a24d047d28333b

SHA256
05e4e843e8044e3cff99355b8a7605a629482d4d95e6d753bd39defd1dc93f83

SHA512
f579821f6284f15c4895d79a56158505561cd58ab762eae096d412ee3d451527a81c04a9c7dba82d0f22c9e7550dec59386379a013ceaaa5200ce89aa5608449

Download Submit
C:\Games\Jazz2\FILTER.LST

Filesize
517B

MD5
20d9ac18a5f11129f17581c3fdcf43a7

SHA1
5ec701a3bcd955d5879d2d4ea6f9e64eb4fb6e03

SHA256
8fee21a4098a6d341083571bff4c97b95ead12e07d364887a69a7538986644b1

SHA512
69967a141e15433cd4cdcdbb8b67bd7dce2a2b864da40f86a16027a9ed49e665415bc7db5cf2960b0aaa06e9d0d15287d585c4ec1c7dea545e2877b264d0d8ed

Download Submit
C:\Games\Jazz2\Home.j2e

Filesize
39KB

MD5
a4b73584f5083e10995bde6fb4203fce

SHA1
63c2b49f3d8ae85cff88bc69a186a960e9c84245

SHA256
98a59de427a941eadbddaad5c624a8714d13a5ea1468e112dae82be0ce3dfcc3

SHA512
63221b61e6a20a5a3b648f406c796ab0cec2111ac84515120bc8f579150ee00ec9002bd15e8ed6ea5dacc342f0f273dda3ed91a7eef13fc1ec173991f1dc56b1

Download Submit
C:\Games\Jazz2\Intro.j2v

Filesize
4.8MB

MD5
6adfb21a9f6dd6db8a0f34aa68a02d35

SHA1
a701f52d7cb9b672e8b6b359c18a90da64c49053

SHA256
34819c25f55e2266d3debb0d70a70b64a6b84724b6eafff461648c4f68dcb89a

SHA512
3fc226f29943da5ec7a4bcc80c172819b753ebbcc28febed1c7421e3e8283495c41b3fab3707334efbf5482fcc816df7fcbcbed36a31b354a7bc81126273f72d

Download Submit
C:\Games\Jazz2\Jazz2.exe

Filesize
996KB

MD5
e9e39b75ded0b305703cf23e09eca972

SHA1
a38875d3fd075b53f0fc3d62e756ae9c79b48bc8

SHA256
d2ed97cb78921cc7f928414db6b194995f71396ddc0a6799f3772a46dcabd7e4

SHA512
6a63e924fe61296339d8d9a7928693ac7a6e4891eea1eda8687433f04b2918f57de5c5b734cd6893f95ccbc4715dcbf86484d64c5ad7beb0e544d396b1f8a069

Download Submit
C:\Games\Jazz2\Logo.j2v

Filesize
315KB

MD5
e93295170b634778c3516235fcce49ec

SHA1
facafe30bb1950a5a01e7f34cc67e1ea5e1d0f6e

SHA256
c159bdc254c53c4091e419720332c354d5b0a9af2fc7758e4f9aa9e15e535b71

SHA512
6b4788c3edaa62b8444ab28bea35def19e7f457a5044ae930d4e71df1a39b4b390b92a96a01519fe66e6b0482ed276be6a6ba3ee86abe6e82c7a0c806cb25896

Download Submit
C:\Games\Jazz2\MENU.j2b

Filesize
223KB

MD5
74d9a304dcb50d4afca8605f90858a16

SHA1
a0edf52b887564a2c85401d27bd3a1312f5eb7ec

SHA256
b667e398559d4e9faef82317463ef983dbd7cc2e6826d5600a1b664376096e90

SHA512
311480e4d8e939a5917d3d5de136ac01f75361c50769e999f50f544e8b93acadd0beac469c5b9af5a063849de21598ae2aad9225e9e9c35a4b56198a67e25d37

Download Submit
C:\Games\Jazz2\Order.j2b

Filesize
170KB

MD5
766710ed6a2bcdd65d01800761a67924

SHA1
a343bce5b2af4b31ed45405a31faa1d51be4d78f

SHA256
5e34305572c73192d465d94c7a945c4973a139ecbb30f991d07099bc4813cd07

SHA512
f52f9e161ae2726c57abc4a3f12dfa133667931307bb0bc3b3216cf7b12bf1e6c9ddfdc05ecb42bc425f207edf9e0b92351d3b315eeee2d3e7b8b1117e7a81bb

Download Submit
C:\Games\Jazz2\Secretf.j2e

Filesize
21KB

MD5
c6cbebffb694ad336bed4690a485ac22

SHA1
d77735c1bca6f6403f6f8889163f7417646e7325

SHA256
ed8d54551df1e9e5601bb4386e1838868ff0f3f5f67b7239ad369ac20cc392a1

SHA512
5c082ea9f39f71e99c11ca6aacc5c00c7784ac1bea8e3f8405b90048692c663d8acc2347694ea5ebf3e2f61b58d882bfcd4ca50bb7fc6cce3f125e6584bb79ff

Download Submit