56cae288ee86c68d1bed935233f73d6cbfaf241bc8278b1b967128d29e1f0f9c

Analysis

max time kernel
141s
max time network
41s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
15/10/2024, 00:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PlayGame.exe
Size

506KB
MD5

76353f66cb6cb640a162c88f717f9201
SHA1

64da2b5e5b1386ede25627479702c3b617624633
SHA256

3ef48a70f5bc9ac34fbacc0add53f11c1f627e90da8a7d75a41ee7117ce32121
SHA512

25e8a53c93167ed7fd0e97670af40a682aa3f5bb77b0f8d11718b95c6b80156395da7f9bbb332b76938aa631524a469f1cb41e1c1bf60b370f54306c2fe06b95
SSDEEP

12288:MrnkzL6RcJq3U+LKyB/AGBZrTBSn7q8G8luor8S+mGv:MoQcJj8KwBSn+Iw3SpU

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PlayGame.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	PlayGame.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1684	PlayGame.exe
1684	PlayGame.exe
1684	PlayGame.exe

C:\Users\Admin\AppData\Local\Temp\PlayGame.exe
"C:\Users\Admin\AppData\Local\Temp\PlayGame.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\load[1]

Filesize
68KB

MD5
4cd4b704684bd716725a7100fac7f672

SHA1
50f49f765bb1fa096fac2554dee5294d7ae707dd

SHA256
7530c8d6745b2af45b321140bcfbea973786976906a1f5285bbebba9b924aeb8

SHA512
3d694f98773139d2a4394a71047c9941bfe1b8b4f7a06d9d854dccadef8c8dab59e3e00d48d80cba1919044e9d6a9a3053ceb139bc30da48b11dc906c527bd8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\rungame.ini

Filesize
402B

MD5
99b69a44ca0ee4ad0bc948a13c76bd2e

SHA1
afbe7e60acad4177787fbeb2bbfb77ad6ee12c12

SHA256
aae2999586cbc32d28a3b0cf7a6ac9fb2b1b674edaf153177b014e5df9e54485

SHA512
53dcd03e4881de23b5048b367ef8215a471f5f0910c2fb339d4bea9a6d1b83449cb8dc74cd857d839d5a632a2be783c3ece8fcc784a3dc5d9ab44445afbe3c92

Download Submit
memory/1684-0-0x0000000000400000-0x000000000056B000-memory.dmp

Filesize
1.4MB

Download
memory/1684-1-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1684-12-0x0000000000400000-0x000000000056B000-memory.dmp

Filesize
1.4MB

Download
memory/1684-14-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1684-19-0x00000000045E0000-0x00000000045F0000-memory.dmp

Filesize
64KB

Download
memory/1684-23-0x0000000000400000-0x000000000056B000-memory.dmp

Filesize
1.4MB

Download
memory/1684-24-0x00000000045E0000-0x00000000045F0000-memory.dmp

Filesize
64KB

Download
memory/1684-25-0x0000000000400000-0x000000000056B000-memory.dmp

Filesize
1.4MB

Download