4c9acf9fa885bf772564bfaa6771b776b45d0e8daa3ce0bf89b05f4d87085686

Analysis

max time kernel
89s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2024 00:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Burst Royale 0.9/DirectX/dsetup32.dll
Size

1.7MB
MD5

0f58ccd58a29827b5d406874360e4c08
SHA1

ba804292580be6186774e7f92e6dfb104e46bf25
SHA256

642d9e7db6d4fc15129f011dce2ea087bf7f7fb015aececf82bf84ff6634a6fb
SHA512

3e3d4f2de5dc5addc86765a2f888487ea0c9ee0208fac60187ddaa9a2bfd73cfd7734836d32805fa43222470c8f6cb9a10e2a099aef72c67ad7c789096e57ce4
SSDEEP

49152:MjnIXtNeOOOOOOOOOOOOOOOOOiWeXiWeXiWeXiWeXiWeXiWeXiWeXiWeXiWeXiWq:YIjma

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Logs\DXError.log	rundll32.exe
File opened for modification	C:\Windows\Logs\DirectX.log	rundll32.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3192 wrote to memory of 3004	3192	rundll32.exe	82
PID 3192 wrote to memory of 3004	3192	rundll32.exe	82
PID 3192 wrote to memory of 3004	3192	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Burst Royale 0.9\DirectX\dsetup32.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3192
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Burst Royale 0.9\DirectX\dsetup32.dll",#1
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Logs\DXError.log

Filesize
186B

MD5
5c5a6a4e529b373adbbd1d60d4fad7b3

SHA1
3ef079e4bd7b49098f64a1f835f3f2eff2ee543e

SHA256
5d5a7d219ca679aa1c14ca735b08b1b57c248b78c9fcbe014f757ce09fd1efed

SHA512
f523d9a54148e23def3b67e8293149fe0809c82b43f02ef067d0a1b6f25d08181f6a199bd9fb83358f2605cc1eea08705569d01ed68ad150b06b5e07fd095c30

Download Submit
C:\Windows\Logs\DirectX.log

Filesize
500B

MD5
8665a6ad9b0ea9687c6329cfb69f1b0a

SHA1
1c3e701649f6948b28c161e322a327524483c8fe

SHA256
b9c80d2329cd514c4089b3f0f7828962205a6e8b1c23e0cbddf7d68c140784a9

SHA512
ba0a5312e895753fe25eb6b10a2d371c1b72a67cf95f440121aa60f5c69e719956616b4e7ab03082c92368ddd12d04f67d8a18fd46cf8a853bf326ab927a4d9d

Download Submit