Resubmissions

18/01/2025, 02:47

250118-c9zekazras 7

18/01/2025, 02:38

250118-c42mqs1lbr 7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18/01/2025, 02:38

General

  • Target

    Project Iconic V3/Console GSC/maps/mp/gametypes_zm/_shellshock.gsc

  • Size

    3KB

  • MD5

    e289dea45f8044ac853d5cd3654e45c7

  • SHA1

    f27eb079dbfc49e762511dd214281f1d43534eea

  • SHA256

    ace2b5fb4e94f262469ca99402a596e71037451be08cc8543ab05fb5484cb2f0

  • SHA512

    47d530cda194c947b526c5b9de92f0a4750395cc144e10be3612f259148551928c24e3b94bc3433f47fa787440a46d45971b6e1ef7b48da3b902023fd0e4bc7c

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Console GSC\maps\mp\gametypes_zm\_shellshock.gsc"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2728
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Console GSC\maps\mp\gametypes_zm\_shellshock.gsc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2620
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\Console GSC\maps\mp\gametypes_zm\_shellshock.gsc"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2692

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

          Filesize

          3KB

          MD5

          fed9ef4da221248c3fffbbac5a1d0f08

          SHA1

          8e3ba0ab0922b3c333ae4c28cc71241b6e974b36

          SHA256

          8fb33882a2ba051e73836dbc028e1efbf692cb3d7a848ab62519203c451f9c8b

          SHA512

          624f23576a277abfcf6aaf93a7a50202d92f0f679c5a1b69fd4ecac963861d776be80319498a0e2153721e43a8908ab6501481dd847ecb9408cc25a16c519859