Resubmissions

18/01/2025, 02:47

250118-c9zekazras 7

18/01/2025, 02:38

250118-c42mqs1lbr 7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18/01/2025, 02:38

General

  • Target

    Project Iconic V3/PC GSC/maps/mp/gametypes_zm/_shellshock.gsc

  • Size

    3KB

  • MD5

    799fa4f66d840a0bdeba5dc671cdaabb

  • SHA1

    21c1f94af91f0836e92ffabdb3c0740074ebb0b5

  • SHA256

    3bc3bceef9e03c11eb0960153f7c43103f2e3cf1ed6e8d7b2ac34a47d47a6036

  • SHA512

    0925105221125d60bca09362040992fe7ccf546f5e50ed089176f53d37362f61cea899fc6abe739bed61abc711c4b0b35f8e9985af461beb5e1afdc05c6ff0fa

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PC GSC\maps\mp\gametypes_zm\_shellshock.gsc"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2120
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PC GSC\maps\mp\gametypes_zm\_shellshock.gsc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3064
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Project Iconic V3\PC GSC\maps\mp\gametypes_zm\_shellshock.gsc"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2888

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

          Filesize

          3KB

          MD5

          21e2a30b1c56dab851760969f256e99c

          SHA1

          5260fa8592da56ba6c3f1121fdf2c4d5abceda72

          SHA256

          c4321f52b080b008bf60a9c3981d20ad81c116f582fdfd89a5395ab7c41c5dfd

          SHA512

          7f62fb57b2d71859321ce2b8dbde443e8559dd38f83f3eeeeda825bf6821cfa8db6b8cccfd451efb1e652bd56b659757786916cca62711067d2fbc451c357469