Overview

overview

10

Static

static

3

Loader/Ant...sabler

windows10-1703-x64

1

Loader/Gam...Inject

windows10-1703-x64

1

Loader/Gam...meMenu

windows10-1703-x64

1

Loader/Gam...Status

windows10-1703-x64

1

Loader/GameDetect

windows10-1703-x64

1

Loader/Launcher.dll

windows10-1703-x64

1

Loader/Loader.exe

windows10-1703-x64

10

Loader/Upd...pdater

windows10-1703-x64

1

Loader/Upd...eb.xml

windows10-1703-x64

1

Loader/config

windows10-1703-x64

1

Loader/mainf.dll

windows10-1703-x64

1

Loader/mco...ig.xml

windows10-1703-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    142s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    15-06-2024 19:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Loader/mconfig/config.xml

  • Size

    25KB

  • MD5

    f34b330f20dce1bdcce9058fca287099

  • SHA1

    936520d5bb5c00a1985d7a4c4f0ef763a9031862

  • SHA256

    0c56e34c69124510fa8c19e7b4c2ca6c1c4ff460ae19f798dd0ca035809e396d

  • SHA512

    d6d4a8321eb44c117755a41a2590296be86a0568d27a5347f9d7f32f2d151d8f7e169675c83faed2dab5ad0f8d81858f8cd1167e439cd4bff7e68c243e3544fd

  • SSDEEP

    192:Bt074zTxASaKp3T7pJsPpPT8B13eeaVonGdEBMmhVbeyeTfWDBzmAwdavahmhNIa:LAMDp35JyPCCu96yJwgag

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 54 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Loader\mconfig\config.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1204
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Loader\mconfig\config.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4624
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4624 CREDAT:82945 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3136

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    4KB

    MD5

    1bfe591a4fe3d91b03cdf26eaacd8f89

    SHA1

    719c37c320f518ac168c86723724891950911cea

    SHA256

    9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

    SHA512

    02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    353d80880163e69df5b6056bd95c4c32

    SHA1

    78d105b9d4a87648135886f68ee548b8c3773e7f

    SHA256

    ebf1cf4b34ac839f419ca2cd197cac7935facf09ce3fb9b2ea56473adfa2e1d1

    SHA512

    6854a476e104ce370e7f1fc41ac5cc8415373fd46d1aa170104c303780903e1e24d5352ee91b0a551366bb33304bedcb60ad0e0168cfbc2e8ede5ab4a5915b0d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    338B

    MD5

    76859dcb6a2dcb201a7871bd4dff1dde

    SHA1

    1e3aa6d6759463a51a31ba3dfa75a09dbad4af1e

    SHA256

    777726a5b269b0bd5235a7948d6bce1db84fc6f21179a7c071b3f1afed5ff0bf

    SHA512

    19919531f477b7ad7140c9bfb352ad9cb2d70fa2875620c2e2e8093e81e08ebe8c93e28f78598db50dc3ee1c7f8f7d8b1c751e615550320c17b22f047b412ce9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    11931147cacf6860cbcad91d5ffb9a89

    SHA1

    9fe13d9cbc6decd5a825ae3654cbc66f0d7a2484

    SHA256

    dc67737579039f54038bd41c79498b44372acda11abf385a38bda3627a20dae0

    SHA512

    f8d9333cd6d73c7f7712e87aa1a546ffbade6f4abd2b2b5da76758b802dda2a75bf170fe5455097e1903f8439e3167b9a233e1d80e01088976b9e86b85fdec44

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verDACF.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TBE3XFIK\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\RAAJR8XT.cookie
    Filesize

    541B

    MD5

    3ff4c8cef369b80babf75ab67a9f15bc

    SHA1

    25bca3cd837ad1313d51e830e6c52916a6b8b194

    SHA256

    019094c2927f5f36ce8186c64dd14428d427be712b2a0e54ccf66193e2e6984a

    SHA512

    3394bb06c685b70f013a13e9d32284dcbc7168bf169a99f57979b089ce968fbc9e10d9be2261fad9fb57c07b1579a22b946456cb52b14718914652165bd063fe

    Download Submit
  • memory/1204-13-0x00007FFACC1F0000-0x00007FFACC3CB000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/1204-18-0x00007FFACC1F0000-0x00007FFACC3CB000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/1204-8-0x00007FFACC1F0000-0x00007FFACC3CB000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/1204-10-0x00007FFACC1F0000-0x00007FFACC3CB000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/1204-11-0x00007FFACC1F0000-0x00007FFACC3CB000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/1204-0-0x00007FFA8C280000-0x00007FFA8C290000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1204-12-0x00007FFACC1F0000-0x00007FFACC3CB000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/1204-17-0x00007FFA8C280000-0x00007FFA8C290000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1204-16-0x00007FFA8C280000-0x00007FFA8C290000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1204-9-0x00007FFACC1F0000-0x00007FFACC3CB000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/1204-15-0x00007FFA8C280000-0x00007FFA8C290000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1204-14-0x00007FFA8C280000-0x00007FFA8C290000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1204-5-0x00007FFACC1F0000-0x00007FFACC3CB000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/1204-6-0x00007FFA8C280000-0x00007FFA8C290000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1204-7-0x00007FFACC1F0000-0x00007FFACC3CB000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/1204-2-0x00007FFA8C280000-0x00007FFA8C290000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1204-4-0x00007FFACC1F0000-0x00007FFACC3CB000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/1204-1-0x00007FFACC295000-0x00007FFACC296000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1204-3-0x00007FFA8C280000-0x00007FFA8C290000-memory.dmp
    Filesize

    64KB

    Download