Overview

overview

6

Static

static

URLScan

urlscan

https://github.com/U...

windows10-1703-x64

6

https://github.com/U...

windows10-2004-x64

6

Analysis

  • max time kernel
    64s
  • max time network
    72s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    23-11-2022 06:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/UWUFN/LithiumGS/raw/main/Lithium%20Gameserver.rar

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/UWUFN/LithiumGS/raw/main/Lithium%20Gameserver.rar
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3500
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3500 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3320
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3128

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      416f43a5e5978e25d0b2b3804604f9eb

      SHA1

      71da8e406f52bb253c6b3932e24038dd593521a9

      SHA256

      457ae2aca2600e218804f138f83fb6f5ee451a0694cff806f97f15f5b00b1917

      SHA512

      0ece1d0ffa3cebd377155244da084f25206cda3ca499adf63eceab3b157598a2e290352120900563ece8938183b2a090dc527461eb4a197310abebb82103fecb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      434B

      MD5

      ece55e90abe09920a295c711621cdcf8

      SHA1

      a953bb89cfa8b8fae83176e265f61ab03a1ec99f

      SHA256

      9c930da1038543685529e65e7af8fa4359ff41c26de0279136adb0a8b7c837bb

      SHA512

      336855d78f0f60bb91d3a581fe21eb2abffb31828659919d08daa55d22a47b6395e0edc33af99a33ccc240147153f46be1f63c7af6eff4ed44007c8235e56cd4

      Download Submit

    • C:\Users\Admin\Downloads\Lithium Gameserver.rar.22txgyx.partial
      Filesize

      2.5MB

      MD5

      9f6587f122a4fa8ff732d87820fd9532

      SHA1

      c968129051290c2efc548779a2c2882872b3af00

      SHA256

      fd2565de45ec3d48cf4448ba36a99510b156aa4b61b0b2468baa7bde8fc4b6ec

      SHA512

      482ddf5ef9a31d54abf73a47771802aa859a813beb7b2495331af398f5408919b24d6d3c0497e81e93b29c530b5b815e5cadfa8738d1565f404de8aa1480d5c9

      Download Submit