Overview

overview

1

Static

static

URLScan

urlscan

https://github.com/m...

windows7-x64

1

https://github.com/m...

windows10-2004-x64

1

Resubmissions

23-11-2022 07:16

221123-h3wmzsac6w 6

23-11-2022 07:08

221123-hyqk6sef39 1

Analysis

  • max time kernel
    116s
  • max time network
    188s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 07:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/minetest/minetest/releases/download/5.6.1/minetest-5.6.1-win64.zip

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/minetest/minetest/releases/download/5.6.1/minetest-5.6.1-win64.zip
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1228
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1228 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1040
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x504
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1260

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e3687d3febab6353734d67a781fffdd2

    SHA1

    1cc607957748d7ff87e1eb0249e72efd7c4dc64e

    SHA256

    c37b535d6b1678c137935aa3e8bb034b4aa2e23cd1fbf6393d9ec8d5b44dc53b

    SHA512

    a8e5cb188284800547e382c01d74beb89f4a8a2d5955c0f9c52a48c459a3d99350a3a53ff1a50ab70b45e24940b1111ddc0a863084f7ddb99d9e0b93bcb6f186

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4TAQ562\minetest-5.6.1-win64.zip.em2dyyr.partial
    Filesize

    18.2MB

    MD5

    1b787e4e36dd37d9ee28ddc0dc72ef94

    SHA1

    b25d730507352b7476e70da79290a5b5befa4344

    SHA256

    db6e8358e7f3ea2ae152b1824aef0d6f0312d8adc88f918fc4a1958990e89c27

    SHA512

    b09f7b5da21bddd694b969161a120f146abc0cc515d5256ec252a5ad3c69f686f931c18a0b5bfdd1fab2796d05149fa665b3fbb7bf79e8a3dc39aa835705a040

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NDAPN4A7.txt
    Filesize

    608B

    MD5

    49b632079c60f352bf589629d69c4403

    SHA1

    73b3069caa6147d34f62e8d7ad6f9142d9b94e9c

    SHA256

    5e15293d6bfde669171a861747275369f028acf6486e67626cf49b2a6ee3475a

    SHA512

    ab0e2698e3479d11e49d307d9dbf808dd453c75bd1bfe889c0bc6f91c9e85aec2ff3c6e55332b586a16d41937b685fed64fedaee271c97ec8ec61eea1dde8d4a

    Download Submit