Analysis

  • max time kernel
    140s
  • max time network
    167s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 12:55

General

  • Target

    https://github.com/ClearThatsJS/VALORANT-Wireframe-ESP

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/ClearThatsJS/VALORANT-Wireframe-ESP
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1824
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1824 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1648

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bb826fc2371c84f27da619d63692fb4f

    SHA1

    8e6981e6ca8860039b4b311379218647752cd212

    SHA256

    f70847776f5b62b0e70ab4b9d5c3c6d28d504ddc07cdcb2fd33bb9bba0832c60

    SHA512

    46e054e9540802f467396a428d5ef8bf318e2fa3d4cb9e4d69e27463543a815f536a0aef2cd45f1cf8ba922543c86fc073505e46f22853f92ac161878ba223e1

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\try74lz\imagestore.dat

    Filesize

    1KB

    MD5

    af3bd9270f1e4f65cadde778b28d80db

    SHA1

    0376db5a595d876cb954ffe2ef4952af62a0e48e

    SHA256

    01aca8fd7fc037dafeb337e82bdf3bb9cc6fef58a7d23890fa0fff374360f2d3

    SHA512

    ab09ea2f45f540ac2ca6eeec1294c2a58b689b024773d5be05893afca2ba06812b0c5759477a524d317275f058ef1a1899ff3cb9bf3d6177c5f6f2129a4e949e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZG3H2X0T.txt

    Filesize

    608B

    MD5

    301cf2077f6c62e0e0e38ef0d327d3ec

    SHA1

    d15ad2236d1bba14f84f40fd338dbed2bef27653

    SHA256

    f4172bfe831cb0ffbcbaa425f28b68bd9eb61cb3b383eb72f63b8d72d8a60735

    SHA512

    5e2b22ec908d75ddd360ec5bf50713797b6478dbb9d9cf21a2396b37cb9367c2534502710ae59452ce65a7fc89fde4de0cdc9e0062f190f672a86b6b316429d0