Overview
overview
6Static
static
Princess.Conquest.rar
windows7-x64
3Princess.Conquest.rar
windows10-2004-x64
3Princess.C...OM.url
windows7-x64
6Princess.C...OM.url
windows10-2004-x64
6Princess.C...OM.url
windows7-x64
6Princess.C...OM.url
windows10-2004-x64
6Princess.C...rr.ps1
windows7-x64
1Princess.C...rr.ps1
windows10-2004-x64
1Princess.C...rm.dll
windows7-x64
1Princess.C...rm.dll
windows10-2004-x64
1Princess.C...19.ttf
windows7-x64
1Princess.C...19.ttf
windows10-2004-x64
1Princess.C...ld.otf
windows7-x64
1Princess.C...ld.otf
windows10-2004-x64
1Princess.C...NS.ttf
windows7-x64
1Princess.C...NS.ttf
windows10-2004-x64
1Princess.C...TG.ttf
windows7-x64
1Princess.C...TG.ttf
windows10-2004-x64
1Princess.C...ar.ttf
windows7-x64
1Princess.C...ar.ttf
windows10-2004-x64
1Princess.C...ar.ttf
windows7-x64
1Princess.C...ar.ttf
windows10-2004-x64
1Princess.C...ngelog
windows7-x64
1Princess.C...ngelog
windows10-2004-x64
1Princess.C...ICENSE
windows7-x64
1Princess.C...ICENSE
windows10-2004-x64
1Princess.C...NSE.en
windows7-x64
1Princess.C...NSE.en
windows10-2004-x64
1Princess.C....mplus
windows7-x64
1Princess.C....mplus
windows10-2004-x64
1Princess.C....mplus
windows7-x64
1Princess.C....mplus
windows10-2004-x64
1Analysis
-
max time kernel
129s -
max time network
203s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
28/12/2022, 06:29
Static task
static1
Behavioral task
behavioral1
Sample
Princess.Conquest.rar
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
Princess.Conquest.rar
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Princess.Conquest/IGG-GAMES.COM.url
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral4
Sample
Princess.Conquest/IGG-GAMES.COM.url
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Princess.Conquest/PCGAMESTORRENTS.COM.url
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral6
Sample
Princess.Conquest/PCGAMESTORRENTS.COM.url
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Princess.Conquest/Princess & Conquest v0.16.14/Audio/BGM/P&C - Pirate Barrr.ps1
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral8
Sample
Princess.Conquest/Princess & Conquest v0.16.14/Audio/BGM/P&C - Pirate Barrr.ps1
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Princess.Conquest/Princess & Conquest v0.16.14/CoGenDrm.dll
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral10
Sample
Princess.Conquest/Princess & Conquest v0.16.14/CoGenDrm.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Princess.Conquest/Princess & Conquest v0.16.14/Fonts/04b19.ttf
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral12
Sample
Princess.Conquest/Princess & Conquest v0.16.14/Fonts/04b19.ttf
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Princess.Conquest/Princess & Conquest v0.16.14/Fonts/BebasNeueBold.otf
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral14
Sample
Princess.Conquest/Princess & Conquest v0.16.14/Fonts/BebasNeueBold.otf
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Princess.Conquest/Princess & Conquest v0.16.14/Fonts/MODERNESANS.ttf
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral16
Sample
Princess.Conquest/Princess & Conquest v0.16.14/Fonts/MODERNESANS.ttf
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Princess.Conquest/Princess & Conquest v0.16.14/Fonts/TG.ttf
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral18
Sample
Princess.Conquest/Princess & Conquest v0.16.14/Fonts/TG.ttf
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Princess.Conquest/Princess & Conquest v0.16.14/Fonts/VL-Gothic-Regular.ttf
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral20
Sample
Princess.Conquest/Princess & Conquest v0.16.14/Fonts/VL-Gothic-Regular.ttf
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Princess.Conquest/Princess & Conquest v0.16.14/Fonts/VL-PGothic-Regular.ttf
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral22
Sample
Princess.Conquest/Princess & Conquest v0.16.14/Fonts/VL-PGothic-Regular.ttf
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Princess.Conquest/Princess & Conquest v0.16.14/Fonts/VLGothic/Changelog
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral24
Sample
Princess.Conquest/Princess & Conquest v0.16.14/Fonts/VLGothic/Changelog
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Princess.Conquest/Princess & Conquest v0.16.14/Fonts/VLGothic/LICENSE
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral26
Sample
Princess.Conquest/Princess & Conquest v0.16.14/Fonts/VLGothic/LICENSE
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Princess.Conquest/Princess & Conquest v0.16.14/Fonts/VLGothic/LICENSE.en
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral28
Sample
Princess.Conquest/Princess & Conquest v0.16.14/Fonts/VLGothic/LICENSE.en
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Princess.Conquest/Princess & Conquest v0.16.14/Fonts/VLGothic/LICENSE_E.mplus
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral30
Sample
Princess.Conquest/Princess & Conquest v0.16.14/Fonts/VLGothic/LICENSE_E.mplus
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Princess.Conquest/Princess & Conquest v0.16.14/Fonts/VLGothic/LICENSE_J.mplus
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral32
Sample
Princess.Conquest/Princess & Conquest v0.16.14/Fonts/VLGothic/LICENSE_J.mplus
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
Princess.Conquest/IGG-GAMES.COM.url
-
Size
196B
-
MD5
882e17d630d74b64a8176e38e2fadf7f
-
SHA1
d6652d568db451c03b73eede688e0124e2d54ebf
-
SHA256
6d905d76e7d807c5831231d791f2510160dd56018ae423a037e7ac88fd19412f
-
SHA512
2baac743dabdbf133583c4d500699673e0bb2b2ade89f0a660eb17bfb440f1d74814ade3b82eb07d776f6a7c1b1975f25c6c1c500edc589897bc304a9c9fb3b0
Malware Config
Signatures
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\igg-games.com\NumberOfSubdomains = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\igg-games.com\Total = "45" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 004cbb8e9c1ad901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e3db3189f64a3744b3397b30c72e3b7e00000000020000000000106600000001000020000000b6a0f71e7156c4cfa51a9d792895ce5afa031cd9c808c471c35281a844ce5a7f000000000e8000000002000020000000c7df45c99813f0906053c0b7a27c48b3cb0f8c1bc61219ed46cf6dd87b42453e200000001a88a3a902673823484675dccfa469748d346a66330cf00d1e383b2291f0e58e4000000070f948a1720f4f361ceec5c55a3b4592dfd3776b9bc374d5adf4c5ce1a8ed405c7dc05b109f8808e3f49a0d23f3f1ae7115cf4739565bc6df0799e9b94077a6a iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "378983698" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B0F4BD61-868F-11ED-979A-4A7553B9BC92} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\igg-games.com\Total = "26" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "45" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e3db3189f64a3744b3397b30c72e3b7e000000000200000000001066000000010000200000009645ea59118917390d8519d8bd95196434fabaf0d13a1a335c3a3e6189f6ca44000000000e8000000002000020000000f76743c7c3bb5814129e4dbce22d946abddfb19522d0e882221997d8d0a9f1069000000049814b1db5a12b016e4a526a9320402c09e511ca1a4ec34c40386849144e45857b937c249697904f67f811efca733cb191c3d9c41e5f24fdad3063634c560640cd25c1237743fe5de41280d1ffd42776df560cac6eba755b2b5c9c7e8c95f9dd63ad6816bf25261953d383230809d5b90031dfd27fe63b0cc867268aec7bc7602f0589223e2235e0ff6c45f4a10bc1bb40000000256f6dd48e007a79a56f05a5ad13d8739a1687746d9afd143ffcbfb7fa6cdaf4a4481956cdabcb905e182b2804b15798a0e647a5542ade99ba8673ff37e0b173 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\igg-games.com IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "26" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\igg-games.com\ = "26" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\igg-games.com\ = "45" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe -
NTFS ADS 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Local\Temp\Princess.Conquest\IGG-GAMES.COM.url:favicon IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 544 iexplore.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 544 iexplore.exe 544 iexplore.exe 1884 IEXPLORE.EXE 1884 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 544 wrote to memory of 1884 544 iexplore.exe 29 PID 544 wrote to memory of 1884 544 iexplore.exe 29 PID 544 wrote to memory of 1884 544 iexplore.exe 29 PID 544 wrote to memory of 1884 544 iexplore.exe 29
Processes
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\Princess.Conquest\IGG-GAMES.COM.url1⤵
- Checks whether UAC is enabled
PID:1160
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:544 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:544 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- NTFS ADS
- Suspicious use of SetWindowsHookEx
PID:1884
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
61KB
MD5fc4666cbca561e864e7fdf883a9e6661
SHA12f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA25610f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5191c9e89677cdb0c7dbd75ff157ccc99
SHA19a10cb018522155d27d647208ae7f4cb3875d92e
SHA2567b12b37428984417c70e3c4733b9defbf26be79b05d7445006eca39801966e82
SHA512c19566a887a5685a6dec5aee7d149936a38cdbec49f6374360a8ddeb8b48e112ec2f94ed32cfe2248eb48d39c3593315730dbe7229c492e6130ac133b6ec6dcd
-
Filesize
19KB
MD5294655d86ba7034208fffe7033673f32
SHA10351243590cda00608633bab7449fd6a0c95fccf
SHA25654223b8a3748f606905a80c68727ef5b683b650b25befb272601de14326afc2d
SHA51215a848e7a694bf4ab31fa4afb6d80277c58b22f7e65803d015f31dd819a1a332d13c1af49d127dab5e1d5dc0b8f3f39712ea35de732c3ff0679832a54a76cd2a
-
Filesize
608B
MD509d3607d1e6816417e706744adbeb9e5
SHA1015632fdb4e04cdeb04b88c9cd1a82a4ed10b2e7
SHA25658f478b6b6390ac7405f7a718fe54f637ccbb3ef2daccd6abd02f409c6a5981c
SHA5125d6bf39679ba059522b3dcb1056edfd5320cb8daa44510235f3c9fb5dcfb7f15f525d5ef17db52e423412608dcfe1ca10c3b6ddd0ae18d81a8ccd3ca08007a08