Overview

overview

3

Static

static

URLScan

urlscan

https://github.com/F...

windows7-x64

3

https://github.com/F...

windows10-2004-x64

1

Analysis

  • max time kernel
    88s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05/01/2023, 15:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/F-r-o-i-d/Rust-Cheat-Collapse-updated-13.12.2022

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Modifies registry class 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/F-r-o-i-d/Rust-Cheat-Collapse-updated-13.12.2022
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1856
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1856 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1452
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WRZXZATJ\Rust Collapse.rar
      2⤵
      • Modifies registry class
      PID:1768

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    00df1a9c8cc498e448020e0b6661bc5d

    SHA1

    b27e63312bdbf1c37a43cc18a4f9faeabaa2f66e

    SHA256

    c070cd5b42c6de3090f146637073007af55d3802a435a4ea1f671491b3e8102c

    SHA512

    cb0de5fc6af48df18bdac3f75bd3210f851c7f0e6e5edcd86650b32856913d9386918dc4264128db50a93d9a6f8e6584087ebf8f301fc71f84fc2101475faf3c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat
    Filesize

    5KB

    MD5

    cd6b7a22eba2efd0a9eee79f36a55a54

    SHA1

    4cfceb7a8813f56117f3a3fd7219f73e71b86024

    SHA256

    f7c09ee8275471ba8bf80290cc38e8bd534c5374cbbd405e7f2dbbcd6f3a24ba

    SHA512

    bb867bfb4868fbbae14e6a89f091f8a083b383f71f83102afc87b6fa6b913af0d521461cad5ad19405390198382049a6485a5804d30bc8e272f42348d27a8dab

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat
    Filesize

    6KB

    MD5

    91fcfd43c9efd9c92e0d97c4adb7af05

    SHA1

    81098719776e50cd7b5a749703697411b5616d74

    SHA256

    95d4a0dcd63ff3a426b0bc1924fe6d485331e8bc6c6102784f6ce56cda4e4433

    SHA512

    eaba889b2addafb857c15cb5f2dde133a4cc99b4dfc06b798f6260d37dbfe425b1bb423782758afacc646e7eeb0c43e0bef680cb9fafbeca5a59c172b808c8cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WRZXZATJ\Rust Collapse.rar.3tgbsg1.partial
    Filesize

    4.7MB

    MD5

    56cde07f1ca1594fd0fd6cdd03695622

    SHA1

    e6dfcc3d55265a22235778faef06874a55e2e1f1

    SHA256

    8de751ea1eb9d56bda91bed6fab437f551c8355a4c59cdc1b9ef9dc45ce93953

    SHA512

    849d48ef9d1456ef72dfd1f7a7955ae851549a2fe8160ba8effd65ad8e3aa606d17cd4129815ffd7700907c90adaefedae0eb7bb1f3b24206361508ca2a1ca82

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\MJNAFVLH.txt
    Filesize

    606B

    MD5

    e5d9c43340e86bf115c691a41858f786

    SHA1

    d75858b3afcb29a6fde48a0803dd6dd31fac726d

    SHA256

    ff437d9a6f6318fefba8aa849f9d66a96ca84451c816619fb62f44e8f99f9c21

    SHA512

    ac33eb7f591578bcb2734ada7da83c6eab7d691a2fbc21047578923106486de1a4ec98543ce22fecccb49b442b38b167a517b5d3a761b732110e5c082ba09659

    Download Submit

  • memory/1768-58-0x000007FEFC311000-0x000007FEFC313000-memory.dmp

    Filesize

    8KB

    Download