a9ac519ca396e0878eb15b11d7c697bc175f380b00162f4cb351239353747d3a

Resubmissions

10-02-2023 16:09

230210-tl8rrshf92 10

10-02-2023 16:01

230210-tgqqdshd57 10

Analysis

max time kernel
149s
max time network
200s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
10-02-2023 16:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
Size

1.3MB
MD5

5976447d2d9d6aca7e3df4bc0d27bfe7
SHA1

0a137d372e3123713f7c690fa2831de162ae69c8
SHA256

a9ac519ca396e0878eb15b11d7c697bc175f380b00162f4cb351239353747d3a
SHA512

6eca409e1053b23f3affc9d2d7f562ddae0c60de55183ae82b1098c896f7d1b48fa12ed39c96b0f4ca8a06ddd7aae22dbd2003b2389793a702d32528afeefa87
SSDEEP

24576:NkwWyiqAVWAvGNYn3rJ4FJXFtspAyji8GbJ7NDSIWC1:LuVuOnN4oALFV7bWC1

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 54 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "26"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "382814103"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\flingtrainer.com	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c2ca96a188178048b9a5f3f8eafb4db300000000020000000000106600000001000020000000fba7e983b50eac16d417a4a1d697bb21f7acefc9cf8d20daad827679696a1b59000000000e800000000200002000000002c9b08856ea9b071224e5ec0091e46b66f64c0d1575937e4d76ec0bad3d0f37200000002ce89c8a53b766b95745f10fba16e55545c0986eb3f1459d508fefe8b746a3b6400000003c0678949c058b7ee7823bae724aa0fefaa5add6131d778c8b16421f533b1f572507f9f1f32dfb71563f6be377800cbd22b271bfd6db31a9cd03b5c5889dd92c	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c2ca96a188178048b9a5f3f8eafb4db300000000020000000000106600000001000020000000d9ef8796ea92998e0f61321f31757bb64983d2f5463bfe0130fe8074ac0da95e000000000e8000000002000020000000f515219e790334c14a89bd5885aa8470f16a966af0fc1faff9617d69d3ae84d990000000ba88712f346dd81f5ea7b5392bbba2a0364ff0095b2492e9050961f53903adee16f0884447ecc46fbbb178432ec6fe25698a601e73da0043f7647a3bf0284ada639f3e36536bfd37d198af0b92f6729bb18c4f4d059e188ddedee5aec86ecd2e580871d92405ee13b7b74099962770170b3996027ba86711126312a991901bdf8135c753059de7661215e75f0a52b16740000000e720dab5861cea85d3d2e51b9a9280522b3deca6b86a7e8e9503235cef06bb5d018b3ab6aa6e74b76bde20ef9fbd3b93f4f4d766c8f5acd04655236f00228794	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\flingtrainer.com\Total = "26"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\flingtrainer.com\Total = "58"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "47"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\flingtrainer.com\ = "58"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\flingtrainer.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "21"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "58"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\flingtrainer.com\ = "26"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "21"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FD49AB01-A965-11ED-B110-4EFAD8A2B6A5} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 603361f3723dd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
972	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
972	iexplore.exe
972	iexplore.exe
1972	IEXPLORE.EXE
1972	IEXPLORE.EXE
1972	IEXPLORE.EXE
1972	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 972	2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe	30
PID 2012 wrote to memory of 972	2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe	30
PID 2012 wrote to memory of 972	2012	Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe	30
PID 972 wrote to memory of 1972	972	iexplore.exe	31
PID 972 wrote to memory of 1972	972	iexplore.exe	31
PID 972 wrote to memory of 1972	972	iexplore.exe	31
PID 972 wrote to memory of 1972	972	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\Dragon Ball Z Kakarot v1.03-v1.60 Plus 32 Trainer.exe"
1⤵
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://flingtrainer.com/tag/dragon-ball-z-kakarot
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:972
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:972 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1972

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
f52c62cd342ecab74df733e90777db4c

SHA1
b0b8c50a110f9f278f51768663dddfe375546517

SHA256
a721740583dbc33f321d2d3ba435de82fe1d325b69fdd824cc348e7b1ff64f89

SHA512
b722e16f5404e9c3b5988e4e8f33dfcf3a989e12c9f5e5e4600544b04e8df61a3dffcc6f261ec980f8e786c8714e5487cd9887fb666b6a7dfd29e9be184d9b6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9FF67FB3141440EED32363089565AE60_05ED48EBCAD3CF1C57469DA2AC7B214B

Filesize
278B

MD5
e6bfb75272dcd99e4c743ffc1b332c9b

SHA1
fc273e463f921daf51ad55fa8e5fad5f7e798641

SHA256
d66ea8fc2ebd44ee2ba9f20f7ee7a3da98aebed52ed1d644ecad40c8927027c7

SHA512
e71f6203f83b839dc48c6325823d8922620bc11f84179e7509acbcaea2e84af36334190a1d3de0ae16101ad3784d9d8b40f74225187969e7984859db6ae1a367

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
438B

MD5
ce6e444ed50fdde4225048e6a38735dd

SHA1
bd11837a2d0479bb4ff67e620b535fe5c837aa78

SHA256
f041e8d3c5f1951d19c6a03171c00b8e8af946162fb380111dd26052b2118be4

SHA512
f1c9ece690b43870128424357934c1665a22353dd04257cdccf93ed34c87b341c880efac388a725fbbd9ed6c4839fb6cc4652be2aa5bd4ae77b8bdcdde951cb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
032cd9aa51a615f48092b5b87de46a7e

SHA1
f8ce5560d14491fcb768817c581eb9d3d9a7470f

SHA256
737767a676313e2f70ed1e42bc875b18ff351d2c79504d73266648d1bd1895cf

SHA512
da013f0f3733d7c761d4b45112c4d3f50c64ce9075ed3cdd0c71ea071c1d6735bd05e415b71efdd6eb3789c2722d53fa6f80527413c738cbc4459fade5a86435

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9FF67FB3141440EED32363089565AE60_05ED48EBCAD3CF1C57469DA2AC7B214B

Filesize
426B

MD5
53abdc45c1a134121aaebb3612781d73

SHA1
68cb11aa3bcb7568f49402074412ced31a1ebc7a

SHA256
f8b5e93e3a26d2f41edc42ea9d3262726bcb876bd938ad2236a9aab16278ba73

SHA512
d1af482854aacfe3da513d55521ae25e92516f552fbad9a1aaecff271045958d0b35d268d57209b029a62936ee52f3755c90b804211f7a153fb0e5e39e2aee97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\try74lz\imagestore.dat

Filesize
3KB

MD5
3620383de14da28e3152e4be049125c6

SHA1
f24e7356208199de846b825c6e7e5000ba71b271

SHA256
2c2fe9e757691cd2c05c3ef470e2e7c2a22c8b07a8e27ae8b9779f6d73339a31

SHA512
51cb018a9aeb11bbc71cba82019d91976c6632cd592b6916d5060119b7873d4802e9ab6422a00ee1dc25a66f2bf18c0c4f85e170fb3a975a770c789c1c3a0c6e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KI43NRHK.txt

Filesize
605B

MD5
5751b4421a00f47ad8cd5d043a6c90f8

SHA1
b11389b16afd301f8641df897f822223c40702d0

SHA256
d797029054aba69c51156d2c44d40a1b420cb3b0cd2b3290dbc7bdaeca7b129f

SHA512
603a000ded9056266e54e8d6b485e8eb8174c8abd01232eaf62cb1d3e58daa2f1da118db5611c18ad60a1187f1e6d197586e643db46c52037e9f45599aafb948

Download Submit
memory/2012-54-0x0000000001C70000-0x0000000001CA2000-memory.dmp

Filesize
200KB

Download
memory/2012-55-0x00000000024EC000-0x000000000250B000-memory.dmp

Filesize
124KB

Download
memory/2012-56-0x00000000024EC000-0x000000000250B000-memory.dmp

Filesize
124KB

Download