Overview

overview

8

Static

static

1

XB1ULK 1.1/Memory.dll

windows7-x64

1

XB1ULK 1.1/Memory.dll

windows10-2004-x64

1

XB1ULK 1.1...on.dll

windows7-x64

1

XB1ULK 1.1...on.dll

windows10-2004-x64

1

XB1ULK 1.1...er.exe

windows7-x64

1

XB1ULK 1.1...er.exe

windows10-2004-x64

1

XB1ULK 1.1...er.exe

windows7-x64

1

XB1ULK 1.1...er.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    106s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    02-03-2023 17:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XB1ULK 1.1/Xbox Achievement Unlocker.exe

  • Size

    126KB

  • MD5

    aa7c839ccecd16ba591a503c116f6e5b

  • SHA1

    a5cc6849f7966ca295252b742032e7ed8dd999e1

  • SHA256

    9488330b6e2d063be4fb1c2aec2f413bc5a4240adc869d880cad63c671bf0e74

  • SHA512

    1d307e025bebfcfb39be0cf01de15f8a84c91c1d71ef01f1acd21c511c671c632188db6a2ddaa58f3d12e032ddf677467de7cc8db9acc411453af348bc1442df

  • SSDEEP

    3072:6l0xIHQmEb9liHk29+E8Ufjz1BNOG/QJpXvj/tktDqY:79OwG/Qbbtk1q

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XB1ULK 1.1\Xbox Achievement Unlocker.exe
    "C:\Users\Admin\AppData\Local\Temp\XB1ULK 1.1\Xbox Achievement Unlocker.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win7-x64&apphost_version=5.0.17&gui=true
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1952
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1952 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1320

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2def7ee98329479a9d7235007602c3fa

    SHA1

    095f309f5cf6dea5211b4624ec0a3b176fc20d4e

    SHA256

    88bc89a9310a2f18e1f7527a645222f36c94e338ed4b3fe3cbefceaf44854d83

    SHA512

    244d6101643dc77f1f4fcddf85f5deb9d6a71cce16aa3b4ce2fe3374a4a808e66851e14efea62d1b6ff48636de74de0f39180db372d2af347abcb48b2c5951d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    711413da7b67df28f627fd81ffad5ced

    SHA1

    1b87bd5db687507f95e118c3203dee7efa2b52f7

    SHA256

    7b8d6fd9220eaf1935bb467f9ae716bf9c4fc32fb9394aa507015361d69d3007

    SHA512

    b41061a745bd8254aef96116884a4ecd1143709eb1f77d501517cc495b6a8dee34c520e9dc94d2df0b00e93844deeaa4e1c98629c1cd2af8d897a13e3281207d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    131473e89821b26aebe7127a5eabae88

    SHA1

    b891f34a3ce07b88c2083711679612af5326d43a

    SHA256

    d69435de38297a343d08a197f5fef94dd6e8fff637960aa64a04d8eaad33df47

    SHA512

    6d69ca738f077c69c5cc33bcd60533cb4c6998ab0282b516fdba1db90fd872e3f7f1e557ece2f090047174b5a0d209d6c4ff26237a891c717228b0a7f2f58c92

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f288afe041900d439141640ae31ba87f

    SHA1

    c33a7c2c617f83ae4b6c15479d92ef210ea50662

    SHA256

    c7c913b6519de67072dd276b3a98400dbe3c5561413a3b1da5867896c14a0452

    SHA512

    41539d158dd33ed78373e7feb4085a9696d23669670f69309fa864dc174b8f75a71d11f1d9289561a84aaba57fce9a7520235dda5bdd0171fdcd17e8b15886f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d88cbce80ecce94c714c17603cf8f792

    SHA1

    e758e0ea2c2206af07429e8341b20e0b23b025fc

    SHA256

    bb17d0c95e319067a3294413a4c7aac4a017b66bd6aed7e0c5f792fad97e005d

    SHA512

    c94b50b155f757f5c78083d496aacbf42a2349210a7a604e43f22c8ba6e29f948c931f76d258ec167ed0415ea5444a4b96c7fafcfbfb43388d9150f60f436dd1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    822983f5399885eb1e9bf5878472ce81

    SHA1

    1bd62fccb15f7444158732f784cdc21f596bb3b6

    SHA256

    9f2c8fd7de9473901bd2b7ca93f68d42b965ce8a3a2e77e769908465a203d503

    SHA512

    b8dfc81968445f522ac6400f140e7f68f20c33a408e2d4a92c8c3598862ec4106b8196ec50f2ff1533109182ddce9b3b88ba3314bfd57022bd3a4ea54e8463c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0ca28730bb10c7b9f151b7033d727006

    SHA1

    6563817dc61da8d373f1bcd0e5e9a9c7b2577cc2

    SHA256

    9c488c7b2a119aec73d5f34ea3524535c44418f4e339faeacb64d37b0ebec023

    SHA512

    6325ef1348a3a8ca70be6b50e7e09636bf8618e98bc17bef1b151465a708bd387b5d9dfc8435576ba9bd7538325eb436bcf84db837fff5a8a3723291f40a3534

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    07a24efa87d188f23cd6aef1bb1cc344

    SHA1

    26f74b5eaac34c5e84906b8354057209133cc3f2

    SHA256

    814b86edef52a317d9e6be47fe4413dc3c63909f8288c5e0a456d6c5c0da5bb3

    SHA512

    1acc3f890f5afc08536d332668f53c2ffa6695f680a3cae78d5a70e4c5b67976d446bcaf224ac6b07454b5682c13698b55d19e91797993ebbffb8f7bd52774bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af681cfcaf3cd6342c7a184cc980709b

    SHA1

    48d416aa3b95390991d3adcccb5766a640535168

    SHA256

    1059ac62e4058973d382c94b72ef26ce5d40cfe3c9b64030c220bf7a38ab26c3

    SHA512

    09f44202c36c341d3f847d5bd9ad973fbb2cb002e5158b72f402a6f822389e99ffe136cee57e7a2a4296a7345208d232028e1aa0e26ea8dc68eb9ffd7a71846e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8874d688550787c58bc429e958df0dcc

    SHA1

    99e1637131400c697a501e6b11f7fd490154a33a

    SHA256

    672d2537ef44294b1b010df3274dcd7e83b56d7615b633f06ef8e35979f8aed9

    SHA512

    d6d4059ad1fdff36dc3028b06baafc792d1f88fd6563889d4f91f0e9fb335abca087a3d165d250fb660b7d5ffeb25e4c138cf754843c5ebc0f07b68efb2cb012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e66fefeb2fd16f7c384b0e145bde88af

    SHA1

    b0553478d73791485e6647079b2d63f7ea20957b

    SHA256

    72c0a007ea3717de6fe801f7e288fa64753f486243e86de9232701944de00974

    SHA512

    ef2d9b9a8a01da7c803b57c1fb6cc57418464b5b5e8a0abb6222ca2cfcfecdfcb5a6f4a82e5ea9ce25a88ed01ad54c7d8cf926d30754a870b1007e84758c594f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    faa65ef29d7e8aa6bc35df380aea6946

    SHA1

    f2c58e9bfa118fb76c80a7f049ead13e383d5e30

    SHA256

    2fffd12a54c0a74f7756db11c4940620522962d62956c8d9b759254af2f5c7df

    SHA512

    e57d66ea8028e92fea585201a9b884f9d90486f57b69c29d9e927db74c52c9dc8d32e0afec181d4b74b295db2f828e82cac3bbf22bd52cc6085adf2c8c3967fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aa14fb73b582d75f3868bc07532dc4a9

    SHA1

    db109e0ab1ccd596fe386b87119fb407c9452767

    SHA256

    2ffc9ed12dacccc2e6bf423c1126e25b6f7f987d374a894326320576cfc852c1

    SHA512

    4a38a2bdce97c6d963e0e6fbcc925d7e689e69dcefd0dc79533a4c003e374b2e96ee36e8a5f042425129b8c369e81c453cdc2362daf4658f8f79aa90c5c60241

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    23243543bdc36c287389d4d6d657d193

    SHA1

    eb99dbf3e3b160fde46fcec5bdb895afa98773dd

    SHA256

    02e83c3f6c9a72e2588cf29fe569b25cf65f0c376ea5fac21d3575c9eef913b3

    SHA512

    2bdc2b0a4483a66b5f4f467e9977a941a132085901887c74e9ea0a7ac3ac1797677787dae1e0ad9f40435a68c302f2d48fd9eef40d18ea3f76c3a62e9134b54f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a73f7533bb655dc6aac1520321cbc82a

    SHA1

    70002c66a61d5cec4d29faa2ae06cd65db295412

    SHA256

    aa768af850b2f8d21e6f2f141b84167e872dd75b2d571e0016a6443cbe56481e

    SHA512

    78ced348e40b870bed6c7aa53d25e97e33b69da2beb32dac9c5235633c2df0036d6534d2a8e8eb53e73bba6860b6049c8283e951b1dcf99c2d31f375a6690035

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ONXID7T\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5FBD.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6301.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\N5ZD7N73.txt
    Filesize

    607B

    MD5

    3bc3c941abeca3a287ede7c174d9f25e

    SHA1

    ef3dc833fee9a27dd3291b34c7af97ecb09e3668

    SHA256

    0b798dd086396b6d0b821d079a28c5f6c255739c0333eea1e488b71fd231e361

    SHA512

    f0cb902260546a81af9ce218d86bc2804be151fe43ee310b9d1388fce10fa5350259e16431d8b9dd6769f5b57fc9b9925ebc2c534d44539e06b910cb9cf250dc

    Download Submit

  • memory/1320-55-0x0000000002D40000-0x0000000002D42000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1952-54-0x0000000002350000-0x0000000002360000-memory.dmp

    Filesize

    64KB

    Download