Overview

overview

8

Static

static

7

MatSploit.rar

windows7-x64

3

MatSploit.rar

windows10-2004-x64

3

BootsTrapperU.exe

windows7-x64

3

BootsTrapperU.exe

windows10-2004-x64

8

DiscordRPC.dll

windows7-x64

1

DiscordRPC.dll

windows10-2004-x64

1

ICSharpCod...it.dll

windows7-x64

1

ICSharpCod...it.dll

windows10-2004-x64

1

ICSharpCod...it.xml

windows7-x64

1

ICSharpCod...it.xml

windows10-2004-x64

1

MatSploit.exe

windows7-x64

6

MatSploit.exe

windows10-2004-x64

8

bin/Bootst...on.txt

windows7-x64

1

bin/Bootst...on.txt

windows10-2004-x64

1

bin/MatSploit.dll

windows7-x64

8

bin/MatSploit.dll

windows10-2004-x64

8

bin/UIVersion.txt

windows7-x64

1

bin/UIVersion.txt

windows10-2004-x64

1

bin/Zeus.exe

windows7-x64

1

bin/Zeus.exe

windows10-2004-x64

1

bin/lua.xml

windows7-x64

1

bin/lua.xml

windows10-2004-x64

1

bin/rbxfps...er.exe

windows7-x64

1

bin/rbxfps...er.exe

windows10-2004-x64

3

bin/version.txt

windows7-x64

1

bin/version.txt

windows10-2004-x64

1

bin/worksp...29.txt

windows7-x64

1

bin/worksp...29.txt

windows10-2004-x64

1

librarys/d...pc.dll

windows7-x64

3

librarys/d...pc.dll

windows10-2004-x64

3

scripts/LT2.js

windows7-x64

1

scripts/LT2.js

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    23-03-2023 16:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bin/rbxfpsunlocker.exe

  • Size

    485KB

  • MD5

    0ad95de215bdee42c18c5833a5fc3dc6

  • SHA1

    a22eb68776958b42b5fa147f15141b0f06f1557f

  • SHA256

    fc3f95654a181920f05056063bce148fdad38c4b2cd28fa3870bd4e071c564d8

  • SHA512

    fb5b22e8ac306a9d91bc90697a0ef38a9d89be807053e8687ad60262df57e2a2192a1edafd4d611431976026f6e46785973036ecbc91ecd42098f92a4eeff1f8

  • SSDEEP

    6144:YIWaU6EMyPwt1pcLjY0AJyGsrKdR6xmdohketP6ShV:YIWaUMyPu1pwjmIrKdIWoKetzV

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bin\rbxfpsunlocker.exe
    "C:\Users\Admin\AppData\Local\Temp\bin\rbxfpsunlocker.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:1960
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/axstin/rbxfpsunlocker/releases
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:820
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:820 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1080

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
    Filesize

    471B

    MD5

    fc86f01497ada4ccc8b95dd40d2dc843

    SHA1

    fea0a3d162932e02412baade936b736b931d4911

    SHA256

    dfe3f58b62981b55fbdf7fb43276e8e6bc9ef290d4799753d720ba4adf0f9d97

    SHA512

    dd7ce9b4fd184002d3104dfd6d637f62381cc816eee4b345d68251db53c4c8d63a0731a59c11bd52fbe3537ef6f6f8770505070522513d9f8470686bf9c1ca76

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
    Filesize

    471B

    MD5

    1b6f11b8e1688d0556236b6e84514489

    SHA1

    21afec35f52d55af2fedae9ac5f7cfaa7ffd4b1c

    SHA256

    fd8dac615c35ecaff2e38650e16f1945d7793a2b77c7d11fee7706abbd0c7db6

    SHA512

    7e85280ff8b52988cb9b1c12c7a1d835089afc81ddb6dbc42254de1ed53e06826c9ac2632f65d96de94ef96dcc46e0db976bc02e91cb50aa7aa42b37b28324fa

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    54990b0aed0a848d526e880274a23e27

    SHA1

    654a161d0090d141afa00799a8e321b35bf95216

    SHA256

    9fdc4d592c15d1f90bf05b7c59cecc9fb68622a71b786c8381f0b425d2ea1690

    SHA512

    7dfa554a77d09f84b23b1d82f54d98414c003fc73900c4d144095b9f0b4e4890a0d761cf85547576c98ac00ef232592b27e705ba49cbf6a4889930d117092bfc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d42bae97852cb3752fd225a3763fd759

    SHA1

    0473c34bfc8c73a471ae2a67ac28f76972f942f1

    SHA256

    e4f65f4a86fe2c8f6d5f89d9b13213aae72721847de0163e52190a1c43bb14bf

    SHA512

    7578aa6ed12ced293cabb0e621e241436000cefddef9e631e901d3827fcb3cf106b1855c2aaf91c862a2408eb5f8913baa62a33f25a4b3648b1b8df26ffaf3e7

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cdd6faa4164a18bd4b25396854c070bd

    SHA1

    3cb239fbfc6c111ebd111e479adb5efc4a624156

    SHA256

    8f599a5526b57aeffeb0520d5847a7467eb6c2cc253dfa92678ba0fd60803b7a

    SHA512

    b06eae889ef31a09bce5a855b6324868bef332ffb017d77f3f1413f2bcbff9e73a396da26ed0cb0e636ad7cdf89dbbce281d29959a29064effe4675a8fd5832f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7d80a6ea932c48f31be3f700beab2529

    SHA1

    37cdb966a8afc2de5cc84b572588990aaf0435f6

    SHA256

    1adb93763a8b0b1dc6cc18a12467c99f6e289912b7aeba4cb6d12c21271e74bb

    SHA512

    7fec5ae21e57f42d3cf2948632ed50361894cc43688b3c5e8ea7295635598b6e9c9192cc381f03afc82e3b686a941a999f52c32022ac45d78aa313bb680a83e3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8cac7151b173f0203d78c68fab53712b

    SHA1

    897b90c6eaaad870b32673f2d8802345f1017cc4

    SHA256

    875395542fab72ac2d66d4aa0cdb8d2fa76e43a8c710845155a87d82b4b207f8

    SHA512

    798179f5a8c051c2d43e5f267c7ff803673f2ba0a468f6627fc046f54698f277fcd3692f49903067a96df0e0eec92cc086669c192f449af4a29542304dd4b22a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8421fe1bcbe45d2d4477bb0aba5c192c

    SHA1

    21b7782f6f37ec5b010d09737822a691aaa45738

    SHA256

    2cfd50a0c66ad463f0e0e320e5927bb228a796d03e6dfa194c4bd758c8183703

    SHA512

    5c385bc3da2175c699ce5cf92ca79e133eadb3112b5311f5b736dce7aed4fd5e084d86db0a9214cc19c000437b406e1589299800797d054b0302ff8cf8455582

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    64f9b7ed5dc9b4ed60d5d63f44518960

    SHA1

    9cf83b9c7f15e53b893f387a8f46b77d49ac0666

    SHA256

    498fe4e09863bdf1515f8def0336f88b5f5ec506124c2d9c91a0320f83734d04

    SHA512

    0d729122927bd9c996d7bd2b9a44a68cc4a6c934a2d936e5561b402bd3e7a760a0e32712cc34b1771c82a09195694d3329035a8224cc05f2f731a8863505c3ca

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eac565f6eed5c4ae2943ea09e3ad6d26

    SHA1

    8088ca00adc54fee861be497a6348b5a3dc56abd

    SHA256

    59405492dfedfe27234acdcb8a1eaf2eae81acfe736d2d479ecd976a66b8d4e5

    SHA512

    a79501c4ffdfc7232f5dc85a644413c50fd4586de61dd5dff3bca73e48543563a6222a5af8da62fd5ff10adfc6701fcd68bada5694325f88f05e6ba32bdab448

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2e8678cb21a097cd18f9534991fd954

    SHA1

    2a5a758404bccad4d87b06d48a415543ad9a8492

    SHA256

    57f9bbfa42d01e70e4f6f09f57a868ca56a4e1cbb74c49718e08df4ee162597d

    SHA512

    1d659ba2e8de47256b28c10ca5cedb206428886518f493db95a1eaf5818dfd58f33a82c68ae385af96f78d3ff8ea295082c47f0d081c79cdec157a69f9d6278f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f0ba4e6df016ad58a6b43f63fca842fe

    SHA1

    09abaf0b77238af587f201977747be007aa8909d

    SHA256

    4092e3f0e5e614b5e0ea9eeb0061e84033c3b099128b14cd5180a65be1eb6238

    SHA512

    d9c1aeb861c799d048de9c41a862da4a9da7d42dbc2332c56758a0d9313763729aabd170905bd0ed60385ff307e9501f734467488ca783c330ede1d54225a4df

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9bd8eed29c7295cb6496579722e68efa

    SHA1

    e8421593391dca8c1c91efb9cb0883d125ba0af7

    SHA256

    af886e8aefdc1c00cda1327757a4aa9e7be77c8686390223b682adb11241363c

    SHA512

    02427599e2c7bc845b02f0df26e7b56e8f5e633ed3ac8bf4af973927a75d4ae44a1974c6451144048f7eb697062187e54d26bf5636fb0050efaeb8f26c53d021

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
    Filesize

    400B

    MD5

    63edb5805ee91c00f5f22910b6840e3c

    SHA1

    8487116b7bd06a2feb0d9781dcc703a72de57c3a

    SHA256

    1a6da305f095a95425189e47b911c040ddfd02b836f3a7b2b09911905a287499

    SHA512

    dd6befcf7872603d7c6b9418b1501abd78eac6c77967ba884316f5c32176fdc3e1a747344f74ba2b77654250301237919b31edb22bc50c0649d494aa765b808d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
    Filesize

    434B

    MD5

    ea63bf55158a00169ccba7659949a51c

    SHA1

    326b7235db1518cc3cda5ef56c520e9e03bb2479

    SHA256

    6f834fe520b43d84678cdd8f2a4dd77e3f1e5efd4d57d7e917f49f637faf7a67

    SHA512

    543b97bb19af227f054a94bd53fbf636e4225e04aeeea81ee9e96827c6a9c95c5272602fa2ff9255659413b0567d07790af569c76039be4251a7b7cef61dd52c

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\z62wpf5\imagestore.dat
    Filesize

    5KB

    MD5

    85acfe36832b799d87b41c00568fac9f

    SHA1

    dbf48ab7b4ff3e732d81a60c076a6827a9e4a48f

    SHA256

    3c198bdd3d124cf3afe1bc79bf823b4b479f2ab6cd8c463c46515c86d1a3cf7f

    SHA512

    119598a9240a0f840fcf4ca38fd0e351b932fc78054419a3b7e84b6d967a038cbb581daf755188306acc9c8ee5bdae63fe6e4b4a0f6b4f1efec2b0ba25a21df8

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03S7L47X\favicon[1].png
    Filesize

    958B

    MD5

    346e09471362f2907510a31812129cd2

    SHA1

    323b99430dd424604ae57a19a91f25376e209759

    SHA256

    74cf90ac2fe6624ab1056cacea11cf7ed4f8bef54bbb0e869638013bba45bc08

    SHA512

    a62b0fcc02e671d6037725cf67935f8ca1c875f764ce39fed267420935c0b7bad69ab50d3f9f8c628e9b3cff439885ee416989e31ceaa5d32ae596dd7e5fedbd

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOYUJSME\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab40E8.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar65D7.tmp
    Filesize

    161KB

    MD5

    73b4b714b42fc9a6aaefd0ae59adb009

    SHA1

    efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

    SHA256

    c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

    SHA512

    73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar688E.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\JU21EVUY.txt
    Filesize

    605B

    MD5

    7611ea9317098580868f17853acfcee3

    SHA1

    c1ec0d0740604783dc7d49abaeef971c8adf6833

    SHA256

    5ec0cf4e87807bcfd735546cd3bcca5235d0dac08bf3d9c1d88d4a091f8168dc

    SHA512

    65a43890ab0ec15785cae8cff28184ab81f654575b00402c41d719561a3b8ccc6d3d09a2344e2d264b3a0eca2a95615836d3b8b36c077f37fedd8160cce31f6a

    Download Submit