Analysis
-
max time kernel
17s -
max time network
85s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
28-03-2023 03:40
General
-
Target
https://www.mediafire.com/file/fu7vj52h3yb7o8p/AtmosphereCheats.zip/file
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 43 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.mediafire.com/file/fu7vj52h3yb7o8p/AtmosphereCheats.zip/file1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:368 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\AtmosphereCheats\" -spe -an -ai#7zMap25726:94:7zEvent264711⤵
-
C:\Users\Admin\Downloads\AtmosphereCheats\AtmosphereLauncher.exe"C:\Users\Admin\Downloads\AtmosphereCheats\AtmosphereLauncher.exe"1⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe"2⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5ff71b674ed46d999fc3b4bf3663eb8b2
SHA1bd11665382415d9898e6fff46d8deb4a3fffcb74
SHA256c9bf3606ea2c63d019dfa5cb7af37d7e77c14107a07122eb1dadd71f4d543c00
SHA5124be667580440c1209a75c6578e2354e7d273295faa76828999105f096711083d29f5cd627e73ad968cfb15737a7c619bdd38e30bc437be06427a77e786302241
-
Filesize
244B
MD5d1e3a9b9a5976fec289c6275288edda4
SHA102022532cedd2499885ef58ad845ddb534b41be7
SHA25680f8da0885f17f54d83eff419589f390bfa091647c931966c53a4fcddb98db26
SHA512b2c9c0b132b3ee3a19872c53f7d1fa28cf77e15fa4e04d4123f8e9f398311de9005557476269347021cdf59798a2fc1da75cbcb489a270c996be05ba2dbbd082
-
Filesize
11KB
MD5b82ec9eaf1f24299f63eab5028d2e2a4
SHA12b55e378c088c7db4af1337b2806f86e8f5efdd9
SHA256ad77a2761fd2a08bc5de32eec4779c086c32ec5dcba15851cb5b5546bedc2875
SHA5126bcdbdc5e31969029265bdc4271929f117968518db3a109427483adff836b719e5ef0638d35cd6be17beac19a45cf4f0342312c5dcc877d585b1fcda39613249
-
Filesize
10KB
MD5a301c91c118c9e041739ad0c85dfe8c5
SHA1039962373b35960ef2bb5fbbe3856c0859306bf7
SHA256cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f
SHA5123a5a2801e0556c96574d8ab5782fc5eab0be2af7003162da819ac99e0737c8876c0db7b42bb7c149c4f4d9cfe61d2878ff1945017708f5f7254071f342a6880a
-
Filesize
16KB
MD5354cd9b2959ee03b4c5fb7b8b40263d9
SHA19b9461be868754c4369cd1d05e3205a5a128ae85
SHA256d9698e425edf2357132305a35190f33b05b545ae77b3746cc136f16148cb4849
SHA512e6c0b0579b82658c8d71e10d11c6809c844e2513af0bbe8d778268309f16a378adba52033e0d29c32f5c33d0914cf55557e10e8a8cd9d434ecddc393b17d4452
-
Filesize
14.3MB
MD5f651a5ad7a3c8db4cf2b09b67002df7f
SHA19373619452be670d10995c972012f294909f71de
SHA256462ba6a1b67a37b36f9c5767c5a49a6bd60163aaf513545db32c8da769896ac4
SHA5125db94c14325f2abe30d95dab5ccc6566c2e76def9fce3a1bef0877a5072907a1621609f75ed85f1af6641507c02c336f1e80a06df8d9196a893cd2456cf0dd6d
-
Filesize
182.9MB
MD57740f92b1901f416b165506718de23ce
SHA15d856f8cba6a85b42667b1a3226c183530171d6a
SHA256839ea7813231f897f16019c2c472f0b8a996f5fa83cbb7c1fb6f3dc71c1d1228
SHA5127e9c8382b9414ae523c7fddf18a3ba370929c3297253531d666228b0981a244542cf07478e4a13892d8a02668ddf4fe77944c8709d89f0f6f84e6d497ac45aeb
-
Filesize
183.6MB
MD5aa54695548faa898a8c2bb2599d63ec9
SHA19e0b11cfc24859f192eebb7f6ddd0ee7051329ee
SHA256bffe98993614d6c33d0b0ec77f2cfd2ae016335e5bded1f35488016660ff7202
SHA51223214b24dd0159a6d76be9c018e0534dbfebfb42ae609c055eb3020e4e767eaa0bfd16d845c4ea8cdeb9fb0aa567d608211b9150c5034aaf5dfd4f578be3d951
-
Filesize
8.2MB
-
Filesize
4KB
-
Filesize
64KB