Overview

overview

6

Static

static

1

citracximaker.7z

windows7-x64

3

citracximaker.7z

windows10-2004-x64

3

Citra-CXI-...616.7z

windows7-x64

3

Citra-CXI-...616.7z

windows10-2004-x64

3

citra-cxi-maker.bat

windows7-x64

1

citra-cxi-maker.bat

windows10-2004-x64

1

readme.txt

windows7-x64

1

readme.txt

windows10-2004-x64

1

tools/3dstool.exe

windows7-x64

1

tools/3dstool.exe

windows10-2004-x64

1

tools/ctrtool.exe

windows7-x64

1

tools/ctrtool.exe

windows10-2004-x64

1

tools/xxd.exe

windows7-x64

1

tools/xxd.exe

windows10-2004-x64

1

Citra-CXI-...23.zip

windows7-x64

1

Citra-CXI-...23.zip

windows10-2004-x64

1

Citra-CXI-...15.zip

windows7-x64

1

Citra-CXI-...15.zip

windows10-2004-x64

1

GameBrew.url

windows7-x64

6

GameBrew.url

windows10-2004-x64

4

Analysis

  • max time kernel
    135s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    29/03/2023, 14:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GameBrew.url

  • Size

    65B

  • MD5

    b14c902348cbd2ab5c2ef947aba7d471

  • SHA1

    fc4a7512dec5a728ce21876f93dd19e56315758f

  • SHA256

    1b921a3463bb129c71769ade52c9357c7feae0414a679f44ca03b4b2d3dd6b65

  • SHA512

    32ab25f00d7235d7d8db4e9daa7bf37edb395109e1fd2da0ac5d533dcfb4aaf360954610ab81141f4d0828da929563cc30068ec2b3873828b6839daa33987f27

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\GameBrew.url
    1⤵
    • Checks whether UAC is enabled
    PID:1308
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1264
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1264 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1160

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    244f28af40dac40e33680db811f6b2ad

    SHA1

    3ef6b2fbb76353c16901091922489afe73c5b08f

    SHA256

    e8f56249f595487f25f5dbe8acbdd7166b469f2d7798b782cac8b2a53930fb35

    SHA512

    76932705355fe184243ac8c8a1b26d15e8750e6711cdc4f0da84b93b8a645f7c9d4c5144330a9d16ba8c634c953fa2ec4b7d8975bbaa845c89eb5f251f978fbf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    39a6a98db3aae2b802552a556fa586bf

    SHA1

    5026846ca2e5a38449ad0dd6e5a57077b486f9f2

    SHA256

    190c3daaa8dc355b74860c87c9287cd569d8037a37276a91200c01c75f53a41e

    SHA512

    078d84b848a80dde068556f8b5d76e26f70642b603482759673e172c920bc5ba3d325f5aa1512fb2e94f8042f2bbe770eb688be14511a897dbe735e51e26d315

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    d465dd34a938dc43e3bef5b19c9e48dd

    SHA1

    6dc1f1ebf46174c0a1e36b3a34be69d41a1b9b0a

    SHA256

    fc350d0041e375b5b38c5b9a665ce59c6ef94bf46f9547fdf2fe46c6a9afc1cd

    SHA512

    d5a20890c4cafeb46d58cdab46d902fd5860e042fe73ade6589cc87a7f17938d4018562c06531af751cac31bde7f08e5b713533ffea401f1f0e581581ff521c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    31368bfe63350cf6689f5263881eb175

    SHA1

    f910ceb17f7be45941beadcd38d42527d48ad18d

    SHA256

    604c86a1443fe508f8cb0bbf2046b2499a6948a40c73eb433de0a3bc9e85f428

    SHA512

    81439d8263d4aeb7bf38808574c35604e8749c130bcff11253dada4f73f169c5d47344af829c3b77f0571411e1233292980a3beb5e52b4dcc415a55da64ddc6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    7551fb221404b81af298e4f2d0338726

    SHA1

    6c1913e1a2bd6f8a7644d7a4f53547da35876b82

    SHA256

    e85b51151eced073cd52bcf43d41324b1ec84428c36860b7ba17339991f33abb

    SHA512

    cdf4e1a3698af31e2d88694894b06e1ab3010a38b38e04c480c8e0f3979b3f4467def68a1cf9800219315eec121dc66080782f9288efe6b9cf73fbe5d4a3871b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    d9f51e169a252cc3124aadc4a5913897

    SHA1

    c8d74131c194d546496dd3b6b73114835728e86d

    SHA256

    66f96893effa9ee5a84b9c8b031102cf3fa81033a06b5ad69e2e4389bd6c158f

    SHA512

    68dec705e12d94c4c00c1fbc73bf537c277df4f5a888ef031f855f37fb9f9f9f6098c911d8ecfc23cd1b1439f474b37ff5564f890e8c0e369e73473da42480b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    84dfd6c4fce870656198780a22481cb8

    SHA1

    de712145080ef174cfdd52c3315677670b7e32b6

    SHA256

    822bce37f12e16238235bf66bb366c659b774e1e9af88f444bde4a81d18198dd

    SHA512

    63192128ce581a2d37ac2d9d96b4ff118c3dee740ff9c88d72c32a09f114b4ebb0b254baad7cd2958488cbc88fb35125be50a0a9e08a880895630eb0fc09ef44

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    09b115a727ef27836b7054eae505c8a4

    SHA1

    2af2be93b6ff9906e47c4fe074558a425010fb04

    SHA256

    92cf69c379a65a0e1a2695209dd4b81235f3286d6580be255666b6747f974442

    SHA512

    2eae952dd8d1445d1c00c4103c21957f38d675dbd89ce5175ce52f88278a335995d8a7cd527a08269df92af962a7643f233aa926bb86acf79361e29490a9f9f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    a9e6020130c34a5ed7beb0f2db7a2b23

    SHA1

    35493b5afcc8183f90ea6fece9c40c1a1a8b4684

    SHA256

    49bc23e56ae4f98b8b0fe473ed906989a995096970ac30603dfb762cca2bc0ca

    SHA512

    6153f2985ade53168ff591c3abaf2e15a30d077ec4d783b8b9452d91a93ed103e57527c3826914a6521266424c50c38f91aa511a8922978b8570007151c79ad2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    2eeccff04f02c1b8a9a0f6fc8f12d046

    SHA1

    0e365d9dbdc1cd108ec6347eb30f0ef2927216f8

    SHA256

    041765949f9f99aefd6033f591b2a23b9c007edb9e63265fb43cddb16d6977b5

    SHA512

    743fc97c9926f5dca923550c9c19c0d17a04de629545c09eeef7d1f2dc1206d4430fbbe46e664243b6cb10e8e8616b44afc9609eb20af02980a4eb6a6bc9f96c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMIDRLTB\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOYUJSME\Gb-logo-v3[1].png
    Filesize

    9KB

    MD5

    3fc1f63b2cc1eb28e09ef839b5b21dd4

    SHA1

    1b8878e8358d5b1589d9c883058c3aac50151f0d

    SHA256

    b84bf973335059e894cc03aa82fa9c2491f90457f90cf479d843376f6c5c2589

    SHA512

    59cc59701275356b5846de25a628ae46567caf57355582f12eb31ee8d2d9cd390bff5f6fb386843a6e27ad9774e29be4baf774221c5ee266ded60e2a2496d379

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab53EE.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\GameBrew.url
    Filesize

    140B

    MD5

    59686b5538e160840a410fda4f7f6355

    SHA1

    04ef7de802602ab761302ecf2a9a7292f6c146fd

    SHA256

    9221c8c4d6fc26a2261ef57b8238aab5f77819d9fa137f7d93917c8795f22f43

    SHA512

    e4fcf735fc0f56a0f93bd735e9e42568d7d113916385f10a4fd33d086b5089158ad6569ae2b8c471afcee42449ff3100022adcc87d3cc28776607c3e645b08ff

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar53DD.tmp
    Filesize

    161KB

    MD5

    73b4b714b42fc9a6aaefd0ae59adb009

    SHA1

    efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

    SHA256

    c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

    SHA512

    73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar556B.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\GD6CAO93.txt
    Filesize

    605B

    MD5

    0cd5385ae9ba25e0e2348b78f2599649

    SHA1

    f554f49a821f0deb052d4c8ba4857783199e73c5

    SHA256

    e26bcf214d229f78b359939873edae75fb1759924b674698c36473988c5902da

    SHA512

    cf9b000e20bc3a5d81055e9302a0328f8e24a17f3ea747ced9db7748331a14c01c9fc55311133bce3dcb82606373204ff45ec2cf885bd2beed927707647dcf99

    Download Submit

  • memory/1308-54-0x0000000000150000-0x0000000000160000-memory.dmp

    Filesize

    64KB

    Download