Analysis
-
max time kernel
128s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
-
submitted
31-03-2023 19:41
General
-
Target
https://fitgirl-repacks.site/
Malware Config
Signatures
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 11 IoCs
-
Suspicious use of SendNotifyMessage 8 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://fitgirl-repacks.site/1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4324 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\FormatRead.3g2"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8408FE5CA4467EE4DA84A76EF238FE3Filesize
1KB
MD5e829e65d7c4307d6fbc13c179e037a36
SHA1a053375bfe84e8b748782c7cee15827a6af5a405
SHA25667add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd
SHA51296c5793b2b57d8df5891c94015720960e0da4c2cf8ce1fc5707a0b46e5db8ce3761fb5fdb430f619d1579f13e80fbdd973ef6a024129ed039aa193273158fcad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8408FE5CA4467EE4DA84A76EF238FE3Filesize
192B
MD5249bdcd45f3ae2ef1b01bf09648f8b96
SHA142c0968eafc0e450178b2ff98c3c4ae6e4d0228b
SHA2562a5bec148de55d7771612daa2a769043e39da97f83841dff554d474a52f07801
SHA512f01705b4bd8b1ac3ecaf10660f3b4ad1dfff971346aa892a0e9a1bdba14238acee3824628c5750049a75407739fc63688c26142d8845068b712e4d1ed730aa6f
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\RAQ9PFLN\www.youtube[1].xmlFilesize
13B
MD5c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA135e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA5126be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\RAQ9PFLN\www.youtube[1].xmlFilesize
17B
MD53ff4d575d1d04c3b54f67a6310f2fc95
SHA11308937c1a46e6c331d5456bcd4b2182dc444040
SHA256021a5868b6c9e8beba07848ba30586c693f87ac02ee2ccaa0f26b7163c0c6b44
SHA5122b26501c4bf86ed66e941735c49ac445d683ad49ed94c5d87cc96228081ae2c8f4a8f44a2a5276b9f4b0962decfce6b9eeee38e42262ce8d865d5df0df7ec3d6
-
memory/1540-486-0x00007FF7714C0000-0x00007FF7715B8000-memory.dmpFilesize
992KB
-
memory/1540-487-0x00007FFC9C130000-0x00007FFC9C164000-memory.dmpFilesize
208KB
-
memory/1540-488-0x00007FFC9B470000-0x00007FFC9B724000-memory.dmpFilesize
2.7MB
-
memory/1540-489-0x00007FFC98C50000-0x00007FFC99CFB000-memory.dmpFilesize
16.7MB
-
memory/1540-490-0x00007FFC98320000-0x00007FFC98432000-memory.dmpFilesize
1.1MB