Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

URLScan

urlscan

https://github.com/n...

windows10-2004-x64

8

Analysis

  • max time kernel
    72s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/04/2023, 13:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/n0eL1405/CSGO-Case-Calculator/releases/download/v1.2.3/CSGOCCsetup.exe

Score
8/10
discovery

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/n0eL1405/CSGO-Case-Calculator/releases/download/v1.2.3/CSGOCCsetup.exe
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4128
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4128 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2624
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\CSGOCCsetup.exe
      "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\CSGOCCsetup.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:4780
      • C:\Users\Admin\AppData\Local\Temp\is-T9EVN.tmp\CSGOCCsetup.tmp
        "C:\Users\Admin\AppData\Local\Temp\is-T9EVN.tmp\CSGOCCsetup.tmp" /SL5="$201E2,1133205,795136,C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\CSGOCCsetup.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:736
        • C:\Program Files (x86)\CSGO Case Calculator\CSGO Case Calculator.exe
          "C:\Program Files (x86)\CSGO Case Calculator\CSGO Case Calculator.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in Program Files directory
          • Suspicious use of AdjustPrivilegeToken
          PID:2660

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\CSGO Case Calculator\CSGO Case Calculator.exe
    Filesize

    192KB

    MD5

    cf9f7a1262b0265f3d0fe6ce4e98f52a

    SHA1

    c22131b5cf5ae92059bfdc0f82fde0dfd41a9767

    SHA256

    966d02eb32d638a0da96895bfa34824c26aac51e0e7a1042de9f6298de8dbf2c

    SHA512

    3be0f5b0fdbbf2598a1c78973c237e5a69b7ae13b7495731b845cc43502cdbb221194705a73a00b6c6dba397392e91ab512f2585b769748f06c6502d3490cbe5

    Download Submit

  • C:\Program Files (x86)\CSGO Case Calculator\CSGO Case Calculator.exe
    Filesize

    192KB

    MD5

    cf9f7a1262b0265f3d0fe6ce4e98f52a

    SHA1

    c22131b5cf5ae92059bfdc0f82fde0dfd41a9767

    SHA256

    966d02eb32d638a0da96895bfa34824c26aac51e0e7a1042de9f6298de8dbf2c

    SHA512

    3be0f5b0fdbbf2598a1c78973c237e5a69b7ae13b7495731b845cc43502cdbb221194705a73a00b6c6dba397392e91ab512f2585b769748f06c6502d3490cbe5

    Download Submit

  • C:\Program Files (x86)\CSGO Case Calculator\CSGO Case Calculator.exe
    Filesize

    192KB

    MD5

    cf9f7a1262b0265f3d0fe6ce4e98f52a

    SHA1

    c22131b5cf5ae92059bfdc0f82fde0dfd41a9767

    SHA256

    966d02eb32d638a0da96895bfa34824c26aac51e0e7a1042de9f6298de8dbf2c

    SHA512

    3be0f5b0fdbbf2598a1c78973c237e5a69b7ae13b7495731b845cc43502cdbb221194705a73a00b6c6dba397392e91ab512f2585b769748f06c6502d3490cbe5

    Download Submit

  • C:\Program Files (x86)\CSGO Case Calculator\Octokit.dll
    Filesize

    968KB

    MD5

    37e7f2f94f9d413774a0e79f4e195ec2

    SHA1

    9946aab9ef4677133fa86ed03ea967156f08270b

    SHA256

    3a0bd4033ba3ce06fd0b87712cbd68235c43f6bed96e3943ef4dfe2f252e4215

    SHA512

    6d412814811652048b0f55aeefed453d0c22d5fe737a6fd85d19bf4c431b475d9f5027639071457a7f72538e7ce54868d4675615b3f17e1be2c542aae580e008

    Download Submit

  • C:\Program Files (x86)\CSGO Case Calculator\Octokit.dll
    Filesize

    968KB

    MD5

    37e7f2f94f9d413774a0e79f4e195ec2

    SHA1

    9946aab9ef4677133fa86ed03ea967156f08270b

    SHA256

    3a0bd4033ba3ce06fd0b87712cbd68235c43f6bed96e3943ef4dfe2f252e4215

    SHA512

    6d412814811652048b0f55aeefed453d0c22d5fe737a6fd85d19bf4c431b475d9f5027639071457a7f72538e7ce54868d4675615b3f17e1be2c542aae580e008

    Download Submit

  • C:\Program Files (x86)\CSGO Case Calculator\Octokit.dll
    Filesize

    968KB

    MD5

    37e7f2f94f9d413774a0e79f4e195ec2

    SHA1

    9946aab9ef4677133fa86ed03ea967156f08270b

    SHA256

    3a0bd4033ba3ce06fd0b87712cbd68235c43f6bed96e3943ef4dfe2f252e4215

    SHA512

    6d412814811652048b0f55aeefed453d0c22d5fe737a6fd85d19bf4c431b475d9f5027639071457a7f72538e7ce54868d4675615b3f17e1be2c542aae580e008

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\CSGOCCsetup.exe
    Filesize

    1.8MB

    MD5

    2b28f7c462729635f6e5d44879ceb710

    SHA1

    db3451bb42bff82cbec88560b8a86e7b69876bcb

    SHA256

    ac1680007b8ab3b339f5f5a77a5f94b56e9b18b164291b76bc9fb776a5d30da6

    SHA512

    0cb730ff00e18ef4aa0c7d6fc5a2dad1d360ffc63738c38339a1d90ab279ed537657d27c23c785f58fe36e06aff6dd774803885b24e30813711bc24f96653456

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\CSGOCCsetup.exe.c5cei10.partial
    Filesize

    1.8MB

    MD5

    2b28f7c462729635f6e5d44879ceb710

    SHA1

    db3451bb42bff82cbec88560b8a86e7b69876bcb

    SHA256

    ac1680007b8ab3b339f5f5a77a5f94b56e9b18b164291b76bc9fb776a5d30da6

    SHA512

    0cb730ff00e18ef4aa0c7d6fc5a2dad1d360ffc63738c38339a1d90ab279ed537657d27c23c785f58fe36e06aff6dd774803885b24e30813711bc24f96653456

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\CSGOCCsetup[1].exe
    Filesize

    1.8MB

    MD5

    2b28f7c462729635f6e5d44879ceb710

    SHA1

    db3451bb42bff82cbec88560b8a86e7b69876bcb

    SHA256

    ac1680007b8ab3b339f5f5a77a5f94b56e9b18b164291b76bc9fb776a5d30da6

    SHA512

    0cb730ff00e18ef4aa0c7d6fc5a2dad1d360ffc63738c38339a1d90ab279ed537657d27c23c785f58fe36e06aff6dd774803885b24e30813711bc24f96653456

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-T9EVN.tmp\CSGOCCsetup.tmp
    Filesize

    2.5MB

    MD5

    1f3258309f7478391f814d24d80ff2a2

    SHA1

    ad428f7a889c0aee2191303b6aef2f177ebb1966

    SHA256

    614c15837e61e3ab30ef64e06708322049115c2831c014c0fdf705c1b209c279

    SHA512

    dd5816ba7ccc30ccb893593e7b23348b4800c75f69e046013a6b172dab62fbfee522a4629f805f8a5c2915a8c3fd0a9e3c5636c079f0f2dfb55092bd3e762ea2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-T9EVN.tmp\CSGOCCsetup.tmp
    Filesize

    2.5MB

    MD5

    1f3258309f7478391f814d24d80ff2a2

    SHA1

    ad428f7a889c0aee2191303b6aef2f177ebb1966

    SHA256

    614c15837e61e3ab30ef64e06708322049115c2831c014c0fdf705c1b209c279

    SHA512

    dd5816ba7ccc30ccb893593e7b23348b4800c75f69e046013a6b172dab62fbfee522a4629f805f8a5c2915a8c3fd0a9e3c5636c079f0f2dfb55092bd3e762ea2

    Download Submit

  • memory/736-174-0x0000000000880000-0x0000000000881000-memory.dmp

    Filesize

    4KB

    Download

  • memory/736-160-0x0000000000400000-0x0000000000686000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/736-157-0x0000000000880000-0x0000000000881000-memory.dmp

    Filesize

    4KB

    Download

  • memory/736-183-0x0000000000400000-0x0000000000686000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2660-187-0x0000000004BE0000-0x0000000004BF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2660-203-0x0000000004BE0000-0x0000000004BF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2660-185-0x0000000004AB0000-0x0000000004ABA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2660-186-0x0000000004BE0000-0x0000000004BF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2660-181-0x00000000049B0000-0x0000000004A42000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2660-180-0x0000000004F60000-0x0000000005504000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2660-179-0x0000000000060000-0x0000000000096000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2660-213-0x0000000008920000-0x0000000008A20000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2660-191-0x00000000079F0000-0x0000000007AE8000-memory.dmp

    Filesize

    992KB

    Download

  • memory/2660-192-0x0000000004BE0000-0x0000000004BF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2660-193-0x0000000004BE0000-0x0000000004BF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2660-212-0x0000000004BE0000-0x0000000004BF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2660-202-0x0000000004BE0000-0x0000000004BF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2660-204-0x0000000004BE0000-0x0000000004BF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2660-205-0x0000000008920000-0x0000000008A20000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2660-206-0x0000000004BE0000-0x0000000004BF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2660-207-0x0000000004BE0000-0x0000000004BF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2660-208-0x0000000004BE0000-0x0000000004BF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2660-209-0x0000000004BE0000-0x0000000004BF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2660-210-0x0000000004BE0000-0x0000000004BF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2660-211-0x0000000004BE0000-0x0000000004BF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4780-184-0x0000000000400000-0x00000000004CF000-memory.dmp

    Filesize

    828KB

    Download

  • memory/4780-159-0x0000000000400000-0x00000000004CF000-memory.dmp

    Filesize

    828KB

    Download

  • memory/4780-152-0x0000000000400000-0x00000000004CF000-memory.dmp

    Filesize

    828KB

    Download