Overview
overview
7Static
static
3gd/Resourc...hd.xml
windows7-x64
1gd/Resourc...hd.xml
windows7-x64
1gd/Resourc...et.xml
windows7-x64
1gd/Resourc...hd.xml
windows7-x64
1gd/Resourc...hd.xml
windows7-x64
1gd/Resourc...et.xml
windows7-x64
1gd/Resourc...hd.xml
windows7-x64
1gd/Resourc...hd.xml
windows7-x64
1gd/Resourc...hd.xml
windows7-x64
1gd/Resourc...et.xml
windows7-x64
1gd/Resourc...01.xml
windows7-x64
1gd/Resourc...02.xml
windows7-x64
1gd/Resourc...03.xml
windows7-x64
1gd/Resourc...hd.xml
windows7-x64
1gd/Resourc...hd.xml
windows7-x64
1gd/Resourc...et.xml
windows7-x64
1gd/Resourc...64.exe
windows7-x64
7gd/Resourc...86.exe
windows7-x64
7gd/Resourc...64.exe
windows7-x64
7gd/Resourc...86.exe
windows7-x64
7gd/Resourc...ct.xml
windows7-x64
1gd/Resourc...ct.xml
windows7-x64
1gd/Resourc...ct.xml
windows7-x64
1gd/Resourc...ct.xml
windows7-x64
1gd/Resourc...ct.xml
windows7-x64
1gd/Resourc...ct.xml
windows7-x64
1gd/Resourc...en.xml
windows7-x64
1gd/Resourc...ed.xml
windows7-x64
1gd/Resourc...ct.xml
windows7-x64
1gd/Resourc...ct.xml
windows7-x64
1gd/Resourc...ct.xml
windows7-x64
1gd/Resourc...ct.xml
windows7-x64
1Analysis
-
max time kernel
168s -
max time network
234s -
platform
windows7_x64 -
resource
win7-20230220-es -
resource tags
arch:x64arch:x86image:win7-20230220-eslocale:es-esos:windows7-x64systemwindows -
submitted
13-05-2023 15:19
Static task
static1
Behavioral task
behavioral1
Sample
gd/Resources/CCControlColourPickerSpriteSheet-hd.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral2
Sample
gd/Resources/CCControlColourPickerSpriteSheet-uhd.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral3
Sample
gd/Resources/CCControlColourPickerSpriteSheet.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral4
Sample
gd/Resources/DungeonSheet-hd.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral5
Sample
gd/Resources/DungeonSheet-uhd.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral6
Sample
gd/Resources/DungeonSheet.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral7
Sample
gd/Resources/FireSheet_01-hd.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral8
Sample
gd/Resources/SecretSheet-hd.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral9
Sample
gd/Resources/SecretSheet-uhd.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral10
Sample
gd/Resources/SecretSheet.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral11
Sample
gd/Resources/Skull_w_01.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral12
Sample
gd/Resources/Skull_w_02.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral13
Sample
gd/Resources/Skull_w_03.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral14
Sample
gd/Resources/WorldSheet-hd.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral15
Sample
gd/Resources/WorldSheet-uhd.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral16
Sample
gd/Resources/WorldSheet.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral17
Sample
gd/Resources/_CommonRedist/vcredist/2010/vcredist_x64.exe
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral18
Sample
gd/Resources/_CommonRedist/vcredist/2010/vcredist_x86.exe
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral19
Sample
gd/Resources/_CommonRedist/vcredist/2013/vcredist_x64.exe
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral20
Sample
gd/Resources/_CommonRedist/vcredist/2013/vcredist_x86.exe
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral21
Sample
gd/Resources/boost_01_effect.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral22
Sample
gd/Resources/boost_02_effect.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral23
Sample
gd/Resources/boost_03_effect.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral24
Sample
gd/Resources/boost_04_effect.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral25
Sample
gd/Resources/bubbleEffect.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral26
Sample
gd/Resources/bumpEffect.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral27
Sample
gd/Resources/chestOpen.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral28
Sample
gd/Resources/chestOpened.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral29
Sample
gd/Resources/coinEffect.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral30
Sample
gd/Resources/coinPickupEffect.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral31
Sample
gd/Resources/dashEffect.xml
Resource
win7-20230220-es
windows7-x64
Behavioral task
behavioral32
Sample
gd/Resources/dragEffect.xml
Resource
win7-20230220-es
windows7-x64
General
-
Target
gd/Resources/FireSheet_01-hd.xml
-
Size
202KB
-
MD5
390a1e32ffff76050744b88fa57c8247
-
SHA1
1649cdbca8b6f36c872889b791fd6b478038cf0d
-
SHA256
aa7e5d61c298018d54bf70a828e3c92245c3394fcea90f247907031435ad0301
-
SHA512
ad1f10790814f8304081aec308274c8e5704e6b59af8679ebb837c0c33ca6feb78db23014890837843b59129f71b2043148f01a5440f5eb12c99f9060553750e
-
SSDEEP
768:IE1LvaxO9XpbkROnFWJmdJOAtqQFZXVLDFsi:91LvaPAtqQFZXVXFR
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dbb59ddc676e394a83d3f942d26f43ca00000000020000000000106600000001000020000000f1ae9723a7a8195957a424f4cc9019c29e9a6b153a10ebb989c5c221d4bbca13000000000e8000000002000020000000552bbdada4bbbb7057916d31a5676db055e61be08514ccf5535a62db72ae5e14200000007fdb0a1c7c33060f68e73a6770ef1bbc4397bbba245734dad9237ec87f25195540000000057a217713236d83784d1b8f63a34af4efdf934565f500edeeaac8e95cf0cdc96683b32fbe25a1f4f267c3da1b2f8a6975a7c0ab8f54f800b578c84e541547a7 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\InternetRegistry IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LowRegistry IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\PageSetup IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\IETld\LowMic IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dbb59ddc676e394a83d3f942d26f43ca00000000020000000000106600000001000020000000b202f4147ca18e9cd18078325355a383102ac006fc31f0448dcee0c7265cdd66000000000e80000000020000200000004d12ed15be376a5ad247ce1a8bba685c51047e9ca9e833583fc9a5591f71cea390000000a34d0e4fcd6d63f38ae92027c5de51394d083a92c16523b196a5cdb5eecca3d5fe5abd2cac6d6e5b4ce763903af23f358db90e5849fe8eb4b8166f3635a36c69ccf8767d76976b43a14ec9f1a0bff1c3b810693628588aeec016b66d1cb9b90f254d53fb4c5dce7f0bc1637f47b4deddcc6bc22492300e222a0d1fc3fe7390d60e1ed593a8275657bd3f21dde15c3dd240000000e29bfa44baf5efb42c08c2dba15d8dad1b86693ce26106fd393edc9e7decbf2aa9054be47f4b48cfeee550ad8248077048377e29e4423cc9b23342da7fc2a9e8 IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DomainSuggestion IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\IntelliForms IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E7623881-F1B2-11ED-9EE6-7A574369CBCF} = "0" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "390763619" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7012debfbf85d901 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\SearchScopes IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\es-ES = "es-ES.1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Zoom IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 684 IEXPLORE.EXE -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 684 IEXPLORE.EXE 684 IEXPLORE.EXE 916 IEXPLORE.EXE 916 IEXPLORE.EXE 916 IEXPLORE.EXE 916 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 2004 wrote to memory of 776 2004 MSOXMLED.EXE 29 PID 2004 wrote to memory of 776 2004 MSOXMLED.EXE 29 PID 2004 wrote to memory of 776 2004 MSOXMLED.EXE 29 PID 2004 wrote to memory of 776 2004 MSOXMLED.EXE 29 PID 776 wrote to memory of 684 776 iexplore.exe 30 PID 776 wrote to memory of 684 776 iexplore.exe 30 PID 776 wrote to memory of 684 776 iexplore.exe 30 PID 776 wrote to memory of 684 776 iexplore.exe 30 PID 684 wrote to memory of 916 684 IEXPLORE.EXE 31 PID 684 wrote to memory of 916 684 IEXPLORE.EXE 31 PID 684 wrote to memory of 916 684 IEXPLORE.EXE 31 PID 684 wrote to memory of 916 684 IEXPLORE.EXE 31
Processes
-
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\gd\Resources\FireSheet_01-hd.xml"1⤵
- Suspicious use of WriteProcessMemory
PID:2004 -
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome2⤵
- Suspicious use of WriteProcessMemory
PID:776 -
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:684 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:684 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:916
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4D33E1QE\suggestions[1].es-ES
Filesize18KB
MD5e2749896090665aeb9b29bce1a591a75
SHA159e05283e04c6c0252d2b75d5141ba62d73e9df9
SHA256d428ea8ca335c7cccf1e1564554d81b52fb5a1f20617aa99136cacf73354e0b7
SHA512c750e9ccb30c45e2c4844df384ee9b02b81aa4c8e576197c0811910a63376a7d60e68f964dad858ff0e46a8fd0952ddaf19c8f79f3fd05cefd7dbf2c043d52c5
-
Filesize
61KB
MD5fc4666cbca561e864e7fdf883a9e6661
SHA12f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA25610f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d
-
Filesize
62KB
MD53ac860860707baaf32469fa7cc7c0192
SHA1c33c2acdaba0e6fa41fd2f00f186804722477639
SHA256d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904
SHA512d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c
-
Filesize
161KB
MD573b4b714b42fc9a6aaefd0ae59adb009
SHA1efdaffd5b0ad21913d22001d91bf6c19ecb4ac41
SHA256c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd
SHA51273af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd
-
Filesize
606B
MD5192294789c02d302c21b72f9484ed1cf
SHA1f51444b2705dbb41e33644314ce4ca1ec7dea068
SHA256cb12c584fb66b62f517cf682a065c0799846e9e38c9b64f187d7db6948ef9573
SHA512c4c0b6f52e5a9de672097f0a27d9eede801187e461f202fd853ed3fe638235f98b1f95ca3108cf0075611fdb884c43e1cc979b8a2db5146ecf2a0b91b20b77bb