Overview

overview

7

Static

static

7

FunGame.apk

android-9-x86

1

Android

windows7-x64

1

Android

windows10-2004-x64

1

Android.manifest

windows7-x64

3

Android.manifest

windows10-2004-x64

3

GameSkins.xml

windows7-x64

1

GameSkins.xml

windows10-2004-x64

1

LobbyData.xml

windows7-x64

1

LobbyData.xml

windows10-2004-x64

1

PokerNewFeatures.xml

windows7-x64

1

PokerNewFeatures.xml

windows10-2004-x64

1

RuntimeIni...s.json

windows7-x64

3

RuntimeIni...s.json

windows10-2004-x64

3

ScriptingA...s.json

windows7-x64

3

ScriptingA...s.json

windows10-2004-x64

3

Settings.xml

windows7-x64

1

Settings.xml

windows10-2004-x64

1

TeenPattiG...ns.xml

windows7-x64

1

TeenPattiG...ns.xml

windows10-2004-x64

1

TeenPattiN...es.xml

windows7-x64

1

TeenPattiN...es.xml

windows10-2004-x64

1

TeenPattiUserData.xml

windows7-x64

1

TeenPattiUserData.xml

windows10-2004-x64

1

UserData.xml

windows7-x64

1

UserData.xml

windows10-2004-x64

1

appbackgroundstheme2d

windows7-x64

1

appbackgroundstheme2d

windows10-2004-x64

1

appbackgro...nifest

windows7-x64

3

appbackgro...nifest

windows10-2004-x64

3

boot.config

windows7-x64

3

boot.config

windows10-2004-x64

3

data.unity3d

windows7-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    189s
  • platform
    windows7_x64
  • resource
    win7-20231025-en
  • resource tags

    arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
  • submitted
    16-11-2023 09:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GameSkins.xml

  • Size

    1KB

  • MD5

    a3440abb0933057fc637611385ba1e7a

  • SHA1

    bd64888a47164e4f96b2d30c27df7dfd62a87517

  • SHA256

    5ef4e3ca77bc0640617d5ad3b404f5a98d45772936256e095dde92bdcc0e8bbb

  • SHA512

    ca76ddef11335110be56537c20a32c9f2bc57da6c7a5fe663cdcc248d9c3700e2dacc157a718bacb19f7cca0a9fa28964e5631a672f2be7ddf2f95adbe55f533

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\GameSkins.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2648
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2664
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1264
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1264 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2556

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2b900da00f46b4da5a644e3f237dddbb

    SHA1

    37aea126d1e5f3f5c90890446bfd942bbf923a3f

    SHA256

    d9c732a50f59a88799a1322a0c948ebb6b2d970afba534a2ad82db3efd5b5758

    SHA512

    558d21cd8a1cb0eb4df62001a08b6ca0ae4e4270c9ae362e255a3f4f5e56ee426cbe5749d81d79b968314af7432f3d2e02197170b154e4c02d78393bfb6962ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    05a3629565260b8f85b422d4828b2b65

    SHA1

    b594d0dcaeec9a95a6932df0d27b829280571a5a

    SHA256

    8427cfac449fa921c7a13ad7dbf4a8514b6fa1b318a15dce14ce0793dccea372

    SHA512

    bd164254d8807a7e567e71a10fe15d4a8ff8e41e4b54673419e4101248d18fcdc834ea2377256cdc4f9f39a367264cb4723b0fb7ee025757e74fb29cef886177

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c6e0e0ecf9dac443a11f58b44b268722

    SHA1

    324026f8bcf1ceadec31f61f9fd253ad145dd3e7

    SHA256

    62f4f9eb43d93e4ffdd7258b526ff518193d275f74dd3b70b20c38fae49861c5

    SHA512

    422dcbbcfc547a75ed86e4e1646d765180d310e0fb21f0544d99ea2711e859a60b5844bdb37c5f13cfe0fdddd72fd2000db867be6f79fd08fe8e8aebeee5fd38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    52bf18a8674940f7958a438cc347dc38

    SHA1

    78d42023d63442ed887c58a2736a76b90a7c3c4a

    SHA256

    428b829e3e8223768990b6c9372510a8e539504f88cb5379c70945db63bde05f

    SHA512

    4192fabbc4c9fd381ba695707eefcd2665956dba4ee322569c0d560a4553ccd0f494edfb54567f09b331c368bb6fb17c4da1901c02195ee2e69ad93b534c0cd4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8bdcefb6727238eb69dae887f7c16598

    SHA1

    08e76f1888c19f86bd580960ad4b1fa587ebd2c7

    SHA256

    e10eb76832bc51958f94db8a48213bd2a6c12942b3941b26ef855765231ecc17

    SHA512

    e51ad3e5b238931557cf18796193afa564fffa3628e9c0ee10980c4a4f9aed929efe944a69e9d8c510d7be2252735b0c570e275f2776e92bd8842593098d1a74

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3095ea39a090a45462f2389ae3dca452

    SHA1

    302d4c1909cf019a072f207ac41050e9eae12527

    SHA256

    25c04061e5ef54a7a7739a404576ebf7743ac766dce5aabf39f54cfe50240ff3

    SHA512

    85545c9b69d4bb06976dbb0c15db40e67d99aed3693b9dd1a409d7c7d2c107a17e6487b2d8a5d0df0f97dddd14b2d7544e780f047514e37114b6850c0c6be8c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2664979381e535e182986494456e9317

    SHA1

    d1bdd366d0fd31838b743cb8ded2e9df37275586

    SHA256

    3239d6cd209dfb61d9c658a0a652c644d86a1abc6d5aa220b518db95a68ecf81

    SHA512

    19215410fdf3596964c5ebb34396735388f4c0b25abe188944f758672ed2bc45ecb9ef8772161b737dc8d1a188d01275b9031b9fd70f92c1501d9ea30a39ce9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e806f6b14d46d7c722c41364aa90d08a

    SHA1

    b4d2951aa1bf50dc7ec9195bdef69839d9d4f2e1

    SHA256

    702ff18929ee474523f71282554c14f5b9802ee4ee435447e81bffc60f9114f3

    SHA512

    78fcb7d68e6747518f4ab038ca056e5630f516358dad0bd2b7232f27a5cf1b51a3ce0568af86d464a0ea1effefabb93b1a240e83074b4ff132739371f65a3e47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2b40a428b0851c9707ae4e52e5d962fe

    SHA1

    2052e08f235aa2aea6df87609dd89da2efbebe1e

    SHA256

    ba05f21082808a816fc0a4fdd484f31b525ef524144306229c1d1370c401bb42

    SHA512

    8cd91733db0a5d8d003d5cdf34fe6437bdd615b3b95498bdb805a45ad2819e84764a4d863655fa966baeb7935f55db5f9858f8f6c2349f2ca197c0b770c4ccd5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7E46.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7EE6.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit