590ab5ef205be50999ce8612d2785c42877a8254732e89d29ed3beb5bb1ca01e

Analysis

max time kernel
0s
max time network
62s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TankiCheats.exe
Size

8.4MB
MD5

30cdf959e43816cf5039e01aae3b8b0b
SHA1

e305fd0518bbb7446358ec4a9ded68d8cfeb0854
SHA256

55ac32eb04bdbe6e6334640efbb375eedccf5d6a8bcb1f4cff7fc02d9f16380e
SHA512

115c93aadff46d2cd2cd9e648702e7e2ff1059bb0ff10c6f56fbf3595cdc0e1b8f347af0939cf7e2ca54836e926162b356686f8d4cf351856c6a9814de235cdb
SSDEEP

196608:AIz+14Gq1DSJkkqe+QQZf/AQ+qO1eMcXakymxDx3F6ZbM:AIze4Gq1m6X9X+L4McqkyOgbM

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
4772	TankiCheats.exe
4772	TankiCheats.exe
4772	TankiCheats.exe
4772	TankiCheats.exe
4772	TankiCheats.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4772	TankiCheats.exe
4772	TankiCheats.exe
4772	TankiCheats.exe

C:\Users\Admin\AppData\Local\Temp\TankiCheats.exe
"C:\Users\Admin\AppData\Local\Temp\TankiCheats.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:4772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\A5080848\p1064215.dll

Filesize
28KB

MD5
bdb6e9f514e6299a3806a7dc1c70daaa

SHA1
6fe4502469d865225146df68cd231c8b82a1f412

SHA256
f7105d01c27f2d2a39db3e2263408a9490916e775caaebecb81d058175ca3e9f

SHA512
8da71fd295655faa61e0483606becb00e7f4d8358885718a9d76a35b13bfa64511e96f949bb20d77a2569f10adde818a20c61e19a00f22cb4e9d34e4042f6811

Download Submit
C:\Users\Admin\AppData\Local\Temp\A5080848\p1064215.dll

Filesize
51KB

MD5
9316d1f4524cef41373c6cff83e9c210

SHA1
c9fb4b72616d18f1828d28be9a56036ef7869499

SHA256
8e5aeae8a8c1c05b4522b24a59433863b3387a9eb91d5a4cc446dbbf4933869f

SHA512
20efad515bb42c5d71f563ab790884cf5d36b3d91afa1dd319ada4f42d9787019c74ce4138d4e68c69459797fac05bf38909f4cfe15eac318b0dd5e3f2644c7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst50D0.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst50D0.tmp\nsDialogs.dll

Filesize
21KB

MD5
c8fd8c5e8a4102187251aa2ecb9c55df

SHA1
ed03283bb6b2153a191a1ed4b3c73a48a14781e0

SHA256
bd64565a5e7cfdc5c610169a5cc93f5e4440f63f80a99bae056f9fa142aec22b

SHA512
f9597695846b2f82d8eb63c5aaecad40a81ff94b39cfdc4ebdaf1f585cb0731454ffe3c639303989b0cb6beb799bf0b2548d53402d5945af10757939bd6c209f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst50D0.tmp\nsDialogs.dll

Filesize
8KB

MD5
cc13d0d2aec6001428239f354944b991

SHA1
867713f4b6709c117356834e83b7eba5eff3b50b

SHA256
2c894789864a543ad211b375e4bf0b0a549903aad38e8c813296ccc6d059aeb7

SHA512
40a0347f49facb57848105e475118435a1d1bcc7e6536250668addefdd49a2e1d0d3bc9b5849302a8200ab9686e7a7e3a0ae4650587f64944ca30b89963b38e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst50D0.tmp\nsDialogs.dll

Filesize
2KB

MD5
a2f49990408fc0a3985f1c5d78de4a5b

SHA1
b7b39f2bf45d0867fa6eb015c1fc27894d5f93a7

SHA256
7733d93a54cbb41c2473646507d55ca65d1376c9fd0573d651d7afc4a0596595

SHA512
bdfa3b15e9eb45718ae7429ee944303178a88d4da2b0fde030260dc8ce1ac1de015ed8a124289eaa3224dcf56193cda65553208935e9e7ace59aaba1a42fd029

Download Submit
memory/4772-20-0x0000000002890000-0x0000000002904000-memory.dmp

Filesize
464KB

Download
memory/4772-28-0x0000000002B00000-0x0000000002BD1000-memory.dmp

Filesize
836KB

Download
memory/4772-70-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/4772-74-0x0000000002890000-0x0000000002904000-memory.dmp

Filesize
464KB

Download
memory/4772-75-0x0000000002B00000-0x0000000002BD1000-memory.dmp

Filesize
836KB

Download