Overview

overview

6

Static

static

3

Auto Updat...F..exe

windows7-x64

6

Auto Updat...F..exe

windows10-2004-x64

6

Huong dan ...96.url

windows7-x64

1

Huong dan ...96.url

windows10-2004-x64

1

KEYCF-FIX ...ia.exe

windows7-x64

1

KEYCF-FIX ...ia.exe

windows10-2004-x64

1

TrumGame.Net.url

windows7-x64

6

TrumGame.Net.url

windows10-2004-x64

3

keycf 7.6.exe

windows7-x64

5

keycf 7.6.exe

windows10-2004-x64

5

keycf.dll

windows7-x64

5

keycf.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    141s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2023 13:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TrumGame.Net.url

  • Size

    119B

  • MD5

    f76d5962d102e26a2f6449467b9169d2

  • SHA1

    4b17bcfa6a4abcd43faf184df20b7ea0f02ae053

  • SHA256

    cf880694d402b3e545f61a09ff0541fcd649b07d46cc9ca07622a7416473135f

  • SHA512

    360058355a0f3d77e64bd497d48daf44fa9664fa66a0e7b52827ab0b89f086a49efde4b1f487e2d52314ec9e8e18310954c5b110e3e71f50d74084039a08c081

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\TrumGame.Net.url
    1⤵
    • Checks whether UAC is enabled
    PID:1220
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1160
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1160 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c31b409e2f27d1a4a6ed46e63e118e1b

    SHA1

    314a7f6ef61f3765a9e85b5fd80252c7cce30b4a

    SHA256

    4abec5d1738f17e56a373e81741682ae6a4dc32556420a0b3fdc23252ec4b944

    SHA512

    95f67048498d03ef98208694cc4f2353b9ec347df43436a8310e4292d1c0d665e5319bb96c99bbac553b6230c5df5d12f427e0a26ede5eb0745098eb7a0bedc8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    09aab15ccd24c1b6e53e9f0b2be71d96

    SHA1

    f1b154788f248cd712af83926815c7de2190a3fc

    SHA256

    b8d0b6865ce24d6edf066864c04d3636a28dceb09443119abf6e505e84f91763

    SHA512

    c4fa0f65e73d09da1985ec22c71fd86425c632e47ea36d13cd915046e789762f850fb2936884d9b0abcdcdc9d57c92179daf3644f50c842b2b591f3a3debd7d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3d4833888f6ac7be0fd9754d54c8b568

    SHA1

    63cbdc6b41c9c256ae8edb087d98c1abd43709ef

    SHA256

    df67e63c0c1c57939ede7e18cddafc47eaca0c085b1cda7f2d8b22bc9752e697

    SHA512

    2eed09678a163040c39c272c102c57bb4d4e581e05761744b980d1af153eaff9bafe11d096ff43df9140372c17f506c710b2ba54fdb81e3e99269a3180ce9ff4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a8b8f16a703747caca39990bd3697ae3

    SHA1

    2a803386c2c1c45f8eb6a4a9be7d8d4a3ac92dc3

    SHA256

    6ad28749df33af767adf11f63d9123c468a9845d4d97d1c2fcf8420e16720c13

    SHA512

    de1d46792db22d0c7a4b263d15c70d0dab4f4748c643b1c5ac88140940fa8386c65257278a3df7ff62d7a62b1e3d0821024e35586cf0dfb82dad375d9cd81e69

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4f8b446907c066f70104b82696e26bfa

    SHA1

    adb23920aa2f751643c808b2aef1675c7cdc6815

    SHA256

    d98de978245edd031404bc01c2e718f03c7cfe0917e88cad2947249974541675

    SHA512

    87ba3aaf643e5ec8fdadcdb4480e88c1946c964187eb9e4fd1ed708734cf975bb3d2c929f7e84f3d95c5a81143c463dc25124f7a8f4cb0f29c64acb8be18d9e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a3cd243a93ebac095e4385cf0ab27336

    SHA1

    a6ab02b2e747096193466cd7365ecf6c94ba8af9

    SHA256

    d61d1f3527d58434eeabb7e40be1972a2327eecd73869497f7e9e2c16074bd05

    SHA512

    315214df3546b12fd81e64784ec024da19dfcef815e74d240ef0035c71bae7357558b94598df6c974e1f4bcc00d248c696f84f5567c255f028618c52baa66cfc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1264f0c950cc456af4ff3fead0244573

    SHA1

    fef755eacd1f5433c86ff9a632a31b8834c85a51

    SHA256

    3370c030875912f21cd9a1657de1cf0d355ace8950ab9bb273d1a726b4dc6e3c

    SHA512

    0112462c11a039320abe38bf63e9cf3ef435d2c974bbfd091b61c23e46b021d5a1189b6984f703bea32abd4e424d20e0dd4eb96007feee367f38a65a166ee2a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a7f998e2e17281c883c537a3a0c378a2

    SHA1

    9c0b18f78834f6ce682b6050702515518b6dede8

    SHA256

    a91a404c1b0c64c0e9c0ae2566673c82fc51eba8a8555d00fb0ce686d9432884

    SHA512

    15f9a58fce87de7dc3a054dff7d3faca78e88c78147a41a7d31fa4417ebe5924a30c373a47605fb1b96a71c9af748a0d1f6a5ac7cbb6ee00a0ea029f7b98eb34

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9c68f9e0d01dd965b275ee09b356c083

    SHA1

    fb7543fbe5e17aaee510455c80aedadec560d282

    SHA256

    2695e8fb470187a4ad96ec14c98c31e37622fbbca05a203bd5d0bd1b1bc91ad1

    SHA512

    585b69ccbc15e3fc4b2126028c252d398d36d873187f2a15b2450a32b7dfee542ccd06707c530b4fd43a5885ed3ccc55d5367853a3490ead36bc4dc083a9f428

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    159fd19121806f143264e12e36282c56

    SHA1

    a639dcfd2d6659738a880ddeb561908af352c554

    SHA256

    921472cd9bdba19d3645dcbbd9c42d5637d6e7d0b2f1f619de159ef335967080

    SHA512

    478a5087533f78bb9a12ef240dfa82e029a5472840c82d72f01fb99cd24ea8ae949df8ba4ddf6d57c3202c47cfbc9aabbda863a5637da394ed92cba5fb5a6b87

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    897df359e6bb856b93511bb37231b9ce

    SHA1

    11ce19fabd1b26b2d68eb8c2fe268160ec1fd5d9

    SHA256

    5db201fb6785a560e99834b5f5fc107dabd7de0c96378c1cebedb2f757ce68b2

    SHA512

    14b7973efec93839093a9c8200cc1e0dce8447d5e994a360344fc45dc8d2bacc0ffbb2c56d51decf048c4ef7258ab3039569aee964603fb4b18bac861ae4c0ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    097973e4fc2846cde1f9401d75c44395

    SHA1

    1daf646a618db820d39326186494cae437bd794f

    SHA256

    455166a4327cd729ce0ba883c4b32b3f2422932370b56552f2bc18e56790ce03

    SHA512

    edf4ce58cc416d15411aaba843777ab4d63491ee5923e32ac97356b9f2593c23e0ee3ff06ab6ff321a7c6fc59fc81ebd8f655af585f91767206779d980517a99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3210c046afc1b1609af49669823e6543

    SHA1

    be830e3bfa2a699249ba548d85b0b45de0301164

    SHA256

    446dfb098e9ebb342dca42fc34eee92e3c7d71e4b3d9644ebfba4f0b39f4bd16

    SHA512

    6e426c3a0b3c856d1178e2b7a0cec7dfd9e23a65cddffb07cccee39cc979a801451fe86997e3a000e7f9d7402b6595d792d32d182e99f2a6833e5fc3cc61c41a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabCFED.tmp
    Filesize

    1KB

    MD5

    1f1a3b101012e27df35286ed1cf74aa6

    SHA1

    46f36d1c9715589e45558bd53b721e8f7f52a888

    SHA256

    7f0b1fe38c7502bea9c056e7a462ab9f507dd9124f84b1d4666fb7d37cf1b83c

    SHA512

    d6f6787de85049d884bf8906292b0df134287cc548f9f3fadd60d44545652d55c296ed50e72687f776f0bf6b131102b4bf9b33143998cb897f21427fbc8306a3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD13A.tmp
    Filesize

    14KB

    MD5

    56e2745fa217163a7104a181fa487fb0

    SHA1

    8234f756f0325a920ab716ca5d54f911cca3db2e

    SHA256

    52d57972727b849510655e2515e535ea4c7782969ea7e6b9ae01fa535a8d52c0

    SHA512

    fea150da6ed31150760fa6c7d4a4a966801ea0de8073096e92e968ffe54a24723cdc5bd04560dafea2c38879861cbfd2d08302510fdb6ef769efc1b71ec56b84

    Download Submit

  • memory/1220-0-0x0000000001BD0000-0x0000000001BE0000-memory.dmp

    Filesize

    64KB

    Download