Overview

overview

6

Static

static

3

0_Day_Trai...de.url

windows7-x64

6

0_Day_Trai...de.url

windows10-2004-x64

3

Dead Risin...er.exe

windows7-x64

3

Dead Risin...er.exe

windows10-2004-x64

3

Download m...es.url

windows7-x64

1

Download m...es.url

windows10-2004-x64

1

Analysis

  • max time kernel
    0s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    04/01/2024, 19:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0_Day_Trainer_Savegames_Patches.de.url

  • Size

    184B

  • MD5

    3ac5958df4f92691f0abf2d665916c28

  • SHA1

    6b2a41d18dc26096d0ff6f87b3c73f86b3e3dd07

  • SHA256

    0f0d83c5fbcf1b4e5e0bc51c7e22da25cea1ce686d82697794190099e419e44c

  • SHA512

    1d6fe688c4c103e6e1be4e98ddd21b1bc448e1fedcc4b57c996a62739e02451e4bb8a250766f98a5d161aee9fa8218b1cbd960352ed76d7c269ca9cf9ce87924

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Modifies Internet Explorer settings 1 TTPs 18 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\0_Day_Trainer_Savegames_Patches.de.url
    1⤵
    • Checks whether UAC is enabled
    PID:1476
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2880
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:275457 /prefetch:2
      2⤵
        PID:2816

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
            Filesize

            914B

            MD5

            e4a68ac854ac5242460afd72481b2a44

            SHA1

            df3c24f9bfd666761b268073fe06d1cc8d4f82a4

            SHA256

            cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

            SHA512

            5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
            Filesize

            1KB

            MD5

            1f1a3b101012e27df35286ed1cf74aa6

            SHA1

            46f36d1c9715589e45558bd53b721e8f7f52a888

            SHA256

            7f0b1fe38c7502bea9c056e7a462ab9f507dd9124f84b1d4666fb7d37cf1b83c

            SHA512

            d6f6787de85049d884bf8906292b0df134287cc548f9f3fadd60d44545652d55c296ed50e72687f776f0bf6b131102b4bf9b33143998cb897f21427fbc8306a3

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
            Filesize

            1KB

            MD5

            a266bb7dcc38a562631361bbf61dd11b

            SHA1

            3b1efd3a66ea28b16697394703a72ca340a05bd5

            SHA256

            df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

            SHA512

            0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
            Filesize

            252B

            MD5

            f1dc8cabc887156cb5e8af0c1f6db7e7

            SHA1

            07a07a189540406f9d35385e11116bb18bd99098

            SHA256

            cc37bd6d645257b68c6e64aa9aa22d9f3e7fee99746926c8e165add13d1f11b8

            SHA512

            13b6cb67a89f086a972f3a3ab9440ba7c823b500e5f5b04dfe40fd206817afe18889062a1201e2e1501d5eb0075362b8eeef32d5d4fcf54e634badff6232ca53

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            67ee1f0a9d615d60fbad9c6622f099e0

            SHA1

            130595e44daff8a07f365e1fcfce46bfc66e9541

            SHA256

            c47fdc84289a077f9cc7f3cd42df162f77ddff134269f405835de6b5a7824d2c

            SHA512

            4daba6be79c64197987166d537f353466792b9ccb63cd5df552b90abda86d791faaf29379e6ab8ed0b4897e82fa75fa0d66fa965913ab6979c16c2a573d60551

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
            Filesize

            242B

            MD5

            0364824c56e29ba2cacc1d0463d1b1be

            SHA1

            ade500886743e11d609e51c6c0ea9080d0495e3a

            SHA256

            80cb7a193e3c6774a6d84e156442b4917ff95c0832f28f19ca36ca320c88984f

            SHA512

            466bdd583b39bc74fbc3e8221d2d1c22fd0e39fded528abb6c2bb0e62561b50c73f2e23539cb0633ec779f923a20969e91dc42dca397365d06f8f6e08f27160f

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
            Filesize

            4KB

            MD5

            da597791be3b6e732f0bc8b20e38ee62

            SHA1

            1125c45d285c360542027d7554a5c442288974de

            SHA256

            5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

            SHA512

            d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar125E.tmp
            Filesize

            101KB

            MD5

            6e52fc40b123abef2f556c87b8044178

            SHA1

            ad1279314264a7db1cb57a33b9ed81dc0dfe21f4

            SHA256

            8e4fa9e2e1e7f54c16ebcf8910fc5260ef71c6cd5abbf58d27e9a8bd37474a70

            SHA512

            c2c735240e89404614d2abaf6b3664d59d334d307dce29f7df9c9cb1069713fe62b0e73532c098572516e742ffdc7890668f319dd86cb5b807c6a891f64793f2

            Download Submit

          • memory/1476-0-0x0000000002260000-0x0000000002270000-memory.dmp

            Filesize

            64KB

            Download