Overview
overview
10Static
static
3Finals-Hack-main.exe
windows7-x64
8Finals-Hack-main.exe
windows10-2004-x64
10opengl32.dll
windows7-x64
1opengl32.dll
windows10-2004-x64
1profile/bo...s.html
windows7-x64
1profile/bo...s.html
windows10-2004-x64
1profile/ca...5.html
windows7-x64
1profile/ca...5.html
windows10-2004-x64
1profile/ca...3.html
windows7-x64
1profile/ca...3.html
windows10-2004-x64
10074E7EADB...8F2.js
windows7-x64
10074E7EADB...8F2.js
windows10-2004-x64
100BE7F9DA5...CA7.js
windows7-x64
100BE7F9DA5...CA7.js
windows10-2004-x64
100EE605E0E...8A7.js
windows7-x64
100EE605E0E...8A7.js
windows10-2004-x64
1profile/ca...9AD.js
windows7-x64
1profile/ca...9AD.js
windows10-2004-x64
101F3FC5B94...196.js
windows7-x64
101F3FC5B94...196.js
windows10-2004-x64
1031D7C56C6...D26.js
windows7-x64
1031D7C56C6...D26.js
windows10-2004-x64
1profile/ca...C42.js
windows7-x64
1profile/ca...C42.js
windows10-2004-x64
10453FDBE33...772.js
windows7-x64
10453FDBE33...772.js
windows10-2004-x64
1profile/ca...993.js
windows7-x64
1profile/ca...993.js
windows10-2004-x64
1profile/ca...79A.gz
windows7-x64
3profile/ca...79A.gz
windows10-2004-x64
7profile/ca...415.js
windows7-x64
1profile/ca...415.js
windows10-2004-x64
1Analysis
-
max time kernel
0s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
10/01/2024, 12:29
Static task
static1
Behavioral task
behavioral1
Sample
Finals-Hack-main.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Finals-Hack-main.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
opengl32.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
opengl32.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
profile/bookmarks.html
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
profile/bookmarks.html
Resource
win10v2004-20231222-en
Behavioral task
behavioral7
Sample
profile/cache2/doomed/285.html
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
profile/cache2/doomed/285.html
Resource
win10v2004-20231222-en
Behavioral task
behavioral9
Sample
profile/cache2/doomed/5823.html
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
profile/cache2/doomed/5823.html
Resource
win10v2004-20231222-en
Behavioral task
behavioral11
Sample
0074E7EADB9AF6975D36F41996674786A91D38F2.js
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
0074E7EADB9AF6975D36F41996674786A91D38F2.js
Resource
win10v2004-20231222-en
Behavioral task
behavioral13
Sample
00BE7F9DA523AB29705009AE318BC8D1EA1A1CA7.js
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
00BE7F9DA523AB29705009AE318BC8D1EA1A1CA7.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
00EE605E0EFE18DE2959AF4F77D0FB4EC68B98A7.js
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
00EE605E0EFE18DE2959AF4F77D0FB4EC68B98A7.js
Resource
win10v2004-20231222-en
Behavioral task
behavioral17
Sample
profile/cache2/entries/010E3AB989ADBA95700DC330B0408A3E24B1B9AD.js
Resource
win7-20231215-en
Behavioral task
behavioral18
Sample
profile/cache2/entries/010E3AB989ADBA95700DC330B0408A3E24B1B9AD.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral19
Sample
01F3FC5B949F3F17401995A81248637154FAA196.js
Resource
win7-20231215-en
Behavioral task
behavioral20
Sample
01F3FC5B949F3F17401995A81248637154FAA196.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral21
Sample
031D7C56C6FB471AE5EF12487A9712C96B2D7D26.js
Resource
win7-20231215-en
Behavioral task
behavioral22
Sample
031D7C56C6FB471AE5EF12487A9712C96B2D7D26.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral23
Sample
profile/cache2/entries/045303EF7EAD8BA16789BEC1A684893679CE6C42.js
Resource
win7-20231215-en
Behavioral task
behavioral24
Sample
profile/cache2/entries/045303EF7EAD8BA16789BEC1A684893679CE6C42.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral25
Sample
0453FDBE339FFAC08D19DC5A3BAA262994C36772.js
Resource
win7-20231215-en
Behavioral task
behavioral26
Sample
0453FDBE339FFAC08D19DC5A3BAA262994C36772.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral27
Sample
profile/cache2/entries/069AB8E0648CD57EE5B643E9F27C19E121B91993.js
Resource
win7-20231215-en
Behavioral task
behavioral28
Sample
profile/cache2/entries/069AB8E0648CD57EE5B643E9F27C19E121B91993.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral29
Sample
profile/cache2/entries/0762816DDF82FA4D7AF3935CAF9C0FACBF9C379A.gz
Resource
win7-20231215-en
Behavioral task
behavioral30
Sample
profile/cache2/entries/0762816DDF82FA4D7AF3935CAF9C0FACBF9C379A.gz
Resource
win10v2004-20231222-en
Behavioral task
behavioral31
Sample
profile/cache2/entries/0A1250CA87E7D3AD993AEB6BBDC2690F21099415.js
Resource
win7-20231215-en
Behavioral task
behavioral32
Sample
profile/cache2/entries/0A1250CA87E7D3AD993AEB6BBDC2690F21099415.js
Resource
win10v2004-20231215-en
General
-
Target
profile/cache2/doomed/5823.html
-
Size
44KB
-
MD5
2d53e05fe63da1fbc2ffebbe21d6598d
-
SHA1
4516efe3d89a3b56d861ca634ab40e32286e8566
-
SHA256
4af073f36bbd71b1e8c0f29411474d9e54ae9dad20346fe56e970cd56e36607a
-
SHA512
c37423564a7fa6e18e69d1bda3e43fc720e116f7cea2e81dfaaec760d967e1b36057f29afff9f75c1b700ba5a16fc29950eef22de4c645ae1d3b97d3a6620747
-
SSDEEP
768:lgeoI3rYwjURR+e+Q6VR6VcQiHOTNBL7Gl2:OT0rYwjURR+reBF
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9A4F69B2-AFB4-11EE-AA35-6AA3E029E500} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 5300 iexplore.exe 5300 iexplore.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5300 wrote to memory of 4928 5300 iexplore.exe 21 PID 5300 wrote to memory of 4928 5300 iexplore.exe 21 PID 5300 wrote to memory of 4928 5300 iexplore.exe 21
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\profile\cache2\doomed\5823.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5300 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5300 CREDAT:17410 /prefetch:22⤵PID:4928
-