Overview
overview
10Static
static
3Finals-Hack-main.exe
windows7-x64
8Finals-Hack-main.exe
windows10-2004-x64
10opengl32.dll
windows7-x64
1opengl32.dll
windows10-2004-x64
1profile/bo...s.html
windows7-x64
1profile/bo...s.html
windows10-2004-x64
1profile/ca...5.html
windows7-x64
1profile/ca...5.html
windows10-2004-x64
1profile/ca...3.html
windows7-x64
1profile/ca...3.html
windows10-2004-x64
10074E7EADB...8F2.js
windows7-x64
10074E7EADB...8F2.js
windows10-2004-x64
100BE7F9DA5...CA7.js
windows7-x64
100BE7F9DA5...CA7.js
windows10-2004-x64
100EE605E0E...8A7.js
windows7-x64
100EE605E0E...8A7.js
windows10-2004-x64
1profile/ca...9AD.js
windows7-x64
1profile/ca...9AD.js
windows10-2004-x64
101F3FC5B94...196.js
windows7-x64
101F3FC5B94...196.js
windows10-2004-x64
1031D7C56C6...D26.js
windows7-x64
1031D7C56C6...D26.js
windows10-2004-x64
1profile/ca...C42.js
windows7-x64
1profile/ca...C42.js
windows10-2004-x64
10453FDBE33...772.js
windows7-x64
10453FDBE33...772.js
windows10-2004-x64
1profile/ca...993.js
windows7-x64
1profile/ca...993.js
windows10-2004-x64
1profile/ca...79A.gz
windows7-x64
3profile/ca...79A.gz
windows10-2004-x64
7profile/ca...415.js
windows7-x64
1profile/ca...415.js
windows10-2004-x64
1Analysis
-
max time kernel
0s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
10/01/2024, 12:29
Static task
static1
Behavioral task
behavioral1
Sample
Finals-Hack-main.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Finals-Hack-main.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
opengl32.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
opengl32.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
profile/bookmarks.html
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
profile/bookmarks.html
Resource
win10v2004-20231222-en
Behavioral task
behavioral7
Sample
profile/cache2/doomed/285.html
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
profile/cache2/doomed/285.html
Resource
win10v2004-20231222-en
Behavioral task
behavioral9
Sample
profile/cache2/doomed/5823.html
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
profile/cache2/doomed/5823.html
Resource
win10v2004-20231222-en
Behavioral task
behavioral11
Sample
0074E7EADB9AF6975D36F41996674786A91D38F2.js
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
0074E7EADB9AF6975D36F41996674786A91D38F2.js
Resource
win10v2004-20231222-en
Behavioral task
behavioral13
Sample
00BE7F9DA523AB29705009AE318BC8D1EA1A1CA7.js
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
00BE7F9DA523AB29705009AE318BC8D1EA1A1CA7.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
00EE605E0EFE18DE2959AF4F77D0FB4EC68B98A7.js
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
00EE605E0EFE18DE2959AF4F77D0FB4EC68B98A7.js
Resource
win10v2004-20231222-en
Behavioral task
behavioral17
Sample
profile/cache2/entries/010E3AB989ADBA95700DC330B0408A3E24B1B9AD.js
Resource
win7-20231215-en
Behavioral task
behavioral18
Sample
profile/cache2/entries/010E3AB989ADBA95700DC330B0408A3E24B1B9AD.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral19
Sample
01F3FC5B949F3F17401995A81248637154FAA196.js
Resource
win7-20231215-en
Behavioral task
behavioral20
Sample
01F3FC5B949F3F17401995A81248637154FAA196.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral21
Sample
031D7C56C6FB471AE5EF12487A9712C96B2D7D26.js
Resource
win7-20231215-en
Behavioral task
behavioral22
Sample
031D7C56C6FB471AE5EF12487A9712C96B2D7D26.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral23
Sample
profile/cache2/entries/045303EF7EAD8BA16789BEC1A684893679CE6C42.js
Resource
win7-20231215-en
Behavioral task
behavioral24
Sample
profile/cache2/entries/045303EF7EAD8BA16789BEC1A684893679CE6C42.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral25
Sample
0453FDBE339FFAC08D19DC5A3BAA262994C36772.js
Resource
win7-20231215-en
Behavioral task
behavioral26
Sample
0453FDBE339FFAC08D19DC5A3BAA262994C36772.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral27
Sample
profile/cache2/entries/069AB8E0648CD57EE5B643E9F27C19E121B91993.js
Resource
win7-20231215-en
Behavioral task
behavioral28
Sample
profile/cache2/entries/069AB8E0648CD57EE5B643E9F27C19E121B91993.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral29
Sample
profile/cache2/entries/0762816DDF82FA4D7AF3935CAF9C0FACBF9C379A.gz
Resource
win7-20231215-en
Behavioral task
behavioral30
Sample
profile/cache2/entries/0762816DDF82FA4D7AF3935CAF9C0FACBF9C379A.gz
Resource
win10v2004-20231222-en
Behavioral task
behavioral31
Sample
profile/cache2/entries/0A1250CA87E7D3AD993AEB6BBDC2690F21099415.js
Resource
win7-20231215-en
Behavioral task
behavioral32
Sample
profile/cache2/entries/0A1250CA87E7D3AD993AEB6BBDC2690F21099415.js
Resource
win10v2004-20231215-en
General
-
Target
profile/cache2/doomed/285.html
-
Size
44KB
-
MD5
dd115e187254dab51e72342868bd8270
-
SHA1
f1b2dcafef1d0a45bb9c9b3abab35450964a0872
-
SHA256
db338c068514b435e2ef4473688f043866e44a49eebd9d7b990e75d214587eb8
-
SHA512
9a124784f19e532f05560adb5b35ef2429a73aec608bd77bbc5dce16b1ed352ca5553e6293fa283481968888f1166fa95f85258dea868f1b28eaaa6b2418fc59
-
SSDEEP
768:lgeoI3rYwjURR+e+Q6VR6VcQiHOTNBL7GlN:OT0rYwjURR+reBG
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9A909131-AFB4-11EE-AA35-7AB8B57C8E96} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2628 iexplore.exe 2628 iexplore.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2628 wrote to memory of 4516 2628 iexplore.exe 18 PID 2628 wrote to memory of 4516 2628 iexplore.exe 18 PID 2628 wrote to memory of 4516 2628 iexplore.exe 18
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\profile\cache2\doomed\285.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2628 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:17410 /prefetch:22⤵PID:4516
-