Overview

overview

3

Static

static

1

Transfer.zip

windows10-2004-x64

1

Transfer/control.lua

windows10-2004-x64

3

Transfer/d...n.json

windows10-2004-x64

3

Transfer/freeplay.js

windows10-2004-x64

1

Transfer/info.json

windows10-2004-x64

3

Transfer/l...it.dat

windows10-2004-x64

3

Transfer/level.dat0

windows10-2004-x64

3

Transfer/level.dat1

windows10-2004-x64

3

Transfer/level.dat10

windows10-2004-x64

3

Transfer/level.dat11

windows10-2004-x64

3

Transfer/level.dat12

windows10-2004-x64

3

Transfer/level.dat2

windows10-2004-x64

3

Transfer/level.dat3

windows10-2004-x64

3

Transfer/level.dat4

windows10-2004-x64

3

Transfer/level.dat5

windows10-2004-x64

3

Transfer/level.dat6

windows10-2004-x64

3

Transfer/level.dat7

windows10-2004-x64

3

Transfer/level.dat8

windows10-2004-x64

3

Transfer/level.dat9

windows10-2004-x64

3

Transfer/l...tadata

windows10-2004-x64

3

Transfer/l...ay.cfg

windows10-2004-x64

3

Transfer/l...ay.cfg

windows10-2004-x64

3

Transfer/l...ay.cfg

windows10-2004-x64

3

Transfer/l...ay.cfg

windows10-2004-x64

3

Transfer/l...ay.cfg

windows10-2004-x64

3

Transfer/l...ay.cfg

windows10-2004-x64

3

Transfer/l...ay.cfg

windows10-2004-x64

3

Transfer/l...ay.cfg

windows10-2004-x64

3

Transfer/l...ay.cfg

windows10-2004-x64

3

Transfer/l...ay.cfg

windows10-2004-x64

3

Transfer/l...ay.cfg

windows10-2004-x64

3

Transfer/preview.jpg

windows10-2004-x64

3

Resubmissions

18/01/2024, 21:47 UTC

240118-1m8ayshghp 3

18/01/2024, 21:42 UTC

240118-1kd94ahgdk 1

18/01/2024, 21:39 UTC

240118-1h5dhaafa4 1

Analysis

  • max time kernel
    142s
  • max time network
    270s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/01/2024, 21:47 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Transfer/level.dat6

  • Size

    444KB

  • MD5

    e483114a6644479896bc0a05dd0555e1

  • SHA1

    b961254991d0952796768293c501743591d20a4a

  • SHA256

    a7b0a6515c7bacd05895bd8e283310b038d89f423fe14fc43b71c2e982ea0cab

  • SHA512

    0d05bd4b6b014427e7d737a60ed3b19fa442ff1e60407b3d96279301f9227234872cd6dd36e9ce7e282befad018f3bb37edc115419341f38af17642ed59c4037

  • SSDEEP

    12288:5XIyi/S6IFUhR92wPVGtEiX4wx0dYcy2i9d:5XIbS65H9rP764w2Pc9d

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Transfer\level.dat6
    1⤵
    • Modifies registry class
    PID:5004
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1828

Network

  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    174.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    174.178.17.96.in-addr.arpa
    IN PTR
    Response
    174.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-174deploystaticakamaitechnologiescom
  • flag-us
    DNS
    23.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    209.205.72.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.205.72.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    23.160.77.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.160.77.104.in-addr.arpa
    IN PTR
    Response
    23.160.77.104.in-addr.arpa
    IN PTR
    a104-77-160-23deploystaticakamaitechnologiescom
  • flag-us
    DNS
    172.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.178.17.96.in-addr.arpa
    IN PTR
    Response
    172.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-172deploystaticakamaitechnologiescom
  • flag-us
    DNS
    11.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    209.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.178.17.96.in-addr.arpa
    IN PTR
    Response
    209.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-209deploystaticakamaitechnologiescom
  • flag-us
    DNS
    123.10.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    123.10.44.20.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    140 B
     144 B
     2
    1

    DNS Request

    58.55.71.13.in-addr.arpa

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    174.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    174.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    23.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    23.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    209.205.72.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    209.205.72.20.in-addr.arpa

  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    56.126.166.20.in-addr.arpa

  • 8.8.8.8:53
    23.160.77.104.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    23.160.77.104.in-addr.arpa

  • 8.8.8.8:53
    172.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    172.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    11.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    11.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    209.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    209.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    123.10.44.20.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    123.10.44.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.