Overview

overview

3

Static

static

1

Transfer.zip

windows10-2004-x64

1

Transfer/control.lua

windows10-2004-x64

3

Transfer/d...n.json

windows10-2004-x64

3

Transfer/freeplay.js

windows10-2004-x64

1

Transfer/info.json

windows10-2004-x64

3

Transfer/l...it.dat

windows10-2004-x64

3

Transfer/level.dat0

windows10-2004-x64

3

Transfer/level.dat1

windows10-2004-x64

3

Transfer/level.dat10

windows10-2004-x64

3

Transfer/level.dat11

windows10-2004-x64

3

Transfer/level.dat12

windows10-2004-x64

3

Transfer/level.dat2

windows10-2004-x64

3

Transfer/level.dat3

windows10-2004-x64

3

Transfer/level.dat4

windows10-2004-x64

3

Transfer/level.dat5

windows10-2004-x64

3

Transfer/level.dat6

windows10-2004-x64

3

Transfer/level.dat7

windows10-2004-x64

3

Transfer/level.dat8

windows10-2004-x64

3

Transfer/level.dat9

windows10-2004-x64

3

Transfer/l...tadata

windows10-2004-x64

3

Transfer/l...ay.cfg

windows10-2004-x64

3

Transfer/l...ay.cfg

windows10-2004-x64

3

Transfer/l...ay.cfg

windows10-2004-x64

3

Transfer/l...ay.cfg

windows10-2004-x64

3

Transfer/l...ay.cfg

windows10-2004-x64

3

Transfer/l...ay.cfg

windows10-2004-x64

3

Transfer/l...ay.cfg

windows10-2004-x64

3

Transfer/l...ay.cfg

windows10-2004-x64

3

Transfer/l...ay.cfg

windows10-2004-x64

3

Transfer/l...ay.cfg

windows10-2004-x64

3

Transfer/l...ay.cfg

windows10-2004-x64

3

Transfer/preview.jpg

windows10-2004-x64

3

Resubmissions

18/01/2024, 21:47 UTC

240118-1m8ayshghp 3

18/01/2024, 21:42 UTC

240118-1kd94ahgdk 1

18/01/2024, 21:39 UTC

240118-1h5dhaafa4 1

Analysis

  • max time kernel
    249s
  • max time network
    270s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/01/2024, 21:47 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Transfer/level.dat7

  • Size

    399KB

  • MD5

    fc7b83bdb1a19491915a5f8c48e5f6c8

  • SHA1

    e02bf6e5cf6a2549ec8eba907123f16b88de4074

  • SHA256

    2f9fbd77b2f0547ea61cab5979682345329617109c7eba9b8b5de1178c483422

  • SHA512

    232caa27f5919e4552d3e0430c57a31d543699d8affb87302d54ffaa149089f8e29c9bacc05b06d753b68bc1edfc183b2664e6a807c82cd7b9082088dfe1c01d

  • SSDEEP

    12288:onm9CygifJ5V5vfSC3rwbV/ZTNDi4GbelW44VBfZw+m7cc4:p9RgOBico1Dmu6VrwT754

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Transfer\level.dat7
    1⤵
    • Modifies registry class
    PID:3264
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3592

Network

  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    186.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    186.178.17.96.in-addr.arpa
    IN PTR
    Response
    186.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-186deploystaticakamaitechnologiescom
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    209.205.72.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.205.72.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    28.160.77.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.160.77.104.in-addr.arpa
    IN PTR
    Response
    28.160.77.104.in-addr.arpa
    IN PTR
    a104-77-160-28deploystaticakamaitechnologiescom
  • flag-us
    DNS
    181.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    181.178.17.96.in-addr.arpa
    IN PTR
    Response
    181.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-181deploystaticakamaitechnologiescom
  • flag-us
    DNS
    16.234.44.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    16.234.44.23.in-addr.arpa
    IN PTR
    Response
    16.234.44.23.in-addr.arpa
    IN PTR
    a23-44-234-16deploystaticakamaitechnologiescom
  • flag-us
    DNS
    23.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    204.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    204.178.17.96.in-addr.arpa
    IN PTR
    Response
    204.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-204deploystaticakamaitechnologiescom
  • flag-us
    DNS
    8.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.173.189.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    81.171.91.138.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    81.171.91.138.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    186.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    186.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    209.205.72.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    209.205.72.20.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    56.126.166.20.in-addr.arpa

  • 8.8.8.8:53
    28.160.77.104.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    28.160.77.104.in-addr.arpa

  • 8.8.8.8:53
    181.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    181.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    16.234.44.23.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    16.234.44.23.in-addr.arpa

  • 8.8.8.8:53
    23.236.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    23.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    204.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    204.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    8.173.189.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    8.173.189.20.in-addr.arpa

  • 8.8.8.8:53
    81.171.91.138.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    81.171.91.138.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.