Overview
overview
3Static
static
3Iniuria_CS...AN.zip
windows7-x64
1Iniuria_CS...AN.zip
windows10-2004-x64
1Iniuria CS...N].dll
windows7-x64
1Iniuria CS...N].dll
windows10-2004-x64
1beta3/Iniu...A.json
windows7-x64
3beta3/Iniu...A.json
windows10-2004-x64
3beta3/Iniu...t.json
windows7-x64
3beta3/Iniu...t.json
windows10-2004-x64
3beta3/Iniu...s.json
windows7-x64
3beta3/Iniu...s.json
windows10-2004-x64
3beta3/Iniu...t.json
windows7-x64
3beta3/Iniu...t.json
windows10-2004-x64
3Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
24-02-2024 02:13
Static task
static1
Behavioral task
behavioral1
Sample
Iniuria_CS2_Crack_By_LOLSHAN.zip
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Iniuria_CS2_Crack_By_LOLSHAN.zip
Resource
win10v2004-20240221-en
Behavioral task
behavioral3
Sample
Iniuria CS2 Crack [By LOLSHAN].dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Iniuria CS2 Crack [By LOLSHAN].dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral5
Sample
beta3/Iniuria CS2 Full Beta/Config/DWA.json
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
beta3/Iniuria CS2 Full Beta/Config/DWA.json
Resource
win10v2004-20240221-en
Behavioral task
behavioral7
Sample
beta3/Iniuria CS2 Full Beta/Config/Default.json
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
beta3/Iniuria CS2 Full Beta/Config/Default.json
Resource
win10v2004-20240221-en
Behavioral task
behavioral9
Sample
beta3/Iniuria CS2 Full Beta/Skins.json
Resource
win7-20240215-en
Behavioral task
behavioral10
Sample
beta3/Iniuria CS2 Full Beta/Skins.json
Resource
win10v2004-20240221-en
Behavioral task
behavioral11
Sample
beta3/Iniuria CS2 Full Beta/Themes/Default.json
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
beta3/Iniuria CS2 Full Beta/Themes/Default.json
Resource
win10v2004-20240221-en
General
-
Target
beta3/Iniuria CS2 Full Beta/Themes/Default.json
-
Size
12KB
-
MD5
b3e642c2d67c6a5116c3e5bee2ae4df5
-
SHA1
38f17762a80ccd385546a8ceaedcccd2525c2987
-
SHA256
2550b6fdfc08b5803932100df169c4768ac9d98cc23d89fad5df22b202e5d54e
-
SHA512
900c61ad5845a9cfda0fa60a2bd932e4acdc481c25fb1560a0cb5bd8f17140ca3d924164fef38ac1e8765a15c462d612489f3e9e2199f0ca4837165e990ce0c9
-
SSDEEP
192:xXsXCMjRXoX/0XAM0RXxwXZX0XiXzXIX3XZM2:lATUAOxcNIqb0HO2
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\json_auto_file\ rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\.json rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\.json\ = "json_auto_file" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\json_auto_file\shell\Read rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\json_auto_file\shell rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\json_auto_file\shell\Read\command rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\json_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\json_auto_file rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2500 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2500 AcroRd32.exe 2500 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2184 wrote to memory of 2612 2184 cmd.exe 29 PID 2184 wrote to memory of 2612 2184 cmd.exe 29 PID 2184 wrote to memory of 2612 2184 cmd.exe 29 PID 2612 wrote to memory of 2500 2612 rundll32.exe 30 PID 2612 wrote to memory of 2500 2612 rundll32.exe 30 PID 2612 wrote to memory of 2500 2612 rundll32.exe 30 PID 2612 wrote to memory of 2500 2612 rundll32.exe 30
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\beta3\Iniuria CS2 Full Beta\Themes\Default.json"1⤵
- Suspicious use of WriteProcessMemory
PID:2184 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\beta3\Iniuria CS2 Full Beta\Themes\Default.json2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2612 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\beta3\Iniuria CS2 Full Beta\Themes\Default.json"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2500
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5acc5131cccfe29dce4feef79b010a56f
SHA18d37fcb1eb1f9367a770d3d7b8e88f620070f32e
SHA2561d39d38854ade21432d3949dc8a98345ce1d33b15342555669eefcdde86f8789
SHA512fabc43d301e704481638e2afd9ae0c36324e90fbfcc34a3b14e10ad182e2136d9360f2342644ba440068dbe1a7425a6bb3ef35856d9436f2aa4c83e194ab03e4