Overview

overview

7

Static

static

7

hlrb11-59cp2009.exe

windows10-1703-x64

7

$PLUGINSDI...ns.dll

windows10-1703-x64

3

$PLUGINSDI...nu.dll

windows10-1703-x64

3

cl_dlls/client.dll

windows10-1703-x64

1

dlls/hlrally.dll

windows10-1703-x64

3

fmod.dll

windows10-1703-x64

7

gfx/env/dmcwft.ps1

windows10-1703-x64

1

manual/bugs.htm

windows10-1703-x64

4

manual/courses.htm

windows10-1703-x64

4

manual/cou...x.html

windows10-1703-x64

4

manual/cus...on.htm

windows10-1703-x64

4

manual/fra...om.htm

windows10-1703-x64

4

manual/frame_top.htm

windows10-1703-x64

4

manual/ima...om.htm

windows10-1703-x64

4

manual/ima...op.htm

windows10-1703-x64

4

manual/ima...x.html

windows10-1703-x64

4

manual/ima...ew.htm

windows10-1703-x64

4

manual/index.htm

windows10-1703-x64

4

manual/overview.htm

windows10-1703-x64

4

manual/team.htm

windows10-1703-x64

4

manual/vehicles.htm

windows10-1703-x64

4

manual/veh...x.html

windows10-1703-x64

4

maps/rc_canyon.ps1

windows10-1703-x64

1

models/lcr...er.ps1

windows10-1703-x64

1

settings.scr

windows10-1703-x64

uninstall.exe

windows10-1703-x64

7

$PLUGINSDI...LL.dll

windows10-1703-x64

3

user.scr

windows10-1703-x64

zlib.dll

windows10-1703-x64

3

Analysis

  • max time kernel
    299s
  • max time network
    260s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24/02/2024, 18:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    manual/overview.htm

  • Size

    6KB

  • MD5

    af4c8c7acb37ad8cc2d09312466cf109

  • SHA1

    1e9502b5b574518caac7b97c6b3b9faaf2f55364

  • SHA256

    f899b9a1195edb721cdf9d1e33aac99e54be11545bda2bf304b37f6af8ca5635

  • SHA512

    63bbaafdbe0f43ef139744d98b1acfbc114dcec5883b6f0209d5b3aec4d7209dc45977ff055c2c98f98fd6183e0eb6c1ffc639231a0dc44f99ee7d39fba8367a

  • SSDEEP

    96:TK6iPaN0QiQqw1xpP00CiSM0CJw0rsQ8XGBVL:TK6iit5NM0C3M0Ca0rsQ82l

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\manual\overview.htm"
    1⤵
      PID:4200
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1904
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:3248
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4752
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3468
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:68
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:4344

    Network

    • flag-us
      DNS
      161.19.199.152.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      161.19.199.152.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      179.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      179.178.17.96.in-addr.arpa
      IN PTR
      Response
      179.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-179deploystaticakamaitechnologiescom
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
      Response
      200.197.79.204.in-addr.arpa
      IN PTR
      a-0001a-msedgenet
    • flag-us
      DNS
      www.microsoft.com
      MicrosoftEdge.exe
      Remote address:
      8.8.8.8:53
      Request
      www.microsoft.com
      IN A
      Response
      www.microsoft.com
      IN CNAME
      www.microsoft.com-c-3.edgekey.net
      www.microsoft.com-c-3.edgekey.net
      IN CNAME
      www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
      www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
      IN CNAME
      e13678.dscb.akamaiedge.net
      e13678.dscb.akamaiedge.net
      IN A
      23.37.1.217
    • flag-gb
      GET
      https://www.bing.com/cortanaassist/rules?cc=US&version=6
      MicrosoftEdge.exe
      Remote address:
      92.123.128.149:443
      Request
      GET /cortanaassist/rules?cc=US&version=6 HTTP/2.0
      host: www.bing.com
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
      dnt: 1
      Response
      HTTP/2.0 404
      cache-control: private
      content-length: 51418
      content-type: text/html; charset=utf-8
      content-encoding: br
      vary: Accept-Encoding
      p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
      x-eventid: 65da3666e4a54c448028435f23599499
      useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      x-error-page: 404-custom
      x-ua-compatible: IE=edge
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 7A23CEF437EE4FFC85CFC4F4D4111448 Ref B: LTSEDGE1612 Ref C: 2024-02-24T18:33:10Z
      date: Sat, 24 Feb 2024 18:33:10 GMT
      set-cookie: MUID=16B8BC4EED1261391A12A861EC2A609D; domain=.bing.com; expires=Thu, 20-Mar-2025 18:33:10 GMT; path=/; secure; SameSite=None
      set-cookie: MUIDB=16B8BC4EED1261391A12A861EC2A609D; expires=Thu, 20-Mar-2025 18:33:10 GMT; path=/; HttpOnly
      set-cookie: _EDGE_S=F=1&SID=1FAF1D6C4261632929FF0943435962A0&mkt=en-us; domain=.bing.com; path=/; HttpOnly
      set-cookie: _EDGE_V=1; domain=.bing.com; expires=Thu, 20-Mar-2025 18:33:10 GMT; path=/; HttpOnly
      set-cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Tue, 24-Feb-2026 18:33:10 GMT; path=/
      set-cookie: SRCHUID=V=2&GUID=56C51946B6574252A61271ABC958273F&dmnchg=1; domain=.bing.com; expires=Tue, 24-Feb-2026 18:33:10 GMT; path=/
      set-cookie: SRCHUSR=DOB=20240224; domain=.bing.com; expires=Tue, 24-Feb-2026 18:33:10 GMT; path=/
      set-cookie: SRCHHPGUSR=SRCHLANG=en; domain=.bing.com; expires=Tue, 24-Feb-2026 18:33:10 GMT; path=/
      set-cookie: _SS=SID=1FAF1D6C4261632929FF0943435962A0; domain=.bing.com; path=/
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.95777b5c.1708799590.1ef9ffdd
    • flag-us
      DNS
      22.236.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      22.236.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      217.1.37.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.1.37.23.in-addr.arpa
      IN PTR
      Response
      217.1.37.23.in-addr.arpa
      IN PTR
      a23-37-1-217deploystaticakamaitechnologiescom
    • flag-us
      DNS
      149.128.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      149.128.123.92.in-addr.arpa
      IN PTR
      Response
      149.128.123.92.in-addr.arpa
      IN PTR
      a92-123-128-149deploystaticakamaitechnologiescom
    • flag-us
      DNS
      181.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      181.178.17.96.in-addr.arpa
      IN PTR
      Response
      181.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-181deploystaticakamaitechnologiescom
    • flag-us
      DNS
      9.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.173.189.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      210.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      210.178.17.96.in-addr.arpa
      IN PTR
      Response
      210.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-210deploystaticakamaitechnologiescom
    • flag-us
      DNS
      201.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      201.178.17.96.in-addr.arpa
      IN PTR
      Response
      201.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-201deploystaticakamaitechnologiescom
    • 20.231.121.79:80
      46 B
       1
    • 204.79.197.200:443
      ieonline.microsoft.com
      tls, http2
      MicrosoftEdge.exe
      1.2kB
       8.2kB
       15
      15
    • 92.123.128.149:443
      https://www.bing.com/cortanaassist/rules?cc=US&version=6
      tls, http2
      MicrosoftEdge.exe
      3.3kB
       59.7kB
       57
      56

      HTTP Request

      GET https://www.bing.com/cortanaassist/rules?cc=US&version=6

      HTTP Response

      404
    • 92.123.128.149:443
      www.bing.com
      tls, http2
      MicrosoftEdge.exe
      1.1kB
       4.9kB
       15
      14
    • 8.8.8.8:53
      161.19.199.152.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      161.19.199.152.in-addr.arpa

    • 8.8.8.8:53
      179.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      179.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      200.197.79.204.in-addr.arpa
      dns
      73 B
       106 B
       1
      1

      DNS Request

      200.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      www.microsoft.com
      dns
      MicrosoftEdge.exe
      63 B
       230 B
       1
      1

      DNS Request

      www.microsoft.com

      DNS Response

      23.37.1.217

    • 8.8.8.8:53
      22.236.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      22.236.111.52.in-addr.arpa

    • 8.8.8.8:53
      217.1.37.23.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      217.1.37.23.in-addr.arpa

    • 8.8.8.8:53
      149.128.123.92.in-addr.arpa
      dns
      73 B
       139 B
       1
      1

      DNS Request

      149.128.123.92.in-addr.arpa

    • 8.8.8.8:53
      181.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      181.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      9.173.189.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      9.173.189.20.in-addr.arpa

    • 8.8.8.8:53
      210.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      210.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      201.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      201.178.17.96.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZP3JQEV6\edgecompatviewlist[1].xml
      Filesize

      74KB

      MD5

      d4fc49dc14f63895d997fa4940f24378

      SHA1

      3efb1437a7c5e46034147cbbc8db017c69d02c31

      SHA256

      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

      SHA512

      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\G2WQRY1G\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • memory/68-64-0x000001B658070000-0x000001B658072000-memory.dmp

      Filesize

      8KB

      Download

    • memory/68-66-0x000001B658090000-0x000001B658092000-memory.dmp

      Filesize

      8KB

      Download

    • memory/68-56-0x000001B658010000-0x000001B658012000-memory.dmp

      Filesize

      8KB

      Download

    • memory/68-58-0x000001B658020000-0x000001B658022000-memory.dmp

      Filesize

      8KB

      Download

    • memory/68-60-0x000001B658040000-0x000001B658042000-memory.dmp

      Filesize

      8KB

      Download

    • memory/68-62-0x000001B658060000-0x000001B658062000-memory.dmp

      Filesize

      8KB

      Download

    • memory/68-72-0x000001B6580F0000-0x000001B6580F2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/68-53-0x000001B657FF0000-0x000001B657FF2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/68-68-0x000001B6580B0000-0x000001B6580B2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/68-70-0x000001B6580D0000-0x000001B6580D2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1904-0-0x00000207CA220000-0x00000207CA230000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1904-35-0x00000207CA520000-0x00000207CA522000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1904-91-0x00000207D2740000-0x00000207D2741000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1904-92-0x00000207D2750000-0x00000207D2751000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1904-16-0x00000207CA420000-0x00000207CA430000-memory.dmp

      Filesize

      64KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.