Overview
overview
10Static
static
10ExitLag.rar
windows7-x64
3ExitLag.rar
windows10-2004-x64
7ExitLag-Cr...24.rar
windows7-x64
3ExitLag-Cr...24.rar
windows10-2004-x64
7ExitLag-Cr...tadata
windows7-x64
3ExitLag-Cr...tadata
windows10-2004-x64
3ExitLag-Cr...ag.exe
windows7-x64
7ExitLag-Cr...ag.exe
windows10-2004-x64
7Creal.pyc
windows7-x64
3Creal.pyc
windows10-2004-x64
3ExitLag-Cr...AL.txt
windows7-x64
1ExitLag-Cr...AL.txt
windows10-2004-x64
1ExitLag-Cr...i.dart
windows7-x64
3ExitLag-Cr...i.dart
windows10-2004-x64
3ExitLag-Cr...ege.js
windows7-x64
1ExitLag-Cr...ege.js
windows10-2004-x64
1ExitLag-Cr...n.dart
windows7-x64
3ExitLag-Cr...n.dart
windows10-2004-x64
3ExitLag-Cr...n.dart
windows7-x64
3ExitLag-Cr...n.dart
windows10-2004-x64
3ExitLag-Cr...get.js
windows7-x64
1ExitLag-Cr...get.js
windows10-2004-x64
1ExitLag-Cr...tadata
windows7-x64
3ExitLag-Cr...tadata
windows10-2004-x64
3ExitLag-Cr...tadata
windows7-x64
3ExitLag-Cr...tadata
windows10-2004-x64
3ExitLag-Cr...up.bat
windows7-x64
7ExitLag-Cr...up.bat
windows10-2004-x64
7Analysis
-
max time kernel
120s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27/02/2024, 11:57
Behavioral task
behavioral1
Sample
ExitLag.rar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ExitLag.rar
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
ExitLag-Crack-2024.rar
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
ExitLag-Crack-2024.rar
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
ExitLag-Crack-2024/ExitLag-Main/.metadata
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
ExitLag-Crack-2024/ExitLag-Main/.metadata
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
ExitLag-Crack-2024/ExitLag-Main/ExitLag.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
ExitLag-Crack-2024/ExitLag-Main/ExitLag.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
Creal.pyc
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
Creal.pyc
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
ExitLag-Crack-2024/ExitLag-Main/TUTORIAL.txt
Resource
win7-20240215-en
Behavioral task
behavioral12
Sample
ExitLag-Crack-2024/ExitLag-Main/TUTORIAL.txt
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
ExitLag-Crack-2024/ExitLag-Main/lib/emailBilgileri.dart
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
ExitLag-Crack-2024/ExitLag-Main/lib/emailBilgileri.dart
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
ExitLag-Crack-2024/ExitLag-Main/lib/firstPege.js
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
ExitLag-Crack-2024/ExitLag-Main/lib/firstPege.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
ExitLag-Crack-2024/ExitLag-Main/lib/login.dart
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
ExitLag-Crack-2024/ExitLag-Main/lib/login.dart
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
ExitLag-Crack-2024/ExitLag-Main/lib/main.dart
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
ExitLag-Crack-2024/ExitLag-Main/lib/main.dart
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
ExitLag-Crack-2024/ExitLag-Main/lib/passwordForget.js
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
ExitLag-Crack-2024/ExitLag-Main/lib/passwordForget.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
ExitLag-Crack-2024/ExitLag-Main/pingset.metadata
Resource
win7-20240215-en
Behavioral task
behavioral24
Sample
ExitLag-Crack-2024/ExitLag-Main/pingset.metadata
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
ExitLag-Crack-2024/ExitLag-Main/setconnection.metadata
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
ExitLag-Crack-2024/ExitLag-Main/setconnection.metadata
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
ExitLag-Crack-2024/ExitLag-Main/setup.bat
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
ExitLag-Crack-2024/ExitLag-Main/setup.bat
Resource
win10v2004-20240226-en
General
-
Target
ExitLag-Crack-2024/ExitLag-Main/.metadata
-
Size
305B
-
MD5
e6784095dc1a554cacf0bb934434b3a6
-
SHA1
4c4c7363d9cf6d84a41909cce9d3743762e5945d
-
SHA256
5143a6fb213dd024294edc05ac1782c19be8dddab0c57d63ba7e5b5f8e5b69cd
-
SHA512
9ed40291778a162a6e102c44569adc5588024ca82446bbe717cc5b2db004f2da0a78f10cecfd3bcccf1346dffc38b5d422f3c2bea0c2895221c5cb2b0d96047e
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_CLASSES\metadata_auto_file rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_CLASSES\.metadata rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_CLASSES\metadata_auto_file\shell\Read rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_CLASSES\metadata_auto_file\shell\Read\command rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_CLASSES\metadata_auto_file\ rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_CLASSES\.metadata\ = "metadata_auto_file" rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_CLASSES\metadata_auto_file\shell rundll32.exe Set value (str) \REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_CLASSES\metadata_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" rundll32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1464 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1464 AcroRd32.exe 1464 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1996 wrote to memory of 2648 1996 cmd.exe 29 PID 1996 wrote to memory of 2648 1996 cmd.exe 29 PID 1996 wrote to memory of 2648 1996 cmd.exe 29 PID 2648 wrote to memory of 1464 2648 rundll32.exe 30 PID 2648 wrote to memory of 1464 2648 rundll32.exe 30 PID 2648 wrote to memory of 1464 2648 rundll32.exe 30 PID 2648 wrote to memory of 1464 2648 rundll32.exe 30
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\ExitLag-Crack-2024\ExitLag-Main\.metadata1⤵
- Suspicious use of WriteProcessMemory
PID:1996 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\ExitLag-Crack-2024\ExitLag-Main\.metadata2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2648 -
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ExitLag-Crack-2024\ExitLag-Main\.metadata"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1464
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD52c653e0c4068dd672beb6364360d3a30
SHA1705b42f06495f343a436e5c504f7a72c0a5c94e8
SHA2567a3d00e0cbe7d5965e1063a90f4b1fdaeb4439695b9672cea7b26ba1a33a769a
SHA51230a11eb9883df258504a9ec25783023084082069350f30f687fe249d4206758cd4a01506adff1eee4af36c93932841c78959bfc536dfe9f974a790fcd527f3a2