Overview

overview

10

Static

static

10

Dying Ligh...er.exe

windows7-x64

3

Dying Ligh...er.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17-03-2024 03:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Dying Light 2 Stay Human v1.0.3-v1.15.2 Plus 30 Trainer.exe

  • Size

    1.7MB

  • MD5

    bb90d8afd816633dcc49baeeb7597d50

  • SHA1

    4c9dfe529eec3ad4c184b91aef75f9bbc92a866d

  • SHA256

    1b7092a6cd5712c0bb28d7e68a7fe546cffab3e9ba3c3117adf4a837b507f818

  • SHA512

    d6d320f5b436e1ec5a2c5c8e753bfce2c6e6fb8757051e32cb4fa1499e388b61b5abf54a043c391a5368aa5fa7860877179392ae7d2baf49d725af8eed7e4cd3

  • SSDEEP

    24576:3JqSrepDqj4yJYHn7H2MuWEd61rfz7knHDz1SnbKFzDSVXT5Xx/Rya:3zrcqMyJYL2/lCfzEH3gbhXT5Xx51

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 6 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Dying Light 2 Stay Human v1.0.3-v1.15.2 Plus 30 Trainer.exe
    "C:\Users\Admin\AppData\Local\Temp\Dying Light 2 Stay Human v1.0.3-v1.15.2 Plus 30 Trainer.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://flingtrainer.com/wp-json/trainer-api/update-page?name=dying-light-2-stay-human&lang=en
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2472
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2472 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2348

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
    Filesize

    717B

    MD5

    822467b728b7a66b081c91795373789a

    SHA1

    d8f2f02e1eef62485a9feffd59ce837511749865

    SHA256

    af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

    SHA512

    bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61
    Filesize

    299B

    MD5

    5ae8478af8dd6eec7ad4edf162dd3df1

    SHA1

    55670b9fd39da59a9d7d0bb0aecb52324cbacc5a

    SHA256

    fe42ac92eae3b2850370b73c3691ccf394c23ab6133de39f1697a6ebac4bedca

    SHA512

    a5ed33ecec5eecf5437c14eba7c65c84b6f8b08a42df7f18c8123ee37f6743b0cf8116f4359efa82338b244b28938a6e0c8895fcd7f7563bf5777b7d8ee86296

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_749F323800EEA448718955FAC254DD4F
    Filesize

    471B

    MD5

    72321426a85765753f3f83e18580f448

    SHA1

    e5f7d5052f9c1e028e6d2c958e0988f27642c500

    SHA256

    e4eb6f34ed31f1171b74b6b89af00f9148bb8e11ee1bb9a812957d01fa084bc2

    SHA512

    32ad58a366a09eec68915e12634fb05bf326b0d824eb9d6476f0cf0013a3ba7b6f0e25c0cb5c4088d5e2116c793a783470e9b5ab6878b0e8b623490ed5311516

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
    Filesize

    192B

    MD5

    5e8acb85c3c1279d5d974b00273b8199

    SHA1

    69c37781e54de72748e124504b9f61503d19690b

    SHA256

    ec42109a19a76d03f45587da083b9682f69254bd22d5da75b0bb08a5a82ece6d

    SHA512

    95e78df3a437848aa31357d391deb38fbf3b24286ce529bb0ba343c50da1c874f23c9350e7928fc01572413ec2a5d335cb128e8978f67924b9a0e0243c1c54b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61
    Filesize

    192B

    MD5

    53aefad6344d22345d0e36c63186004f

    SHA1

    1eb653fabaad5e629126f1957c01c20651d9e416

    SHA256

    0c5084b1b256d5ad193e62d7f4557e0a68f5adf5ef84d714d07f4193fef576ff

    SHA512

    3bf62530ae1705e33c07922376731663846d0b0131e29b7b0d23c0b417e5277bccee54dfac64e1d44905b66f68f53e3bf89e76d0962438a85c9d439e9c8a9428

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    2f9fef2eabf496ff817a96b6b4fb6bb9

    SHA1

    3bfbcd637281a6f3c6b940120356846d598e6a58

    SHA256

    5132924da67731e646e39cfcf73c7b7915a6e16367ef333db3f43e76c0d0a7aa

    SHA512

    caf0fb48f5143f707d6e0a529068beca48ca013184beef9ecd646b7c7fbfbeedd63c2ad9964320e29946dce330adfe4170d36d8070f3aa529b1c97b4cbca451a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    322a3ccc78fe0b4ce99462cdc9cef3fe

    SHA1

    d764c12775420a5eb0a6b4c0337c09c30bcb3b54

    SHA256

    6f0e00939a1b38abb04c900486dee230d7f738189d97cef18b49c13ab16b85c2

    SHA512

    0e35f23a3ab80b80163e2b8ed53bd900d09cfe6c3a3a8115398d266bb5cf3201e9d8d92e1d5924f26372e0b1c1d17602fd9fe08ed420644365269de69e6f79cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    d0753cb78f84ea3f2032038110fb5486

    SHA1

    b438bbf9a4bdd2eb90fcb0e27a547dfa0ef23907

    SHA256

    94a80d05f9f747fd38e04b96b179fd684d2492a816b5ca5f289937ee5a51833e

    SHA512

    2f92c2e0a33c9616c735779c9013b838509608d80a83ef4f7255e507cc2b4234d1243102960df6f497dd2c36ae3f3c33d2a56bcece12f9c381d3cbcd5bf993e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    68a9a624d8c4005cef8cfe997b6ebb33

    SHA1

    d307b077a22ae96f2114773ab7680f54414783df

    SHA256

    f944df3279c1f44392c9272d30e11344512f7a752b3bf6b452022e6d770639d8

    SHA512

    9efc7c578fa2a71ed865915682973afe6d600b3a9743532fa3333550778288652d426c84de15e01ca86703f5d0c3fe0ca5d2ade2b2e4d5ca4051c04a75e31149

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    01c192f4117363c800b78c934e9842b7

    SHA1

    9307efa107a7efa4469f73e20c345204f6af23f9

    SHA256

    0eb9624cdb0b876f0a2011c1fc7f31b2a34ff31e850f0d14f7cd98a38bcbdc74

    SHA512

    819c383875cd9f401bc0546ccd8ad7227ac6d0cc5c87d393697768b67e999016572e4a1b1ee164952f9edc826b4924acf25a1d0eed205274b7607201c4be4074

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    4762ec086caa2347a394b21744f7c447

    SHA1

    6da7a7e35179446f4d9c55dded215160c261fdf0

    SHA256

    bff3c6d968b935d966ec366da6470d2eeffbad99e18c04f54fee06e8e61e2fca

    SHA512

    65eb4b4c01cc4c01f3d4f70458e713dbb685eaffa5230330a7f38066141c95a0d75e68b6b2c9653e4849ae47a64a0913d45f9092b401c3e3096946f2182626ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    c9e3c8c8590b6e5b45b0673b0787b141

    SHA1

    430123a9dd002e7bdadd75c1ffdcf8c8246e38b9

    SHA256

    32c1e87b36c7013d8601d8aaf9bc5cd7bee23f72eeee73dd7d346020618016f9

    SHA512

    4f2008ae1e5e14674c713dcefdac59ece1d40f3bdcce66c72ffbd6aa28317c1a859a32cf17887f40eb1350a84662513cc075c2bf45fee0bace66674028fb498c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    0a7793fdb4358ea50d4b3c9a18296599

    SHA1

    f049e9672284a17a4a3981182638c37fb2a14c41

    SHA256

    8d0db4d62cdd492a4e9e05b90fe9f0ce72f58f44741a9362528afb17a49170c1

    SHA512

    46dba236529fedae4605b8c4f44a794c3b1b3c0cb22b3d3de209b3e9594332a16e569e540de8f912cfbeffbab095be90ed0fa4f6efed87fed94fb8ca0a4cddf5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    e379b07aef4fd3fc1b6834e9237d38b8

    SHA1

    9226169d70ed8cb8a3c429b0e2eada3d1f6d243a

    SHA256

    c1e9a92c94333e7fe48e5ec0c380c9474837f428d12ad31e32554011ed348fc6

    SHA512

    ac5d5c181895a5ea62fd5b9683456625b00be36cedb67c872bc0e65092e4a993067480867df5f85a48156b2587f465243bc8622b828333147c7d156f9a4371c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    ecaa15e887693f97a30eac0c39d2573d

    SHA1

    03713960fc3b0acea6e5f5c8e8c8a8341a1e7129

    SHA256

    16435c4f35f7aa447dd79fce98696b0408f2204e87d34909602cf282992e8360

    SHA512

    2bfce03efd18d68f77ced3937e9b3f31550182802c2514b669844bcf6e1d145acc5939b04718598ceaf141da49ce02ed85d464f175f3b2081bbfbf9d6153a273

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    eca24c5f3c25302932c8b155060d58f0

    SHA1

    1e24fab3ae206601c5173f96b257e81fe41d83aa

    SHA256

    eee3799d50ccb9cb9713a2a80aa18f2a78fbd5ed3bbf1f9d3791c555e1d098b6

    SHA512

    6d731ae123c4c1d896bcb29ee3c72768e930e9bb8295021d1835b29414198a4be5fe2759224b7395df707aec870bff9228006180cbad8e8421123927c8de1f5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    4c0a25970ca4ff50e7d560129dc82bdb

    SHA1

    4c511a5f4f0301c3a512ca451ebdafb15e0018cf

    SHA256

    d6da29f5a00aa50153142f25cbe848adcb05a2595f73dc6ee7915b4e363c00e3

    SHA512

    14a6e4c31ac2c638779323bf8445b7a71ba78b9773bde7fa100c695c81d07a3db746af2d45ac52d3a2f6b94bfc50259020f178ce97192a75fb7e626b53c375e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    6192179032ffab3b4195e90606b8c63d

    SHA1

    d3860bdf37e4f47ce82eb77d6b70b3cb10861cdf

    SHA256

    f394340c7ed6f8b257964b1175ac5af1a93e279c0b418d38f376a162dfcb319f

    SHA512

    3b40efe6ab3f70afc14efeac544050c7aeb5ec80d5cd1924cadcfe71c0d1f4c88b5f6e5ed729ea8a464c50342aef28e672daa8f8c85d016215a85579b730f341

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    6de6a3f3aa212e06b12fe5fd4dfd001a

    SHA1

    b3f8e6b65aa1b6db8f58d44a762a24a87046a394

    SHA256

    b9244dc39b202a04b0f85d457918b42403b9a8a74cca0f32014bd79162faa68d

    SHA512

    f11085514c9b694c4084b76b30197a8feb6cc4a9cf8b98af75bd49e31be9bcfa3dfe0f7c4d7a5cbbe5a19d675924c865657e13000e908cc4e86279b56a3fc240

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    f6642fefbedd2c1be0ae862480c2b28d

    SHA1

    99e1e1962f90a7972107d654ed0adc130c4c1592

    SHA256

    d7d41f4fcc63ad6f81193d1225e2e2ed733bbdd7473c6b982861bebaffe6150f

    SHA512

    4bde86c6273e5861bd1b050555c2b35d2a2bdfcbf413b915b19c48d881a093fb333d53963fd254701422b52f65c22f58bde4fe45c9d194fda9c8802c34e5f0f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    4236ff1fdca0d038a5cc79a43a5a6c23

    SHA1

    d4803753fac26739707307bb47279e93361cd227

    SHA256

    097e3e852dd8655574416b008df503aeac639e3097d9ebc81a6d70b17f9e3af4

    SHA512

    c11bc1b7fb2fa5c9faf4278961ae1aabbdc935bcc55c6ff51cb56ee40c4bf002df63d5e130da0677f4d1adc40e723f9259b66b48a7726d4335421ace2f481122

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    3cbf1ae15d98415808ff5ef85e479096

    SHA1

    cb60e66202c06d5af686dc6aebbd309674855380

    SHA256

    516cc6776f6b55cfa18fc6de1486962acfe5b81b3ceb513d8efccd72f56237dd

    SHA512

    3f1209fe2367cc6cc76aee210fcca7c963df445b4b5ae102fa04f1e129ca5cd26779fa924332964a8c35ffa5cf59c7ba8919bded306f1fd199236de1e51aa234

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    699d1c80748fa29f133627f33a646d70

    SHA1

    a9ab377d80d3de630d24d74434c99cb0b62479c9

    SHA256

    2731221fa3fab9eb280046a9a9b18ed9948ec5f25b9368dc303e8184e103f125

    SHA512

    b0d005ab3b08614ce75413a30dc8dbcd6d43abe57e61a9575321b55976efcab09bc5e5e0a16ca31fad97822bed7cb84a2f7d1dca9ed592f91445d399614f9a3f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q905y6j\imagestore.dat
    Filesize

    3KB

    MD5

    99a2be954f1e0dcbd7e8d6d8e470eeee

    SHA1

    4786232274ae929b12808f370b08fe9acede64c4

    SHA256

    77a5c9de35d9c35c6737232de8c5f85f8b269f8bd5afd70f98eb1111b0f9e94a

    SHA512

    5f415f9600874c32f36cc539377d7a3882b59046144f1c16f379c6083512c5ac66632f1d7c43217d27a617b1c21d7d3bcb717eb2184e25131cb4f6e9011676fe

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\cropped-free-icon-bw_icon-template-psd-3-3-45x45[1].png
    Filesize

    3KB

    MD5

    1b8534f82cff92756805dab37817dbd6

    SHA1

    6cb40895e7ef9108566acac53bc0db7367cafbf1

    SHA256

    24534faa3fce37f3dd31d07b10bf19b11f8a3d41d9631426bc172ad1808e1164

    SHA512

    83d2234fd1b4c64ad4cceead4309ba7e510695e6cdcc34c03e2d569aecbebbdddac85ff9ec948b7a65ce04467adb80ff13abee886e12f7aea9fd0b395242d80c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab785D.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7D54.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • memory/3012-5-0x0000000001D40000-0x0000000001D4A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3012-692-0x0000000001D40000-0x0000000001D4A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3012-691-0x0000000001D40000-0x0000000001D4A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3012-2-0x000000001B090000-0x000000001B110000-memory.dmp

    Filesize

    512KB

    Download

  • memory/3012-0-0x0000000001D00000-0x0000000001D34000-memory.dmp

    Filesize

    208KB

    Download

  • memory/3012-4-0x000000001B090000-0x000000001B110000-memory.dmp

    Filesize

    512KB

    Download

  • memory/3012-6-0x0000000001D40000-0x0000000001D4A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3012-7-0x000000001B090000-0x000000001B110000-memory.dmp

    Filesize

    512KB

    Download

  • memory/3012-11-0x000000001B090000-0x000000001B110000-memory.dmp

    Filesize

    512KB

    Download

  • memory/3012-139-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/3012-3-0x000000001B090000-0x000000001B110000-memory.dmp

    Filesize

    512KB

    Download

  • memory/3012-1-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/3012-1146-0x0000000001D40000-0x0000000001D42000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3012-1147-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

    Filesize

    9.9MB

    Download