Overview

overview

7

Static

static

1

Crypto Wal...86.rar

windows7-x64

1

Crypto Wal...86.rar

windows10-1703-x64

7

Crypto Wal...86.rar

windows10-2004-x64

7

Crypto Wal...86.rar

windows11-21h2-x64

1

Analysis

  • max time kernel
    1796s
  • max time network
    1798s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-04-2024 19:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Crypto Wallet Cracker v2.3 cracked By @vidhayakji786.rar

  • Size

    1.9MB

  • MD5

    cee74f565820e90e87f26e84b6f86e3a

  • SHA1

    0f9e1425e8135b5ff35d3086f5f15903dabc529f

  • SHA256

    cf87f1bba6f4c6ef4c6e445f85ff57be352f6b7a72cb38d59bd30408b78c82e4

  • SHA512

    6fc010446166831652b0cc77e5cbfbafed5dc518c5ce462873e9747f5606f3b732e64244dd504d0fbbe740421a017ecc4099fe8b2734bca019cd781530c793d4

  • SSDEEP

    49152:Z5UoI7SGS9PzMa50xUdRo59UjSMAwjkRhNvTCRwr6m7YVpBhR7Ip:Z5644xiRobUjljrR/VXIp

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Crypto Wallet Cracker v2.3 cracked By @vidhayakji786.rar"
    1⤵
      PID:2616
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
      1⤵
        PID:208
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k UnistackSvcGroup
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:740
      • C:\Windows\System32\rundll32.exe
        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        1⤵
          PID:4448
        • C:\Program Files\7-Zip\7zFM.exe
          "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Crypto Wallet Cracker v2.3 cracked By @vidhayakji786.rar"
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          PID:4516
        • C:\Users\Admin\Desktop\Darkminer v6.exe
          "C:\Users\Admin\Desktop\Darkminer v6.exe"
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of FindShellTrayWindow
          PID:448

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\VaultVM.Runtime.MSIL.1.0.0.0\NativePRo.dll
          Filesize

          39KB

          MD5

          d80d1b6d9a6d5986fa47f6f8487030e1

          SHA1

          8f5773bf9eca43b079c1766b2e9f44cc90bd9215

          SHA256

          446128f1712da8064d0197376184315cb529ed26ed9122f7b171bb208e22c0c3

          SHA512

          9fcf0105c2c9ee81c526d41633d93579bb8e2837989d77fb4a6523440415ec2d7fa46ac9ae4e55ecebd99126837817ac308cc079475de02667b21727a43d74cc

          Download Submit

        • C:\Users\Admin\Desktop\Darkminer v6.deps.json
          Filesize

          428B

          MD5

          f1728a969b6df0a9da9d6c94c5015e9a

          SHA1

          599cc4d8b5475259deca2bf4d710b11fb1237a27

          SHA256

          4f0193049d820402b1874e80fd12f131a9d9989812fe548aa7055ae9a406dc30

          SHA512

          8442b0626ebbf592fb0762e02f44dcb789ce256f85c83158bfbdb3e6e9ee76183340844b863c0bf9e8fa6db326840db6dd89ca4336ff2cd143ea4a485546ce48

          Download Submit

        • C:\Users\Admin\Desktop\Darkminer v6.dll
          Filesize

          2.5MB

          MD5

          460a1d30d612d23d859689fc4b7abc5c

          SHA1

          feaed5566dba9e34067fff9885952a3e891c902f

          SHA256

          654b4ebf1f7660d022dda238fcb72df9b5811c26c1e44080dc423050b7d00f67

          SHA512

          e34a8a5e3ac4af6912300c324b530eee1dcdbb2d9b6c230b9b4e5cfdd32621537d32ccbf0e89c9a98c7b3284a2542c4df515d4a9a10f01dcf140fa653b173e2d

          Download Submit

        • C:\Users\Admin\Desktop\Darkminer v6.exe
          Filesize

          147KB

          MD5

          e64acd0826c046eed8b42583adb58447

          SHA1

          fd145a3da1232e94d700f4052d4d807c2415a3c4

          SHA256

          b8e4871c8e64009dc97aff74f987aafd0466c224a0db3744631246caba1d9453

          SHA512

          28eb847cb02c559a8bd219a567608caac5209040ac9df778f385bdbb341cf4f93e602d2d555aa40126d077edf06286e50a3d385f8ad6c758936f96f85524354e

          Download Submit

        • C:\Users\Admin\Desktop\Darkminer v6.runtimeconfig.json
          Filesize

          266B

          MD5

          d720176a229e9d969b40fabeb0baf62e

          SHA1

          f2d8e97a6c6098a10dd80553eaaef7547ad32ba3

          SHA256

          321b4e463bbacd6113aa337511bdebf5e7356e9971744346b28424607c7b483a

          SHA512

          0844f9aca147014a68248c43310bf97e0a0a3679fc84650aa0a27aa09f70f56fa071c0ace1be80f0e33ce4dd3f865eae11e946d98d21af916dc1a7f945acaba0

          Download Submit

        • memory/448-92-0x00007FFAF6370000-0x00007FFAF686E000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/448-86-0x00007FFAF6370000-0x00007FFAF686E000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/740-44-0x000001D4BC4A0000-0x000001D4BC4A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/740-64-0x000001D4BC5E0000-0x000001D4BC5E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/740-39-0x000001D4BC890000-0x000001D4BC891000-memory.dmp

          Filesize

          4KB

          Download

        • memory/740-40-0x000001D4BC890000-0x000001D4BC891000-memory.dmp

          Filesize

          4KB

          Download

        • memory/740-41-0x000001D4BC890000-0x000001D4BC891000-memory.dmp

          Filesize

          4KB

          Download

        • memory/740-42-0x000001D4BC890000-0x000001D4BC891000-memory.dmp

          Filesize

          4KB

          Download

        • memory/740-43-0x000001D4BC4B0000-0x000001D4BC4B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/740-0-0x000001D4B4170000-0x000001D4B4180000-memory.dmp

          Filesize

          64KB

          Download

        • memory/740-46-0x000001D4BC4B0000-0x000001D4BC4B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/740-49-0x000001D4BC4A0000-0x000001D4BC4A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/740-52-0x000001D4BC3E0000-0x000001D4BC3E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/740-38-0x000001D4BC890000-0x000001D4BC891000-memory.dmp

          Filesize

          4KB

          Download

        • memory/740-68-0x000001D4BC700000-0x000001D4BC701000-memory.dmp

          Filesize

          4KB

          Download

        • memory/740-67-0x000001D4BC5F0000-0x000001D4BC5F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/740-66-0x000001D4BC5F0000-0x000001D4BC5F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/740-37-0x000001D4BC890000-0x000001D4BC891000-memory.dmp

          Filesize

          4KB

          Download

        • memory/740-36-0x000001D4BC890000-0x000001D4BC891000-memory.dmp

          Filesize

          4KB

          Download

        • memory/740-35-0x000001D4BC890000-0x000001D4BC891000-memory.dmp

          Filesize

          4KB

          Download

        • memory/740-34-0x000001D4BC890000-0x000001D4BC891000-memory.dmp

          Filesize

          4KB

          Download

        • memory/740-33-0x000001D4BC890000-0x000001D4BC891000-memory.dmp

          Filesize

          4KB

          Download

        • memory/740-32-0x000001D4BC860000-0x000001D4BC861000-memory.dmp

          Filesize

          4KB

          Download

        • memory/740-16-0x000001D4B4270000-0x000001D4B4280000-memory.dmp

          Filesize

          64KB

          Download