Overview

overview

7

Static

static

3

Forza-Mods-AIO.exe

windows7-x64

1

Forza-Mods-AIO.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    21-04-2024 09:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Forza-Mods-AIO.exe

  • Size

    8.1MB

  • MD5

    6d6017acd63d1b7544e6646434fd0304

  • SHA1

    e13f06bf9031ac15d7bf0c032b11a8db1af6da43

  • SHA256

    054cde7e8789ab43280ff6c5347c0f0768e0f9fa1be6f90cd1554c0138448bfa

  • SHA512

    62065b08b0e5e364cb4cdcc7f4db7498d351954d23f4fb2f355f7e7709ee9e2325fc799ea40adabf9580ee4c305f6f5e3334eafd6c4d84454ed64df50d966aa7

  • SSDEEP

    49152:43IJB/b53as1gM2bq7mTv+iru2ICLt/YUdj/g5t2gQlX03yEFNR3hIhwkm2vysy6:J151MysDlXV2phIME9o4Ey

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Forza-Mods-AIO.exe
    "C:\Users\Admin\AppData\Local\Temp\Forza-Mods-AIO.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2784
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win-x64&os=win7&apphost_version=8.0.3&gui=true
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2020
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    62d80844761a8d334adc34e91c71af7c

    SHA1

    d4c2200a4197a43f55505cc65a52fc495bd1c661

    SHA256

    4b875ce4e921a94237ff21f08976afd1d85a399c88ca6577a5e30fcd758b372f

    SHA512

    386e7e143e5209649fbc47ed62ffa91543cf329ca93d3bf3cdc0cb777290d24717c7bc77d6e6be1b5b18713e2bc36e509b58943f25266e8356b22aae4e93f67a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    174f644a17df67621bc9ba7313e19710

    SHA1

    fd4055c86e3c852c077f8fe4d6ebb5ba9c21e560

    SHA256

    f4a5cb0056926bd58f2e7d58a80f85b58276ae8b2c15717776e04f2b7791c28e

    SHA512

    1e899e859ccc27c63d3f414f4e467f2a8ee921d254a6c328d96c04c0d6cd2f19458fe2634d408e36829cd7ec75962c9bee58a40469940eb621bad1f5d27f9ccd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    91f0292df89263849508fbd90f04308f

    SHA1

    7ae5d9b8e91cd06ab5f51eedc9b84d479445325d

    SHA256

    5b32d17b1ac3dcb8787a6afd44b0679b2c4174458e67822cdb33a52e1fbf2681

    SHA512

    14f8a4510d8a462dc48acc6b9c4f33f77b2530dee840d7939419945c900a255fbb08898df671acceafbbcf4725af9f88c8aa24f89bb8034f81cbb7913e86366e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2c2f02c10004bf2c01d69d5e7b19c463

    SHA1

    e619618b84d8dadd108a9b1c686f87f181b4d3d4

    SHA256

    f41f169758b52fc138555f01b1561391513dfc2b928b2e4f5e3a266981b1f8b6

    SHA512

    50ede221ea53a7ca6d0a145a4316815fd77aedb5a9da2a5fd634318560f7ce2e43f10d148a1f2bff96de8d8f1c6b1b9f12579fafddc313d7fac891852a9bbb9c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1e625aecf548ea1124459b0b27ff64f9

    SHA1

    ffe731bc8fe087dc5d0ca0e4b45ef8cdbe970e6f

    SHA256

    bd8984fb9890e9d3801cb8d1d6d0d879da9c3be52fdd56b041f3bbba82b7b845

    SHA512

    87e68471ca68d148949c6d8e320c54bb263b466ab88fae74db08a05d63aee98d98af9f4fc02137f959394775ec6c38962c5a16b45f9b8e885f2256b2813076d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    03ee61a96a5a8276be658893f0632683

    SHA1

    090ad20ce7c71756ca6f9030229d374dd4eb593e

    SHA256

    7335e9cb6281d8fef3692c6feb62c0f24f378d2dc8d8168693f1cd63253f0f05

    SHA512

    8de9059170ed070acfefed485d5e39b54620dcc3598a511df95dc7c3e620eac8e86422ad8a36291f5d379856e473e3e7954117dd1c6174c8d3d75fcd36d9ac01

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b7961ce20bfe55d294e5a1e8fda51300

    SHA1

    ad32506ae958866f096871beabb00a67ee300682

    SHA256

    61eeab11f243791e44a1627fe13593a49eef2d152ed5394df3c9b281bd89463c

    SHA512

    6ace325ee9448b849dc85a926e11a41541ff4e8d453b9a8c720d3cd24604ecaf8796c847fd9cc30828155badbb80a4f70aebde102e2697fa3f67616e3205898a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bf2ee2bef006853ee9fbd3ca7c10ac94

    SHA1

    41475958fef8588f3298578ad1c1d808fde95e70

    SHA256

    4904410a50f3e72c83fc4dccf5129e67dc70f0f8b574b8bac529b77f50aab86d

    SHA512

    d68d5e03e7c6acf69b172434239f66061541af5d7eb63fd7f8e07b2dca1549800bfdf4feb91631f77de9b3f54444a7b498e4c834622f88c2015445012ce0c53b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aa62a49ccf4f28b73c89f9472901455e

    SHA1

    037420b27d3cb85aca68d2c1a9e279e99d49bf02

    SHA256

    93be5d30ee3a508ea61de2a7731631543d7b9599c9dbbee6019efce64af2d9eb

    SHA512

    7ce2f7ec00b6f2a253dad5660d03ea6f7eabd6acdf4db819a740437c6a65844a5c98d74faa65d75383a5009a5416e5e9bd9e35587365f62e8133d54eda504ef2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    421d611ab30cf09f4577b9821f24ef9c

    SHA1

    93af5a517af8b9de0e3740667294b4a968a7ffbd

    SHA256

    c03b2c54848f9474335e16484d94c52f378c9b11d9a36b7ef464bd53eb8205a7

    SHA512

    73fa5d42d73a6f844a8b9cd7603b8b69497fb8468b37f334d2fd9a553d3bcb072b309e45a7c412fd02ee5d8382a95d6f96d8c30659c5ed058df06a235ba0b6c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c289771b84b4f11a82daade35ca32614

    SHA1

    3fcec487234f8a26dfc5c1267665923821375b13

    SHA256

    0ccd9fa09a547f35a9ea82a5fba86a20c58457638aa37618dc85b8d64d063d05

    SHA512

    0f334786e1439bb68108b0e43ef6347b0735a8b88c68f537d553bc03add13d284ea56c920de9eb885e74a6298ca79c6b33ad59e120c5a89a07a0d521b6dcc63d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d88f8b1189218058bd3e334d7f647ff4

    SHA1

    b327f95f2b8e2f9da77776094370bc491d30ab75

    SHA256

    2484364bd42000fd1650eb7ac2ccd33fd49c88cf4282be9d5d557bd00cf99206

    SHA512

    3ed1eea9db50f8879b4d14deb7dc541b8a51a0fc00330112a5d958948b5f1163437c88c39bace48c5ea3ede8ee445335782c9e361faaf5ce119e8b304cf6c538

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e0bccd2b320af1acfa9736b5a4af9348

    SHA1

    522c7cd15b2cf6fedb0d6088fd364cb605550ba1

    SHA256

    db35913340822668c5f05c5267f0c0ad5937aa7558b855a0f37f48c78e6cf708

    SHA512

    da3ba14aa8b0e2aeefcb96c72b99c2af498daa165920e6ca714468e18b6d942937f4f1ed3144c43df78c1d30d93f3c6b2df3c716ff15c5b6251b958d32571200

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    990f64a730d7e78a5550ab67288f09e3

    SHA1

    b74d938a5410fa8c560c912f9705fcfade533bbe

    SHA256

    4f379a4ab320ff1f4a19057f278722c56c0648c0356e5a3a4853455f3a3b945b

    SHA512

    05dfa3e930deb25bf1bbca3f7d8f5f06fca98f59ef4b0d29f7a5fe870f4073310db9ddb64d2c501106cfa9b45f444971a52a1b40175626308da9528db4ff0526

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2EAF.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2FE0.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/2784-0-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download