Overview

overview

7

Static

static

7

nestopia/7zxa.dll

windows7-x64

1

nestopia/7zxa.dll

windows10-2004-x64

1

nestopia/PlayGame.exe

windows7-x64

7

nestopia/PlayGame.exe

windows10-2004-x64

7

nestopia/k...nt.dll

windows7-x64

1

nestopia/k...nt.dll

windows10-2004-x64

7

nestopia/l...se.dll

windows7-x64

1

nestopia/l...se.dll

windows10-2004-x64

1

nestopia/nestopia.exe

windows7-x64

1

nestopia/nestopia.exe

windows10-2004-x64

7

nestopia/readme.html

windows7-x64

1

nestopia/readme.html

windows10-2004-x64

1

nestopia/unrar.dll

windows7-x64

3

nestopia/unrar.dll

windows10-2004-x64

3

安装程序.exe

windows7-x64

7

安装程序.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    11/05/2024, 10:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nestopia/readme.html

  • Size

    97KB

  • MD5

    e50ca2540d554b4b037e75494e61641c

  • SHA1

    646b847463eed3cf814f52966baa2c131387557d

  • SHA256

    94b3512e01726446c09883d9afefcd00375cb32af6f37b81644fa6a64260c9e7

  • SHA512

    3943b0b3a721a5dd5b814a547d7be8d95f786fa2536403a5a54b0a771a15432822dcd00803d4e966dd89d0ab1b971aba37afae9f565e659397f6adad44436aa2

  • SSDEEP

    768:CHvBs8mP+UStNrHS8Kcn8npDyH+0DmEdPNe+MVhek+Vpn8b5/m1zAAYOHG88LjAf:CMZSttTlQ7xaSOA8

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\nestopia\readme.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2064 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3044

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0637284f2c15546d79e59877f3f0f612

    SHA1

    120aedca9eaf851a148844a6586a4d740f7dd930

    SHA256

    953375a89643f6081c41d68186b73b9bb6f5714df0fd6b3c169f02831442f4a5

    SHA512

    f487f458aeea330d4a5f78be5a89010ae9051f8b7f0ec9f108144f640a0b637acc9ddc63171591a7d1796e51f18603dc9cf0416a5cac5c6114da9ae3fd71888b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b0f2399453e6abcd21a3f46a74506a5e

    SHA1

    b5085a1573f433f4ad3b864b3ec4694aeb8169b2

    SHA256

    4333dd935429442a95bd567fbf0381681d342fd415cb026925d2f3700a902c77

    SHA512

    36afdcb8515427d4a631b48836c1b069c9745de8cad6ea8af0aa3215845e7c4de7ce47f0f35fff0850977b437610ba43ed70e5d8792131650ed6644b92c86ce6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d36c4936655d869f747482cbead26c29

    SHA1

    2bf0782ceb199c4099d044315ef6141f9a08c5d8

    SHA256

    50f13cd3c94fe51c443cc92f897fc1d5e90a338de289847a55f8cf79c4f72010

    SHA512

    ff528fcbe52f460c39758a062714cc11fd2ee57425ef990560d16482690e87d71c45c0ff5f790acca1a648131813fc240c431025544d107778891164cc6238f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1f04b8a12c2db171f40c4244e3e465c8

    SHA1

    136d19a5e7fff1e891318c7b3152fa41e4b365b0

    SHA256

    3219f98f9f43c9a856e9806fb772c5041edce4fa3b1ecc3b13032cbdeae7224b

    SHA512

    c57fa0183cb8701d6b7328204cc36681cf1988a849e1a269a7c548692541145eb0e01ba56248de9fcdaf3bdd7bffea4e6ba06581cbdfb3ee291c581c1916c39b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8303f60db9f2777c3230914822ddf59a

    SHA1

    46bd2fadc2e59d719c7df1683c29d41e938d0de8

    SHA256

    35d1795125bfcb4a5f4f01a159a52e766cbea593221682069f3cda8e0c521846

    SHA512

    56585c888024b8893cf3d75b940f54eae64bfce5b16a1c277d79f5eab19c0861b0125264686b529cb3b6734fa7a9f6b2093c4f4e570c699c955061ad1f7e0497

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d5680a85cd469aa8a9fc24b79bf22bb2

    SHA1

    cddf65bd9c15d9e8f4dd0eec05c021e6cf1cf5e8

    SHA256

    cab71148fdb2a2b77cbe4949fb5798c1704e7951ba1d21b1bf3f097a9ba3f089

    SHA512

    837912015aaad67a10ad58d9f9d7db270c80026fd91b9fe25f06522620145178ef05e5b79b5af66e0c37912cbc9ce33b0438ac22a79edc04a9f7854fb338f041

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1cd2cee2e23ee78f9dd0782cfe2d9131

    SHA1

    fc0beb9c952c85d4319e8122576447946755288a

    SHA256

    6b7ce6ef8e143924576ad5a5b5ccf681d1a850d8f2c5beca3fa64b3fb9836c4e

    SHA512

    a8f44cdd9d362ef9c44f3aa020a47ac2ad5ffe0aeeb57b889e99bbf80d87a6398ca3e830e4a02c3ec0e96ccf302d72b4252a8a8c557e9e5e05ef15b406d5729d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c8966926ba1bf48e5f4bef1ae167c71c

    SHA1

    ef575824bd30c060f9ef328d7431452e3b37d4d4

    SHA256

    0b79fc96c16206c2addc9a4e7ddef1ec2c8cf9748f43f2b3d422efc074978e51

    SHA512

    f50477e6c28e2ba934334697ff1291635c0dee78e58639e125bfc8164c334dc10040ba5ecdb6a3a06d436281abe9c9d01edc71fa6ab5b2ce088e3361cb6c519a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1675846db394d595ca29d9c256e21e47

    SHA1

    89c4def1a1c28770e676479873c3628e7e973f44

    SHA256

    589d2a93154aae1fbdda3943674fd243b9173cb0285e7977aa1ae9dcc2bba07e

    SHA512

    8c94cd188bf4bb57247785f2fab0dbb894d8469539a5e28e82c61ca68f3c4082137f5731ca1000e500b48ae3a668b427a6308783051298ac3d8677079510b1f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3f84111feaafd82cfa221e1d1001f2d6

    SHA1

    5810f7d3ed174fa9ad7770daf3d8bf9585ea3af1

    SHA256

    eb152b2ff1eb23df6d8edd9070587a613f0f16046b1ff98171457b9478590e69

    SHA512

    20f72dc1ce3921b96dbe6d6e9ba660bbc8cf0db92d2b5ec8d74d0d14738613001134484e661fafc86193379eb09b10867712527628d504830f6baadc25bb53c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    892ab27f9fc92e49da1dc21d637d28e1

    SHA1

    29870c60b9b81709f68020356ba7011eb8b1f54a

    SHA256

    727aa340266b6d0f3ba7c231ba466fb9c0a2890584d9d9ceec1ad77bce3c32c9

    SHA512

    d3d80d9816a648eb04a20cf012b322f58a42f6fc2db43da3897276620502c3e61bcfaf4991413bbfd46d5bff3efe587ebc5414542eade278c792fb2543e5f38d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    645c5b69b5f0bd95a4f939cd7ebd97a7

    SHA1

    6a05e766a0e23314666e271e3d21da32ef4d092c

    SHA256

    c940e8026ea1ac0291d5e1bf688e037c2e4a37a06c0c49f5ea5651b65efd7fe1

    SHA512

    06293a38e8e37d512a231b38a03806945d5be7184ee5d8243b658b41384cc394be43ba88e3dcd8f64c72dddf45ef02a1c5926523026277ce4c5ef6692248d0df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    96cfe90b6282cae31e0ad38fb7d32a3b

    SHA1

    bde920a8844b454b3c96862a9348360ca556c6d5

    SHA256

    ad22dede1f973949c9e4e95040ea231e8fcf4f912aacae2433c30d798dd633e5

    SHA512

    7c1178491816e4f1e24a7a01828c68e42ea267ec7706974cc006ad8e65555fdebdf37a8907310f8ccaa3b442146c0bb1110eb16bff0531eac8fc555a118e5c5f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6c226e98d75642e0e736ff885ea94034

    SHA1

    7f90288d2b3310dd5c20a78f3c550848fbdcc9cc

    SHA256

    2aa40539b230c358dea6e25dffcb6104e5aca636c2eab91c56fc52c82d90d7a4

    SHA512

    1555ecf90ecfd4570f2e5b76a2933cd4f0668e6b08e8b7e5fd1842f2d373b6f963c6389812c5932b827f9b1a6a2d10703b79a85abaf4998fcde1e959a9feb409

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2d370b62d226cf4c331cf3e747fa2905

    SHA1

    c90889a70fa25bd9971e20ed539e6051a5783be3

    SHA256

    41de30fec3f4ea6d966af59d4c048482f6f85cfa79066e20ab05298fb2e1274a

    SHA512

    d5beffa133a0f27e0f308e044d2dc2565521d74fc6a75c1fc4b69c516bc00ae60d8df49e779aa1be607e29df0fdbe34ca61709a9df413485bd7303d77359552d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    825669a73fc801b78064f7300338436d

    SHA1

    cc320e079742a367f8c0ac53d9b21d607e7d97f9

    SHA256

    503554bb13759f741be38f8720c8897ba06e3eddb3ad831bfa627a1959aa711b

    SHA512

    50c98a2a83743a19eb45ef76ab03e73c4b2c156a4fe44b9088737fd47c4e1550957aff59c9ae6d39082a4bf09d2fd839378fa3f902a62b3ce324fb21e7ba5be7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b49bbbc80c7f34a4c351ad6182d9e028

    SHA1

    5552887535c22c70b6cd13085e9696caeb5f8934

    SHA256

    5824c15a4b41c1ae923c4e37c8b2e2dc2173155a38a1a1bba062c3eb3630d8e5

    SHA512

    ec6fde20172b7b1e5d393ffb21b8ee5b64707e08457640b1d626ac2e224e22aeaa90b4642307978cc0869e4dff090155c9e7ccc56ebaf9762eb3eb42ba385892

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    44ed2ccd42d7758fb8d46ca44b14b590

    SHA1

    dc9ccb3e33f1f2d1796b7266512e24aed6245c3f

    SHA256

    41ef2b6129c55fbfc39f1ead4ad4a47ce034455edc1033c344422db665b41f22

    SHA512

    f01179dd109653449e165f4f8c70a4459e01a22d67e571ba70a87221399082f1af2229cb85b9ba0797162327ea705a8d83be7845426599c12d52b4e293e21c82

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d2099bb211e16f8d0a2f07b72eca5314

    SHA1

    d23cf92e0bc3a089b23bd89dc6a4e9f14ace0a2e

    SHA256

    11b0e5660cfe51c14ed7cf550f846bb8a754487612391b5a7fa715248ccf5cbf

    SHA512

    28fbeadbebbc4bf757f07ec8b19989f5be255d39e710e9d2d926f7435a38987cd024033603434001f8043d72cd7e6799a6bb078d6a377a0e3b09e1bc3004ff34

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e5dad0bac8a842926584585d94432ba7

    SHA1

    23302412dbff3258ddcb5d5525246b2c27b5675d

    SHA256

    5e20be2a46a626326331a80566dfb7468e2cbe5dab7ee62e392eaee28cb96edb

    SHA512

    2870bc0cb35547e8ad53162a1f65ed2af562257ef9d5fdde4ab0445c9a3b70560847c0719133a036f4728b618c3b512111b579c427c00252aefc07906103e5ce

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2001.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab20CF.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar20E3.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit