Overview

overview

5

Static

static

3

Borderland...mo.exe

windows7-x64

5

Borderland...mo.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    122s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 19:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Borderlands 3 Promo.exe

  • Size

    5.7MB

  • MD5

    af29ff19ff976286507d1a8859cf9228

  • SHA1

    5c38fc38e56621f9d772b46d6ebe354690ee0907

  • SHA256

    79cbcd827e86ea07ec8d5e318dda7fede58bb640445be862cac5ec5c2ba97adb

  • SHA512

    5c14ef02df3b97eac8020dbeadac420bc6f6bc4f08a0162f6bb30e9c1d6adedfb2abd386ffaecd4b24e911907897600c28f2d745d400fa726e163c5590b08ecc

  • SSDEEP

    98304:H1ZtVE/3b/AFNdqkeS0TbHhpF6sBETjc/DwS2CYcHzkHHIXCyOPKyTtIx1JPiKK:VvG3b/GNdq9S0vHhpAsBcjc/MSwcHEoA

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Borderlands 3 Promo.exe
    "C:\Users\Admin\AppData\Local\Temp\Borderlands 3 Promo.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win7-x64&gui=true&apphost_version=3.1.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2092
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2092 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3b53e68b22635afc0e3f98d91d1b8864

    SHA1

    d5fb84f798e0cb78baad6beaba2b540a9ef0fd43

    SHA256

    3da01d74f37819f7da900ca8bb51d2ac1573a2b69ee1700bdff1fb44543ee6e0

    SHA512

    bca4eebbf9070b0a0c50d263647128c1455e968bac86b040e1471e94be3477f6219633744cee297b103391394a953ed1bf934c79dba3854f1192b1791c109d86

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2f10f0433dcb6876b2d036ac294b75c4

    SHA1

    a9f9d9e362884556128dbd7f9842995c2163a4b2

    SHA256

    e09909440ca5232488099899a249b69836df09f4b07f791529a365419b126dc6

    SHA512

    dd8c968b2fb978d077c3c43929c75883396bd6051f4c49ca25dab88d186b74c2a53b11c9af231c6cf72a777c51ffd3184c8773e53074fdc8628c357668f9f48e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    040bad40b14c252ebc51828c0e3c53e6

    SHA1

    5b940703cc01e5e5c31a09a3ddb8b3aaa2bf4186

    SHA256

    4f8e0aac1ccdf147a9df8b182ff1ca544eb3826de7e6a0d973f406bed8c54882

    SHA512

    0e4228aa00c444c54aa496fbb2d45c24f76f607a04b87d2b23a7cef1dbfadc2ac3e903bec12aaeec8c0ab1c8e07ea65410e181fa25c043a830daded3207cd494

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4eb4531ce8d03fa895b85cb8515e8e30

    SHA1

    0cd04b921299929df6478099e53b22b56d671fe2

    SHA256

    8991bfcc2f6f40eaa164554710216e1626cde7fbea6bb01ab62dcdb48a70d905

    SHA512

    f6b1ca9cdd7f4956361f7a362015354c45336034c65a1bb78a3b00cc97a8749cf72650c86d68d50f4a86dd055cb984553e850e0724b501a4d6d78641c6e59899

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a394c28cca7a2eafe61a974ab4d355da

    SHA1

    3d32640f815fbc71bf6e2dd21af94bf7f1d92d65

    SHA256

    158a5683ec8cf4e33e3f6a01ceee94d49c81f47e237aec3ef97e6bb0d4f4fe55

    SHA512

    fb4f99ec2b2c8390905e3b076b76adb38b07088c4223963d27d3c720fdb21009a770f79de4a6bfa4b5250f611c9e75029074c67d1af095e59c9e3216d272960a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    317492bb31387f888db3996c7f8b15e9

    SHA1

    28bcf5eabeb2602ebfa42eaeebc41570dc3cbe15

    SHA256

    2794593495507012b4afc143c90b4558d8aba5330e0c5a2ed03dc71341ee2e24

    SHA512

    e22ee7bc88f68896e30ac1644375e36bbfea61d27e7f648c8a3a75b1c2229f43a32b61e8f7adb88a35f5dc64809b6e6a524bb1fd27c29b696225ac200d28d0c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a1c9dff6f6c7f4082800e0c5e9268a3f

    SHA1

    1bfe6b6c7880af6c0bd3a23e4ad5a52500968f5f

    SHA256

    ffb5b6870c0528935971058bd4776e79a6f2ae6335ba60f1bcdbab8ac73c6cee

    SHA512

    c584cefe90a0814c23b4f2e25f470fceddca681873804efc6cec7b3bcc23bb0867724e9376ea7a7bf613de43b47a11dfd25ae282ac018e8fcf6ca9663919c10d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    64cc35833b9895666d0cdf5fb3f4ae71

    SHA1

    9dbee106e0f63b561f9ea25de2f9c084c3ab246a

    SHA256

    1807d05338079d35468d0497580e8b1d09f7ad5f7b017fde0788a8a6063fa930

    SHA512

    654a8c7ff19fa4f7899b7c1f31c19d03941559d7c4cae4ed4f5024b6244b063c0966bf8e3ab7895a623a0809bce9891dd9fb88fdf629d5bf1912d1475b0b9141

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6f881b79b0c80b91bdf458c007ed3142

    SHA1

    acf06721fa4de0060ad12a4b7ebbca569e8a81f7

    SHA256

    4d5a2a699de091d547b54ccd570879cf22a2cceb75f68f151d466159c6101432

    SHA512

    b45d8c669a8de2c6a7c95f4f31ecc595ef18f47708d4947d73694bec2d554bc6aac83b018650e587158bdda5e31878c368b94083058aab466d807f7b3fbdd1a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8beddb62310a6bd61ad86e5dc4112cbd

    SHA1

    db27f2d7ba7dfb367e77f355e922b2067b43e4ee

    SHA256

    07adb323bc34ba75d5425c22912eeedd7c9b6f206790b216a9fc9d072f1b3f2e

    SHA512

    07e15eda2de1371da0b1569eb782c83c638243c966d8e75070ca69e03503dfc9ce07d5fba2b54972b713f05d1a374a4a66bde267cf156de81841ed52901dab2d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b8e39caa338702afdc117de5cc72a7d5

    SHA1

    da7a3f49299971bac8bf64c2c0d411648951d37e

    SHA256

    1d5820d90e210a1348134cebd6359510ecdb40d383e784a7fd995255e358e40e

    SHA512

    a2caecfc38255782c3f0b0328223165387c0273b32c64cc3d5dd5e21a28af627ec72cdb64461de68457835a27dd3dfd3c4100c4b2bf6a0fd73242345f16dfd70

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dee2648a9c166400437dce0ab58b8f17

    SHA1

    c223c25866461f3cc03c113834538c3c52e00184

    SHA256

    50324c6433f8a4d44158ae28dcb06b54d81e164d4e7102ad43d41623e8589bcf

    SHA512

    ad42b1bc51539d11befa22db5bac192348c931a2f246967c75a912e92e437eb7b2b21d12f1f50a32f95d76a75594c485db8ce3b4450ae85441a2dcdbd48ec307

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a2b11a0a1442a4539bf0d910181297c2

    SHA1

    aedb20879e8d54c0eda70d263e5d1d0fb37cb5f9

    SHA256

    74bf023fbad5f112115ea88c7ec62bb58daa00289b262371b018625471ec1cfd

    SHA512

    afce985ac894707bc2c3cfb1592398de260eff3778adb0490354955d886b9a5365c0bf288fbc0c1a5bb94abf2d11142d52c5482506fb104586921ad4a0f14938

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    adfb922f9a8c6141fa48f5b23cd1310c

    SHA1

    da9a663d819697d0d291a2894b86129c0f1e75da

    SHA256

    8308c87c7d043fc2209fb0999b3ca7519911f0587d9a653c2be66e11265a3c1a

    SHA512

    d767692dee07aff703b221034f2f32475c12619dcb0a45f023bfd0b3cb5ee324bf37650abf1729ca12483f9ce98982f29585829c602123e6e1c655e3ffc5e159

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7c1587895ac7991a42e56639bb10c9d1

    SHA1

    2d12c71fbdce50b9f10797560c4955e050c1c47b

    SHA256

    dc8668f511d819c71bbf756f2a1fb1b89ca7cf8431e3d9f3952931f0776f183b

    SHA512

    4091c5ce8c0809afd092d88f09e8026e47abeffa75b8c848c6cc45349ace98550ade05995add167539f74439a21838f728f07e00e0792be9e39077f25fb65db6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6d5ce72e21b1e60812816e362c384f5f

    SHA1

    6e9110262c9599ff9c5131dc3fe6cee0ed769354

    SHA256

    77f4e0405a765a4acb8a9840240189b6533dc29bd9d37bb48a1c85785957c402

    SHA512

    7d48283c08a39dc9dd5dc58696a1ff85fabb2d9f2b7c298ab168b92bd04c3671141c8ea8e5a12e2a1595ec3d5e0f4df2f6a42edddd606b339d5c1eb1ee6ac49e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5f4ceefb90a170690275ccc4b0f3286f

    SHA1

    38b0e90e9fb28d5f6d885016f3756fae682775df

    SHA256

    b2294246e6deef2c4214a7303e3d2763721dbf87af4c8341a43631ebe4fceba4

    SHA512

    2eff51ee1dac982c2ef4e416b3554e7595b1ab747304494963d25ff5857a84a51c603115d1bfc213ba74b1723a39131525d50184a28d7ae03fb66d4db7f1d952

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d4e696d7d2ddc002b9104f90de7f3eb1

    SHA1

    aa1a462c94e52b716a3efebb84448b393dd8163d

    SHA256

    dbf747685a822d740d713d22cdd60bd9472be38f168fcccad3051aeb6f5c6379

    SHA512

    e34ca84c3fb10439fc8ea8f90e56fcfabb9b06ea051d910a3c94af2783752c7786db62a1595ecdf97b309cf7356594296fa193ac9a95c4ff1b1b80f4df93c23e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0c475d8189333e16cb4bef3c44ffe230

    SHA1

    3302ebe208b9cd51c1954c6754b04d6fd9d742ad

    SHA256

    ccbc02020dfe4fe2e28c36e68e4e1949e944454bb7a2a5bd6cf55f43fb7fe709

    SHA512

    cdf13d3b7262c9f5171004b3f56d17536efb3c04549d8482120616e7e77892e7b2ffcdb905a2789f5fd4288e19e3e85bb53756023a3fcb0b7af85d1b2c8f3013

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e07e9d5e7c443ccbc56b67af47a2e97e

    SHA1

    8cfe4849cf0072e2c1899c36a21b17864a4f14aa

    SHA256

    cc3f61bbeac5cc2f4f5e56c7a29eab2ff01710b43b7aabfeafcaeb273f80aa70

    SHA512

    6345b7c84ba41a0dea24faafebfd3faeef3af6f4a174bd30e4cb631236d8f59a45bf02e3d7a2db61569e7dc7bd5e58b4d1c2bc21ee399cedd9089a3b1e776cf6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6b9999cce60c87c2a42a0fba6c85bfaa

    SHA1

    97e8f1b981ed3caf8bf7ebb82bbeb7ce3fa549dc

    SHA256

    0654f38e3f38700c474a65758efbcfdd852f4165ed08cde376c6b1d847adf069

    SHA512

    90badd16092f8ba90cff84b7a2c4b201623266aa3957d710a99288fe5d37c79efe2770a9477482b0b406bed9a8d96f9bc3732d8ca8ef7c18eec7ff6ed6e9c874

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0ab69616584f8b7ab5e26c771e71ed79

    SHA1

    3ad5d9d907e10fa1799ddf827ba99496a5f622a4

    SHA256

    0222cf02ca37909d3297f45117498693b2e54498a97d3381dc733f36df5ab66a

    SHA512

    539f9a481ce279ce592319297265b98b2e69ce49acc2357ce662d9621841fc5866946db52db40a09dc76a7e34df5a36deba1d024b3e660685102fc5314075fa1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f71983d843bcfc1f99e26b256871c90d

    SHA1

    4401221782425acb0606f2936db1c31d2bb71cee

    SHA256

    28e5792ae7a35ae1b1e19a02824adc78a3c62870c34be412c6b5639b43325746

    SHA512

    d53bf4c928fae25a0e0deddc354b0c79d2c97795ae2bd796b471e60f4062cda01fd64ebbe1853b3479fbceb22b68a2b491a59dce68d4fcdf6ebb84ddb2327cb0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar46B8.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/1964-0-0x000000013FBD0000-0x0000000140B3C000-memory.dmp

    Filesize

    15.4MB

    Download

  • memory/1964-12-0x000000013FBD0000-0x0000000140B3C000-memory.dmp

    Filesize

    15.4MB

    Download

  • memory/1964-15-0x000007FFFFBD0000-0x000007FFFFFA1000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1964-14-0x000000013FBD0000-0x0000000140B3C000-memory.dmp

    Filesize

    15.4MB

    Download

  • memory/1964-13-0x000000013FBD0000-0x0000000140B3C000-memory.dmp

    Filesize

    15.4MB

    Download

  • memory/1964-18-0x000000013FBD0000-0x0000000140B3C000-memory.dmp

    Filesize

    15.4MB

    Download

  • memory/1964-19-0x00000000773F0000-0x0000000077599000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1964-16-0x00000000773F0000-0x0000000077599000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1964-11-0x000000013FBD0000-0x0000000140B3C000-memory.dmp

    Filesize

    15.4MB

    Download

  • memory/1964-2-0x0000000077441000-0x0000000077442000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1964-3-0x00000000773F0000-0x0000000077599000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1964-5-0x00000000773F0000-0x0000000077599000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1964-6-0x00000000773F0000-0x0000000077599000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1964-4-0x00000000773F0000-0x0000000077599000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1964-1-0x000007FFFFBD0000-0x000007FFFFFA1000-memory.dmp

    Filesize

    3.8MB

    Download