Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25-05-2024 08:55

General

  • Target

    FiveM-Spoofer-main/CFXBypass.sln

  • Size

    1KB

  • MD5

    e1690af0ae70b5a72be890b21cd494fe

  • SHA1

    426cc25d2c8844cf4a9036c24fe6860dc3309bcb

  • SHA256

    643897a48a22c67db958b9fe4bc24f1fb1df45da7772714dbe74c27c39c50528

  • SHA512

    57decccfe5f8ab15296942615de515a5c04eb1d78c6a964289f2d6ea6f13f658080c7bc79b607ea6b330a29ec5d84938d25acb208cdd9253718630a05aa338ac

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\FiveM-Spoofer-main\CFXBypass.sln
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\FiveM-Spoofer-main\CFXBypass.sln
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2068
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\FiveM-Spoofer-main\CFXBypass.sln"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    46e4818b81da78eafa2655e9ab12873e

    SHA1

    e5f76f4428b6fc1417a7dd20c4eb8a58fd1d225f

    SHA256

    a5c46015db0eb3ac399fb5a0fa3463c035a73aaf1dbbba80ea7d8cf20fef6cd4

    SHA512

    04ee4e2b9299f44170b951444ba8c14e898c5f321a2333a9fcc2622558a98188efc841cf7b11d2558aa8eeb1f619b8db519f84d3a35782ea269e889c60b1f48c