Overview

overview

7

Static

static

3

Conan Exil...un.exe

windows7-x64

7

Conan Exil...un.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/05/2024, 17:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Conan Exiles V14.10.2018 Trainer +15 MrAntiFun.exe

  • Size

    4.7MB

  • MD5

    6beeeb6e7ccc493174b6f31b0f58647d

  • SHA1

    d2453758564d9f53130804e7f204530c467312bb

  • SHA256

    370c8b72c940e62fbadae2002ae2c9fd96842f4ab8295b30d8a1be483b8d19ae

  • SHA512

    4e695be6c07e867450efd9f537584a8b94cd2d8a6a6aadc601430234e8e5e6e06149891b51f58b4ad9845f26f78b82bb8357c19e4f9c71af427f654610adb428

  • SSDEEP

    98304:X/RVy4vhA717B2zvSvcsitU0s58PivwIooEn4gaX7Ymv/71ZOPb:X5VyXF+vstgU0w8wwhIgaLDHOPb

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 46 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 16 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Conan Exiles V14.10.2018 Trainer +15 MrAntiFun.exe
    "C:\Users\Admin\AppData\Local\Temp\Conan Exiles V14.10.2018 Trainer +15 MrAntiFun.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3612
    • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET3CEA.tmp\Conan Exiles V14.10.2018 Trainer +15 MrAntiFun.exe
      "C:\Users\Admin\AppData\Local\Temp\cetrainers\CET3CEA.tmp\Conan Exiles V14.10.2018 Trainer +15 MrAntiFun.exe" -ORIGIN:"C:\Users\Admin\AppData\Local\Temp\"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3840
      • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET3CEA.tmp\extracted\Conan Exiles V14.10.2018 Trainer +15 MrAntiFun.exe
        "C:\Users\Admin\AppData\Local\Temp\cetrainers\CET3CEA.tmp\extracted\Conan Exiles V14.10.2018 Trainer +15 MrAntiFun.exe" "C:\Users\Admin\AppData\Local\Temp\cetrainers\CET3CEA.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:C:\Users\Admin\AppData\Local\Temp\"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:3248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET3CEA.tmp\CET_Archive.dat
    Filesize

    4.4MB

    MD5

    b743ca34c144198a7edd746965588570

    SHA1

    1687485cbb97f71927e93cd266c6d750080738d5

    SHA256

    151a8eb1923a01582f47ce19944ce61363d32b2d26532f76cb60a78581b8f352

    SHA512

    28ea8e1b1dcc57b9553c820f74840490ca5bd6071cc98ece9026be2a32374869a91e745282d0c00eb4b160e7a933424655e9b703750aed3ff8186024f88a3722

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET3CEA.tmp\Conan Exiles V14.10.2018 Trainer +15 MrAntiFun.exe
    Filesize

    193KB

    MD5

    6852660b8cbb67ee3f1e31bf2f1e0afd

    SHA1

    c1b790e062f3a13d3e2f90c58e92ded585abbe3b

    SHA256

    cd86234cf14dfc0e66ae9e575326fd0cf74723a5a60337f7079c0540b6da5c8b

    SHA512

    5722ebf6bef799721464094c6d6a81931bf8f78bdd1fbe12b153cf7b0e4e9e7307fa7a01e0cc16ce885c20c3a0a3cc95d6a7d86413f0c61cca3450fa565dd6a8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET3CEA.tmp\extracted\CET_TRAINER.CETRAINER
    Filesize

    758KB

    MD5

    23cd7ef43effe0c7b8e405c8d9a86587

    SHA1

    4d1f8c64bf8dacd6c79481f99a15c2707b8ab914

    SHA256

    a83b142da2f53627efd59342a39abdafa158f05c456db268ddc8ef8ffe93d987

    SHA512

    79556e602ba4864fb7ad110376832dd77ef0a98700615d6a9d12bb9f88e93ad99041e7a596306629f504006cb8f328afad7135fe5a97f23dfac8ab451e8d0c7e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET3CEA.tmp\extracted\Conan Exiles V14.10.2018 Trainer +15 MrAntiFun.exe
    Filesize

    10.4MB

    MD5

    8c7c45de05685bb67b8c5b9145615362

    SHA1

    e927c9141bc3c0500762c58a6163edca6886cf35

    SHA256

    29a8c2e8cb60df0ad57a218cc91d67bdb5dc032ec4cbabe9d377ca04a28639a3

    SHA512

    dd1e1b5d399466727467c0cde9bd7d9d618dc2d112147490e9a35ef46a7a0a56e49184ef4bb45229b3b3acb3c47f9ee10b6901861033808868695780dde973ff

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET3CEA.tmp\extracted\defines.lua
    Filesize

    5KB

    MD5

    1dc41a0a351e745085fcc98a3933d91f

    SHA1

    bf1e7d333e6d7b3d4bfe5cdcada19af1931dbe15

    SHA256

    a2e02dd32f0245ff31190288b368b3efbbe7c48a95dd22c321231c2f46597d9b

    SHA512

    76f171411d028e72613859332f381f8f26e85d1844c143a8888e4937ca72d7b38ffe66ce617eee5e8155ba034dcc559a9417b5def056bb74227b9bae392d1440

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET3CEA.tmp\extracted\lua53-64.dll
    Filesize

    500KB

    MD5

    476cbd8e116ef838a0b161100ff744be

    SHA1

    72a6b00754ff4a1a6f2bbb75fbce9d2fdd475e81

    SHA256

    c33f2e8ba61e5517b2598d7920b672326ff117ed5a5bdcddc125c6a5a328886e

    SHA512

    b12dee6fdc493bdc7e65d446433d942802c79564f6a1f56a1c1a7e2e3f76d270af9e3d162d368fa82d314a37d98fef1569bf90f275b0e059ca0eca49c56086d8

    Download Submit

  • memory/3248-17-0x00000000081D0000-0x00000000081D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3248-19-0x00000000081D0000-0x00000000081D1000-memory.dmp

    Filesize

    4KB

    Download