Analysis
-
max time kernel
138s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
30-05-2024 22:35
Static task
static1
Behavioral task
behavioral1
Sample
FizzyCheat.rar
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
FizzyCheat.rar
Resource
win10v2004-20240226-en
General
-
Target
FizzyCheat.rar
-
Size
65.4MB
-
MD5
2841b69d5b51b4b47da33189a8b411b1
-
SHA1
01f25d1ae52f4b657e1f1cef6be95c538835bf5f
-
SHA256
2e992e8dec38852aa826e898b601fc3591b982b10162475704f3394e4bc5f0a9
-
SHA512
54272c7371963380dec5b5d73749a5e47ef36133ae268cca980d1e649daa18426d6f83b38b61fb530148d7f2fc418a78e7a9407e96c6de138ca0264f34380530
-
SSDEEP
1572864:WeQrhsjfHj9wrH7kdFgGwjbmBR9P3++GmJnR1HT5UVZoVDKA:W4HRaHwdDMCBRJGmBR1d0ZaDt
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
Processes:
rundll32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
vlc.exepid process 2664 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
Processes:
rundll32.exevlc.exepid process 2256 rundll32.exe 2664 vlc.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
rundll32.exepid process 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe 2256 rundll32.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
vlc.exepid process 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe 2664 vlc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
vlc.exepid process 2664 vlc.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
cmd.exerundll32.exedescription pid process target process PID 2364 wrote to memory of 2256 2364 cmd.exe rundll32.exe PID 2364 wrote to memory of 2256 2364 cmd.exe rundll32.exe PID 2364 wrote to memory of 2256 2364 cmd.exe rundll32.exe PID 2256 wrote to memory of 2664 2256 rundll32.exe vlc.exe PID 2256 wrote to memory of 2664 2256 rundll32.exe vlc.exe PID 2256 wrote to memory of 2664 2256 rundll32.exe vlc.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\FizzyCheat.rar1⤵
- Suspicious use of WriteProcessMemory
PID:2364 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\FizzyCheat.rar2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2256 -
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\FizzyCheat.rar"3⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2664
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
86B
MD574b9fb954e75a22593c8af07b109012a
SHA144e339cc361f8948084b4c296ecddd92716d118a
SHA2566f1335919add21929992f0120305ea905400729a04bb616b66f04454ea143afb
SHA5122a4c5abd0373dde5d6c501e9039e95bd8e166eff766fa875d4108961be7a7ecfef9feba11997e24de1358b69dd3d5c338a6f126cff7293e19840a362dbd74e2d
-
Filesize
18B
MD52a4006ee7a5e9862693c9ca25470a226
SHA13f19ab02ed708349ce5f7e347a6d120237c02d20
SHA25659938d1e769636ae0411c56d03b5af228f9b14e6bef2d33e4c1793468e3dd797
SHA51264e078acacb9137395ffc78213b035ad4ca583137fcd15beadfba505b90ba70ced94339f9410aef33d1fbef00982facacb9b2bcc758d9e6c6c1e730b4a2c5d2b