Overview

overview

7

Static

static

3

PhasmoMenu...]_.exe

windows7-x64

7

PhasmoMenu...]_.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    07-06-2024 18:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PhasmoMenu v0.5.2.3 By PappyG_[unknowncheats.me]_.exe

  • Size

    7.2MB

  • MD5

    7bc39b1e9eca1e9e34a960ec8afc5bda

  • SHA1

    a2b7c7a49376602e73bc2ddfd8fad95bc669c4ec

  • SHA256

    0b5abdab10d692754fa7080f648a1cc83c823835a6c7ccacee668e935794c743

  • SHA512

    6c2321bfa44f737580e493ff112e1dc543662c249bf70de5b205d7c752092b1959c1f0a0cc5b1e8d04ea17ba1182461b35355d3f2cecf066f6f6572970c41f78

  • SSDEEP

    196608:S85UN9Xo7nu/wF4vDq+NyvNGh52vIt3ETsl5wRkVfVGHg:SDNdobFr+NwNzIOTI5wyxVGA

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Drops file in System32 directory 51 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 16 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PhasmoMenu v0.5.2.3 By PappyG_[unknowncheats.me]_.exe
    "C:\Users\Admin\AppData\Local\Temp\PhasmoMenu v0.5.2.3 By PappyG_[unknowncheats.me]_.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2184
    • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET1D7F.tmp\PhasmoMenu v0.5.2.3 By PappyG_[unknowncheats.me]_.exe
      "C:\Users\Admin\AppData\Local\Temp\cetrainers\CET1D7F.tmp\PhasmoMenu v0.5.2.3 By PappyG_[unknowncheats.me]_.exe" -ORIGIN:"C:\Users\Admin\AppData\Local\Temp\"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:316
      • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET1D7F.tmp\extracted\PhasmoMenu v0.5.2.3 By PappyG_[unknowncheats.me]_.exe
        "C:\Users\Admin\AppData\Local\Temp\cetrainers\CET1D7F.tmp\extracted\PhasmoMenu v0.5.2.3 By PappyG_[unknowncheats.me]_.exe" "C:\Users\Admin\AppData\Local\Temp\cetrainers\CET1D7F.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:C:\Users\Admin\AppData\Local\Temp\"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET1D7F.tmp\CET_Archive.dat
    Filesize

    6.9MB

    MD5

    c6565537439bda39ebf51dda1b9a82bf

    SHA1

    25583414b28050eaa7fdbb6a0138052c381d4a13

    SHA256

    5bddbddb23fec6eff464a5d75a3d55490c946946f347348244aa185db156cbdc

    SHA512

    280969da32fff2877cfa808aa4be3a9abbbdfa4b3fc00bb9141c0713db789a024c57a9bca35d1f97208b40bf2dea6cc6e74206c9f9da0e02ade33250650daaed

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET1D7F.tmp\extracted\CET_TRAINER.CETRAINER
    Filesize

    158KB

    MD5

    febd1a6978f677f9de60f05c6ffb061a

    SHA1

    e4e74f4daaebf997b217699f25aa51a3f059a0a4

    SHA256

    be51321a68278f5dd7f76bd22e62711c07b269617efed2fcd4b098d7b8864c0a

    SHA512

    634b626e3ccd7062848529d4cbc6997c7c07ddf1f4e6fa14f18bd8e834ed1ed9eeeaa6e57ecd8a74720c2a9bfca63592d5deea8bfa89bfc15a4c783dfd73c9ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET1D7F.tmp\extracted\autorun\luasymbols.lua
    Filesize

    629B

    MD5

    df4d243ab0407a1f03ccf448232fcf62

    SHA1

    62453cfa7abf6fa83158be1ba86c854d9a6b7d4b

    SHA256

    c5a35380af8bebe96b85377f5f41f8c068cb857c74b9cb85b7467b35c1de10c4

    SHA512

    4b05b65909673e92f59ab64c1ff4e0b829f5c9085eafa1fff28cb0ccd7e6a7f6ef031633f443e0ba156a4b8f5009f526d0356f39ef77b22706f98f100b1909c2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET1D7F.tmp\extracted\autorun\monoscript.lua
    Filesize

    132KB

    MD5

    76168ca68f3ed8ade110b140244efbaf

    SHA1

    2af08403d17a64b10429c8fce68aa085a6b287b7

    SHA256

    5832b5ab00e84690ac1e780e8b1c4abd9649465234c9ffa2cecb410be66a6b8a

    SHA512

    80ad21d631934d2b8e368a5b2d3cb5f1889d4a65099c2d8cd8ba37eb721c1ebdc2c6549fc530514bf9f96976ffcbfd372150f1f16a6591da013fe4f1d1bb070b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET1D7F.tmp\extracted\defines.lua
    Filesize

    12KB

    MD5

    62e1fa241d417668f7c5da6e4009a5a6

    SHA1

    f887409e3c204a87731f317a999dc7e4cc8d3fcd

    SHA256

    82e8ef7df20a86791cef062f2dcacb1d91b4adc9f5dea2fd274886be8365b2f8

    SHA512

    2283cbb9e1d5d53ad1ed9bc9db6034fb3c53c633b11001f373523640bbbba95da9a3a0866c7d5fa0620facab7d18c8577dfd69496fc7319e0a4a74d0b9e10c45

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cetrainers\CET1D7F.tmp\extracted\lua53-64.dll
    Filesize

    528KB

    MD5

    b7c9f1e7e640f1a034be84af86970d45

    SHA1

    f795dc3d781b9578a96c92658b9f95806fc9bdde

    SHA256

    6d0a06b90213f082cb98950890518c0f08b9fc16dbfab34d400267cb6cdadeff

    SHA512

    da63992b68f1112c0d6b33e6004f38e85b3c3e251e0d5457cd63804a49c5aa05aa23249e0614dacad4fec28ca6efdb5ddee06da5bfbfa07e21942976201079f3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\cetrainers\CET1D7F.tmp\PhasmoMenu v0.5.2.3 By PappyG_[unknowncheats.me]_.exe
    Filesize

    225KB

    MD5

    971b37cedf686e0ac8ca0297a953aad9

    SHA1

    8ea777fa6c70a619d4e92cc6435c4eba2b16a23e

    SHA256

    1965546a19990b4523a1588eb0d7fdd42bd443e2bcc632dae04343d358394ae7

    SHA512

    2f0f3facf2587b751bb658eaab9ca1536d7326956b0eeca7bd0badc893c0878741f8bb56d8c1e360f2cb4bd9442866bd9faf7bdec7d02105f6c149640cf180d8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\cetrainers\CET1D7F.tmp\extracted\PhasmoMenu v0.5.2.3 By PappyG_[unknowncheats.me]_.exe
    Filesize

    15.9MB

    MD5

    edeef697cbf212b5ecfcd9c1d9a8803d

    SHA1

    e90585899ae4b4385a6d0bf43c516c122e7883e2

    SHA256

    ac9bcc7813c0063bdcd36d8e4e79a59b22f6e95c2d74c65a4249c7d5319ae3f6

    SHA512

    1aaa8fc2f9fafecbe88abf07fbc97dc03a7c68cc1d870513e921bf3caeaa97128583293bf5078a69aecbb93bf1e531605b36bd756984db8d703784627d1877d1

    Download Submit

  • memory/2700-26-0x00000000041B0000-0x00000000041B1000-memory.dmp

    Filesize

    4KB

    Download