Analysis Overview
SHA256
31fd8d1ebcacb2694ba3b280a8b0d0bdab5ca6501ee0ffcf079db85ee28a3c3c
Threat Level: Likely benign
The file FatalityCrackedInstaller.exe was found to be: Likely benign.
Malicious Activity Summary
Unsigned PE
Modifies registry class
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-13 14:13
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 14:13
Reported
2024-06-13 14:14
Platform
win11-20240611-en
Max time kernel
65s
Max time network
67s
Command Line
Signatures
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\MuiCache | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\FatalityCrackedInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\FatalityCrackedInstaller.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
Network
| Country | Destination | Domain | Proto |
| GB | 2.18.66.163:443 | tcp | |
| BE | 88.221.83.208:443 | r.bing.com | tcp |
| BE | 88.221.83.208:443 | r.bing.com | tcp |
| BE | 88.221.83.208:443 | r.bing.com | tcp |
| BE | 88.221.83.208:443 | r.bing.com | tcp |
| BE | 88.221.83.208:443 | r.bing.com | tcp |
| BE | 88.221.83.208:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 222.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| BE | 88.221.83.226:443 | www.bing.com | tcp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| US | 52.111.227.14:443 | tcp | |
| BE | 88.221.83.208:443 | www.bing.com | tcp |
| BE | 88.221.83.208:443 | www.bing.com | tcp |
| BE | 88.221.83.208:443 | www.bing.com | tcp |
| BE | 88.221.83.208:443 | www.bing.com | tcp |
| BE | 88.221.83.208:443 | www.bing.com | tcp |
| BE | 88.221.83.208:443 | www.bing.com | tcp |
| US | 13.89.179.8:443 | browser.pipe.aria.microsoft.com | tcp |
| BE | 88.221.83.225:443 | www.bing.com | tcp |
Files
memory/4920-0-0x00007FF8519F3000-0x00007FF8519F5000-memory.dmp
memory/4920-1-0x00000000008B0000-0x0000000000930000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\d917545e-ad10-40c5-b901-b1c0e69693c4.down_data
| MD5 | 5683c0028832cae4ef93ca39c8ac5029 |
| SHA1 | 248755e4e1db552e0b6f8651b04ca6d1b31a86fb |
| SHA256 | 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e |
| SHA512 | aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | a05de6626e878c11872bcf9a152a692c |
| SHA1 | 8e2e338228d149511acd9740a84d5310c33f7f2c |
| SHA256 | 2b028061471208157f927bc0495bd6814ebce7edb5c6a0cf5f6d8d065845d704 |
| SHA512 | 9f73b10f2acb9d22d8c02428f55759d55c4a6d8f4521f2c8f698c7d20280aded26a3e2ecd565507d5e8334ba4843076fbc42e3df74b49a8bc20eeb71d9ceb520 |