Malware Analysis Report

2025-01-18 00:52

Sample ID 240613-rjnmpswfnn
Target FatalityCrackedInstaller.exe
SHA256 31fd8d1ebcacb2694ba3b280a8b0d0bdab5ca6501ee0ffcf079db85ee28a3c3c
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

31fd8d1ebcacb2694ba3b280a8b0d0bdab5ca6501ee0ffcf079db85ee28a3c3c

Threat Level: Likely benign

The file FatalityCrackedInstaller.exe was found to be: Likely benign.

Malicious Activity Summary


Unsigned PE

Modifies registry class

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 14:13

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 14:13

Reported

2024-06-13 14:14

Platform

win11-20240611-en

Max time kernel

65s

Max time network

67s

Command Line

"C:\Users\Admin\AppData\Local\Temp\FatalityCrackedInstaller.exe"

Signatures

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\MuiCache C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\system32\BackgroundTransferHost.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\FatalityCrackedInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\FatalityCrackedInstaller.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

Network

Country Destination Domain Proto
GB 2.18.66.163:443 tcp
BE 88.221.83.208:443 r.bing.com tcp
BE 88.221.83.208:443 r.bing.com tcp
BE 88.221.83.208:443 r.bing.com tcp
BE 88.221.83.208:443 r.bing.com tcp
BE 88.221.83.208:443 r.bing.com tcp
BE 88.221.83.208:443 r.bing.com tcp
US 8.8.8.8:53 222.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
BE 88.221.83.226:443 www.bing.com tcp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
US 52.111.227.14:443 tcp
BE 88.221.83.208:443 www.bing.com tcp
BE 88.221.83.208:443 www.bing.com tcp
BE 88.221.83.208:443 www.bing.com tcp
BE 88.221.83.208:443 www.bing.com tcp
BE 88.221.83.208:443 www.bing.com tcp
BE 88.221.83.208:443 www.bing.com tcp
US 13.89.179.8:443 browser.pipe.aria.microsoft.com tcp
BE 88.221.83.225:443 www.bing.com tcp

Files

memory/4920-0-0x00007FF8519F3000-0x00007FF8519F5000-memory.dmp

memory/4920-1-0x00000000008B0000-0x0000000000930000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\d917545e-ad10-40c5-b901-b1c0e69693c4.down_data

MD5 5683c0028832cae4ef93ca39c8ac5029
SHA1 248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512 aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 a05de6626e878c11872bcf9a152a692c
SHA1 8e2e338228d149511acd9740a84d5310c33f7f2c
SHA256 2b028061471208157f927bc0495bd6814ebce7edb5c6a0cf5f6d8d065845d704
SHA512 9f73b10f2acb9d22d8c02428f55759d55c4a6d8f4521f2c8f698c7d20280aded26a3e2ecd565507d5e8334ba4843076fbc42e3df74b49a8bc20eeb71d9ceb520