51e6208785ce4ff72f8b8bd0425df171262ebf3345d8939f81b6aaabd2ef8367

Analysis

max time kernel
20s
max time network
50s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 13:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Vintage.Story.v1.19.8.STABLE/Vintagestory.exe
Size

247KB
MD5

33c5d96a4bb5ae0c6e40e293873dadc2
SHA1

9096c9797c1642914f1066ee57f28426ecb9e41f
SHA256

6c755792ddaef99fa1c7cd4bafa017920dce253225d901e576a4de4aa5c2c67a
SHA512

16b7643bdd862ec3ea57f016cc0ea3d9ed01c2b9510ab6d3d6bd67b4c4e4c82171ffe35c835216ca853449985832f76ce432790ce420ebc8aa7db0020de5d319
SSDEEP

3072:J7LW6Pr46prwG2k5GlI1JWE9QVsxyvJyn4NTZQf1VZlAWhr46UQs59L+tOsgE8if:JXWJ5kICW3Jyn4of1VZCiIz5kIfQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0CA94D41-3F8C-11EF-A432-EE88FE214989} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3032	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3032	iexplore.exe
3032	iexplore.exe
2468	IEXPLORE.EXE
2468	IEXPLORE.EXE
2468	IEXPLORE.EXE
2468	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 3032	2324	Vintagestory.exe	29
PID 2324 wrote to memory of 3032	2324	Vintagestory.exe	29
PID 2324 wrote to memory of 3032	2324	Vintagestory.exe	29
PID 3032 wrote to memory of 2468	3032	iexplore.exe	30
PID 3032 wrote to memory of 2468	3032	iexplore.exe	30
PID 3032 wrote to memory of 2468	3032	iexplore.exe	30
PID 3032 wrote to memory of 2468	3032	iexplore.exe	30

C:\Users\Admin\AppData\Local\Temp\Vintage.Story.v1.19.8.STABLE\Vintagestory.exe
"C:\Users\Admin\AppData\Local\Temp\Vintage.Story.v1.19.8.STABLE\Vintagestory.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win7-x64&apphost_version=7.0.19&gui=true
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3032
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
43d325a704958f971ce9683bc517ded8

SHA1
2e0351faf4895ad60ca3444b859c93d25ad09a14

SHA256
85c11cf3b81bd2a7593e176e217b92fb2679e13cd7323601b132d8ce944dda28

SHA512
52de16c63b8308d673adafb566d57081d68d2569f2ef5d072e8301d5c76bf57988f3a9f90f495aee41118db0928d8883c9f9aadabe9835050146f817eb4cf403

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff90cf0b5fda4d9c8b6510bfdd39e9f2

SHA1
feb9dc9d04383234419f6bd6ed30d594adbe9bfb

SHA256
60f3817a2b7f1e9c2071a25222d3e346150275625a3d867cc91cd40ecefb4502

SHA512
dc9a894400af30b396c604e6ffd7e22f48a3636a681a8374cc0e825d5f7ec205383f1a4e5a7acf7a2f4d5329e6fffc6233b22b8a9683492a676d873923e5ed90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c0dff857efd14fadc87b1299c473537

SHA1
019cd7625175eb4b0e93214fe20d89857abf17d0

SHA256
76431d8ede23230f18902ec8ed224c2e365b509887e5ef0fdc9d84d4616b2775

SHA512
427518f87fbc02d3b94e42774ed4717c0517a7d803edd7a47cf93ae90e35a18547872b8be6aa213256d4600c38148111d25e7928601985bbbbfc515cf5bf80a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df09957a1600253cf49421f7875a1d5f

SHA1
cff1948513ae47c6bada5af2b3f2e89ae3408d97

SHA256
754120f4ebdbbaaa6c09a0bf4fd9475c565854856a02f333ea363433615ff007

SHA512
f7dbb54d8201e8b19623f8737b3878dda2e0346c0e0c3cceec1033106c6c8b4f7da170979eac291f424cfdbe1394437df249512cdbbb02e918806fcb26e7682a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26a2366bf71c7a2ef447737b03224c6a

SHA1
3d4cb7b11b5f8d479b8ded95bf9b4d406203beff

SHA256
b125869343567e63221dc296f69d79b1c22bc25fe811b80586bb2c432f9e8c22

SHA512
955aef750ad9226c12049b452646329e213022370bb064e029b3289cf8f15872c5902674df44da1eb27755cbb82fff50adbd6a7ae6d54da73384b2f44aeb6aa9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ef06bdfe09adb438710e9d56da94a36

SHA1
d9c87e90da1ee6420a93097147cce75e709326b4

SHA256
9e366f6fb54e2160263f8c9a27dd0297fc2d3c97c7eb80d1788ce045af267720

SHA512
dd0fb03671a5f37bf81b24923b05ad2b1d900da821d4423d900d13aa0613dd27af4e3a3587343b0cf0bd8ab66c4ecbfd37c78d04b39bff093a5d2a75e8e08169

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
871450581d78a44205ef7e11022abc3d

SHA1
703b7c9d6be8fb482b0fdf7dbebfd21573e4aea8

SHA256
8d6baa97536516472ac29e772c8c73371f89f2f6871a46870074e1319f9e4140

SHA512
4ee541fdb8bb183c9810e317a3ebfae65b0dce60340a292c87bfc69ccbe30ac16f1073b8e3e2616dc357d3e0fe7eb5b0be5bd938a2a6a88373631cfc9ca4e845

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a6e16bc0073f75648fbc3c49aaeec7b

SHA1
b409f3d4288df90603fad79192f835fd82863256

SHA256
fd919eb8005fea66d4090f44d4eeb80cd88093127c36e10b0d0dd471dbee74e1

SHA512
999b0f5a91d26271f9495ab7963046676b0b6d75f620a0de48e87df5fabf744b847182043d631f8f33ffe9a47bcd5a6200e2f2958cb1473279c4b31922caab08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
541eca6254efe3a90752ee9e7ec315da

SHA1
c24c0b7325697b2a9ed3396a4544e70146d22873

SHA256
2ebea5285c4e4470ad964b8fe0c4accf6049c78c3aa2bb6c974d1982babc4dde

SHA512
c041c94e5a13ef14d3fad624dff0814d5afd1c514b44e0b892c3b3d2c4a2eff4e33cc559cc08ef3ca3aeaf476c0337a933db08844d2a2792793e38931be57f5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b07c658110d0e33805d3d28fd8ab4479

SHA1
69bf925589526a97158dfad47a87a883be56671f

SHA256
c1556ed884ac023642316ba4f0a0b10c719e1ec5c5ae5d8535e60aebfaa40a38

SHA512
eba7dd4655f4743e18c78fcb11aaef0fb9d7332a0b8b2c93e67268a8ba880056d3eed94638bf1e9bd3f48d84e4a7086655d3adcefb52a7d2696841cde1928d6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
94fee0a511626135e203dabe866995c9

SHA1
d63f21877ae6b10746c1c1c5c5bd7f792eb766f0

SHA256
27f1a4914f3ea160142293f3d537e00cb047e4a27512eac63c95079bea1ab4d0

SHA512
cc3abf64569572cbacf563eeb7b6947fa9ee5809c141010a6ad9417a38b4d7aa062a017c2e53e2a43df27a535c18f6cb500f1f6fb6759e983cba17a3bdc03c31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54dc1b48b9ba33ab428087b5b1d32ae4

SHA1
4cf99967299c2916c6ecdf2c09fceb780bf739a3

SHA256
4b5af86ef40cd9fdcf1abc467c1512d25f24afdfd0168c1f0bd0a3db6ade7761

SHA512
23acb03e532a604235eeae0e916895fb515f524fc8217470274ea7c4a6a1f58f10bb72ce19ef42d17e08a6613c4ba269e7c363790d88e599deea51ef85f5730b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7cad2249ea97e9a0f86ddbc0808f437

SHA1
f730ad047b25b446b6325c31e7432503d1d6984d

SHA256
32189313d06ebb8ee00a5ff99df0a5a1757ab7e209389b62ac57544be5b92cc9

SHA512
32c52ab0652ca89e5ab925c714afa74ee2fc0da325138fc51adec4c29c784134af119a6557a3fbcf2802ba2dbbb8937a8bd86cf022ad11df45e8c2ba8f947aa2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56237fe1b038c145544216f99a4910af

SHA1
30bd8c960028de72f95b916b8262ecade1df1cd7

SHA256
1a4042dab4c82e465d7b608af3cdc3bf4ef84a5dcaa8e71b725b9ace42077318

SHA512
7bd6723a17de99408e8e4bd52634d45923979eb315097a525451509f37bc1bbbb29f61764f374bdb337cb5b34be7e9fbaa679e4ce142f5cbed1f1be4a311ade9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7e87b98415fb34fe45509f408da6fa6

SHA1
2590e49c778b9e11785212d0162c03689835a2bf

SHA256
11e6298fc3a42383f805f383e7dbd3829df95657535795f8a75f72104e339756

SHA512
7acb4942456fa2aedb7a3599334fd7e7f1d28db16e6ef2d2e1f3eeb37ac64b3e0cf98bf08aabc5a0759416dd91bc3342f9ec8101d63d262428eff33fc0e7f88c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3fecad171a6502d1bd9de5b98f948b4b

SHA1
420e927a717dec0253f94aaf203240c99ef4e33c

SHA256
35838ddd409d937bf585bcc8b54e4f37f98f2dc3f4405a9abfe69b523d2c5fc5

SHA512
785072d9ee82ba85cb925fb1d7e1651c493d4ff3f2929755cb9e2ba32dfc8c7e460899ebd9a64015a9cb176afcd890e6c8d39c47be23872b5519e2919e2dc51e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6164fecd1dd260bb07c608dccfc94664

SHA1
2c0a36a57b05c2d466f7d60557532d3cff34ab77

SHA256
9371ed9e74bbd9be476e61362e80aaa0aaba660740636ff2108c48d45747fcf8

SHA512
064d126b9f1fd5dbf2dd6d1935f975f12e1a577470793fcec4ecaa5c95aafa6c1a4d6ae6752df6f8dc7e69fa1323d5c57a646b412478cb3ac37e82d13c9ce110

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
60a51068286e998116c25c8863d7d7fc

SHA1
5718c8996961b750fe5f02599e9cfef7ed1443e3

SHA256
c2a172c210917d984267e53a0aac13aecf5b47637f85b2603d4fbeed57fd7322

SHA512
997d802ec644609e479ef347677c730b5085b6fd6c7dbbe8c6195cce2fe9958dfc892e8195e7c8d2acdd7e11ccaaa15d20b06a86be48726eecfa7be0b2818dee

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD54B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD609.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit