Overview
overview
3Static
static
1Carbon_v1....er.exe
windows7-x64
1Carbon_v1....er.exe
windows10-2004-x64
1Carbon_v1....te.bat
windows7-x64
1Carbon_v1....te.bat
windows10-2004-x64
1Carbon_v1....ler.js
windows7-x64
3Carbon_v1....ler.js
windows10-2004-x64
3Carbon_v1....ler.js
windows7-x64
3Carbon_v1....ler.js
windows10-2004-x64
3Carbon_v1....ler.js
windows7-x64
3Carbon_v1....ler.js
windows10-2004-x64
3Carbon_v1....ler.js
windows7-x64
3Carbon_v1....ler.js
windows10-2004-x64
3Carbon_v1....ler.js
windows7-x64
3Carbon_v1....ler.js
windows10-2004-x64
3Carbon_v1....ler.js
windows7-x64
3Carbon_v1....ler.js
windows10-2004-x64
3Carbon_v1....ler.js
windows7-x64
3Carbon_v1....ler.js
windows10-2004-x64
3Carbon_v1....ler.js
windows7-x64
3Carbon_v1....ler.js
windows10-2004-x64
3Carbon_v1....ler.js
windows7-x64
3Carbon_v1....ler.js
windows10-2004-x64
3Carbon_v1....ler.js
windows7-x64
3Carbon_v1....ler.js
windows10-2004-x64
3Carbon_v1....ler.js
windows7-x64
3Carbon_v1....ler.js
windows10-2004-x64
3Carbon_v1....ler.js
windows7-x64
3Carbon_v1....ler.js
windows10-2004-x64
3Carbon_v1....app.js
windows7-x64
3Carbon_v1....app.js
windows10-2004-x64
3Carbon_v1....tes.js
windows7-x64
3Carbon_v1....tes.js
windows10-2004-x64
3Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
20/07/2024, 08:35
Static task
static1
Behavioral task
behavioral1
Sample
Carbon_v1.7 (Beta)/CarbonLauncher.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral2
Sample
Carbon_v1.7 (Beta)/CarbonLauncher.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Carbon_v1.7 (Beta)/NeoniteV2/Start Neonite.bat
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral4
Sample
Carbon_v1.7 (Beta)/NeoniteV2/Start Neonite.bat
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Carbon_v1.7 (Beta)/NeoniteV2/api/controllers/AccountController.js
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral6
Sample
Carbon_v1.7 (Beta)/NeoniteV2/api/controllers/AccountController.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Carbon_v1.7 (Beta)/NeoniteV2/api/controllers/ApiController.js
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral8
Sample
Carbon_v1.7 (Beta)/NeoniteV2/api/controllers/ApiController.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Carbon_v1.7 (Beta)/NeoniteV2/api/controllers/AuthController.js
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral10
Sample
Carbon_v1.7 (Beta)/NeoniteV2/api/controllers/AuthController.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Carbon_v1.7 (Beta)/NeoniteV2/api/controllers/CloudStorageController.js
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral12
Sample
Carbon_v1.7 (Beta)/NeoniteV2/api/controllers/CloudStorageController.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Carbon_v1.7 (Beta)/NeoniteV2/api/controllers/DiscoveryController.js
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral14
Sample
Carbon_v1.7 (Beta)/NeoniteV2/api/controllers/DiscoveryController.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Carbon_v1.7 (Beta)/NeoniteV2/api/controllers/EosController.js
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral16
Sample
Carbon_v1.7 (Beta)/NeoniteV2/api/controllers/EosController.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Carbon_v1.7 (Beta)/NeoniteV2/api/controllers/FortniteGameController.js
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral18
Sample
Carbon_v1.7 (Beta)/NeoniteV2/api/controllers/FortniteGameController.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Carbon_v1.7 (Beta)/NeoniteV2/api/controllers/MatchMakingController.js
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral20
Sample
Carbon_v1.7 (Beta)/NeoniteV2/api/controllers/MatchMakingController.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Carbon_v1.7 (Beta)/NeoniteV2/api/controllers/PlayerController.js
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral22
Sample
Carbon_v1.7 (Beta)/NeoniteV2/api/controllers/PlayerController.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Carbon_v1.7 (Beta)/NeoniteV2/api/controllers/ProfileController.js
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral24
Sample
Carbon_v1.7 (Beta)/NeoniteV2/api/controllers/ProfileController.js
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Carbon_v1.7 (Beta)/NeoniteV2/api/controllers/TimelineController.js
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral26
Sample
Carbon_v1.7 (Beta)/NeoniteV2/api/controllers/TimelineController.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Carbon_v1.7 (Beta)/NeoniteV2/api/controllers/UserController.js
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral28
Sample
Carbon_v1.7 (Beta)/NeoniteV2/api/controllers/UserController.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Carbon_v1.7 (Beta)/NeoniteV2/app.js
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral30
Sample
Carbon_v1.7 (Beta)/NeoniteV2/app.js
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Carbon_v1.7 (Beta)/NeoniteV2/config/accountRoutes.js
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral32
Sample
Carbon_v1.7 (Beta)/NeoniteV2/config/accountRoutes.js
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
Carbon_v1.7 (Beta)/CarbonLauncher.exe
-
Size
490KB
-
MD5
73be403f4d37ef75d4b1d93d998c33d3
-
SHA1
3dfefa3d5dee27693d8702b082ae402e35ae17b4
-
SHA256
dd96a4865a1464b59087003356ec17b4b3d654182f803a9db555641b500d98fa
-
SHA512
9aa4d9fa4f8847778b3948621968c98341507cced7b735897b0e557eba08c4891ef412608a0282c59e3cff74d12ac23ca35e2f76e7ab84855650a2718e5975f8
-
SSDEEP
6144:3ZZLRzDbtkKq1wwF476b60guIEgOei2U:JZl+n47w4u
Malware Config
Signatures
-
Modifies registry class 9 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\discord-883799917422846013\URL Protocol CarbonLauncher.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\discord-883799917422846013\shell\open CarbonLauncher.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\discord-883799917422846013 CarbonLauncher.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\discord-883799917422846013\DefaultIcon CarbonLauncher.exe Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\discord-883799917422846013\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Carbon_v1.7 (Beta)\\CarbonLauncher.exe" CarbonLauncher.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\discord-883799917422846013\shell\open\command CarbonLauncher.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\discord-883799917422846013\shell CarbonLauncher.exe Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\discord-883799917422846013\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Carbon_v1.7 (Beta)\\CarbonLauncher.exe" CarbonLauncher.exe Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000_CLASSES\discord-883799917422846013\ = "URL:Run game 883799917422846013 protocol" CarbonLauncher.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2088 CarbonLauncher.exe 2088 CarbonLauncher.exe 2088 CarbonLauncher.exe 2088 CarbonLauncher.exe 2088 CarbonLauncher.exe 2088 CarbonLauncher.exe 2088 CarbonLauncher.exe 2088 CarbonLauncher.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2088 wrote to memory of 316 2088 CarbonLauncher.exe 32 PID 2088 wrote to memory of 316 2088 CarbonLauncher.exe 32 PID 2088 wrote to memory of 316 2088 CarbonLauncher.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\Carbon_v1.7 (Beta)\CarbonLauncher.exe"C:\Users\Admin\AppData\Local\Temp\Carbon_v1.7 (Beta)\CarbonLauncher.exe"1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2088 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:316
-