Overview

overview

3

Static

static

3

idleon.zip

windows7-x64

1

idleon.zip

windows10-2004-x64

1

InjectCheatsF5.exe

windows7-x64

1

InjectCheatsF5.exe

windows10-2004-x64

1

cheats.js

windows7-x64

3

cheats.js

windows10-2004-x64

3

config.cus...ple.js

windows7-x64

3

config.cus...ple.js

windows10-2004-x64

3

config.js

windows7-x64

3

config.js

windows10-2004-x64

3

main.js

windows7-x64

3

main.js

windows10-2004-x64

3

package-lock.json

windows7-x64

3

package-lock.json

windows10-2004-x64

3

package.json

windows7-x64

3

package.json

windows10-2004-x64

3

Resubmissions

16-08-2024 20:36

240816-zdtwjawakc 3

16-08-2024 20:31

240816-za2rzayfml 7

16-08-2024 19:15

240816-xybjkssakc 3

Analysis

  • max time kernel
    102s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    16-08-2024 19:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    package-lock.json

  • Size

    6KB

  • MD5

    b24081f0801fd70c8093cf19af16457a

  • SHA1

    db59b39172defc4d1019c558a4960a3f5ffc9637

  • SHA256

    c79c17338ef719ee450e288bc034d4eec316bebe375519979fe81b025bc3125d

  • SHA512

    7b0ada7a9baed29836fbe461f66c1f90494e8242e560fa2965094e0198b5716011d81c6646820a996fe8c04c305f5eee6f813bef4cd499cffff29b35e78fbff0

  • SSDEEP

    192:aa7a6pV0qfsLrQAqlaoU8j6YiRfaKK2Kn+qrQzDaoPF1AA:aabRAivWhI2VzDp1r

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\package-lock.json
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1028
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\package-lock.json
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2744
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\package-lock.json"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2704

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    a726432a2f00b1e4ac49f98b2830cfc5

    SHA1

    24bf738afa1ddaf50256c8b3d4c823e4e843b427

    SHA256

    61912f7179f264c2330e012e72546e2b4e505c235ac4440ba01d63a4f0d51a9c

    SHA512

    7aa520597dfac065e08f50ccacf2766d3c49762532ad9628e8d110f75b58f8f81dd398b0ec2c251a284881d8f518e7279d4e1e602a567236bb6ce66bf41bc46d

    Download Submit