Overview

overview

10

Static

static

1

Launcher.exe

windows7-x64

10

Launcher.exe

windows10-2004-x64

10

WebView2Loader.dll

windows7-x64

1

WebView2Loader.dll

windows10-2004-x64

1

res_mods/1..._a.pyc

windows7-x64

3

res_mods/1..._a.pyc

windows10-2004-x64

3

res_mods/1..._a.xml

windows7-x64

3

res_mods/1..._a.xml

windows10-2004-x64

1

res_mods/1...me.txt

windows7-x64

1

res_mods/1...me.txt

windows10-2004-x64

1

res_mods/1...me.txt

windows7-x64

1

res_mods/1...me.txt

windows10-2004-x64

1

updates/icudtl.dat

windows7-x64

3

updates/icudtl.dat

windows10-2004-x64

3

Analysis

  • max time kernel
    30s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    26-08-2024 10:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    res_mods/1.23.0.0/scripts/client/gui/mods/mod_a.xml

  • Size

    1KB

  • MD5

    ff03ec17ee5f13070dd50717620ffbc0

  • SHA1

    3243099738c6b40d2fdcaae8b16fef280b5eb835

  • SHA256

    8e7d953780ef22d302a154cc504a0e13ff031b9177f9b20708bfd8ee9ddad7ed

  • SHA512

    535f4c9f6911ebb0843d0d8c58b2613cbf5122281b50b056918e693e0db9d9daf54fb17b744ec14f95929673868fdb516f8d1f5330bf930a486c9d502fb7c2fd

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\res_mods\1.23.0.0\scripts\client\gui\mods\mod_a.xml"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:588
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2352
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2672
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2d4c4b23dfe48ad06bb18a9555478e5d

    SHA1

    d662f8fad05ac2ea7fb47d8a6316d96e21297508

    SHA256

    017f26a7aabc7467e692826db810d9d12b2c02d3d1600b79c578aec57433a546

    SHA512

    acd7c998ee29d8e107b8bb104821657558e9888e6ddb4d5ec41967155bb02c7d951dbc7fb892f2fea8ff51ebd460c776e0afc442cc6363325bb48cd2c45c5c63

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    96c0b167671a1880766a54b442335196

    SHA1

    6e85065ca9afc4537a956ba267508c1860d7a1d8

    SHA256

    a24a426e7d32c3552782f964966c4351c9768d97fe1558b3a3030bb5ef90fbed

    SHA512

    991f501ef5c3d055bd5a6f619d76aeb0674c80c87d941d09368532c16b98ec01472b76eedffe348414afc7783a788ca1acfe523375b3a52d6563e576e27733e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    adec53e03ce66b5e441a90b871449c5c

    SHA1

    e003992ea1d68b6076a87f1cf04a877b18dcfa91

    SHA256

    7313958dd5c9d37eef2f1cbec779877c42a3cf89ba575877dc3835b92d7f169a

    SHA512

    6ae651d45ea85617990082b8ebbe76adcd417b168f1c1f845a9576b86337404f8656d1bfdfe91120b1837735f2f750111eb14fb4641258f1a8e425d21bbeea07

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    31f183559625de85437b8a868873f3b4

    SHA1

    cb4633bbd6cbabfc6cf6aea03f7a7922e69ceba6

    SHA256

    954d91d2c45224a7d3086cbc655d2bd9e97ab48344bfecc05d8750ebcb10f529

    SHA512

    2cd8b4aace6bdc222b7b9f2266145da07b4015160c2e133f8991f2396b715276cbdf38847f5c289e0dc24b49a6455d4643c9400ad60fe7b671a7a120d7f92673

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bf45b69a2facfe22576f47f9f0452db4

    SHA1

    ecd45e4ca09d269f028b2d83eb4ca056b5db3dbb

    SHA256

    0b52609e6df9962f143a0af64e8c9f64d190010a8ff4c3db23d3af5810e32d26

    SHA512

    dfed0b8ad45965c37fbf37f59cfc62767f73862a84ab5b1352e8763588ae46f9b843f2994472dd72fd3d970bf6535a2e07b882edc681eac2bbc2816794d3513e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6ba8f7007e50e8e6ae4e60664edb4577

    SHA1

    660c620847913d02eed141def24b5e2e2a712541

    SHA256

    eb7525ab59d8855c7f9dad875a5520d491c847a2f42b880dae5de28c9b36973e

    SHA512

    c5c13b8d1aeabed5984b67dbf8039b24eb2163320065c7943000f7586d05a06c202b1c0267f0c028c16386ef4731453fa28e3681decf55fc4baaccf594a83943

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a69715d0d26551a69b67df567c2856c

    SHA1

    238281617af31a65c455f7c3b3fce2a5f27317b6

    SHA256

    2d2ea7fd5886076dc22dbc607f88a781ac8555ba5e3df8cfb4dd68e1c5781c67

    SHA512

    5319b9857df56a9f93b32d396a8efdf47b453e84d4f02289bbb9b01dfbe880a4f1eee0706844168d705e3df365aaf8e3af3f34138aae0e4c25d2cf31e13978dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46295f2b89fdb4d8b171968586cd7b67

    SHA1

    eb15724e8021798e944e299bfdc967dadb0935ab

    SHA256

    224d53d57bd58bbd2a7f14eb3b6983331b178df522f2fb985fef56ef0425c7d8

    SHA512

    9f00a1037966ca26e99c1fe9554b85cf3621a3a4953cfc058f42b8afb2c186791408016391bd7954a835b655d7676be75eac27bf2998109174c93e2f1ab5feac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2141893318a4adf3a27b5e397be925af

    SHA1

    592bdd2e70fb431b44b7d09188904fcfeacc0827

    SHA256

    4ec1aa402d5b10d504b3b56a13381ada429af5de84c3e1789a6f60bfff3e6132

    SHA512

    8dfb10e995852fb38bba9b346743cb4e9bea7e1f78448945910dda33a459ef8afa63ddfa93449cb4f0adb0f4f3796dc74525a598a4b11d5e973c066b472cf410

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF374.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF3F6.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit