6de55708dffd9df0510a105116ff789e9c1bf8fda54c3f66ec841e23a72a35a9 | Triage

Sharing

General

Target

CrysisCoop_NoCode.rar
Size

101.9MB
Sample

240913-y3863sxdjf
MD5

7ead62a6641ea738963e072ffd63ef53
SHA1

b172a597dcf669296f0c6a142000c4482163c8b3
SHA256

6de55708dffd9df0510a105116ff789e9c1bf8fda54c3f66ec841e23a72a35a9
SHA512

09c7e722e3c9b542364cc0fe1a62285b88019e2854b46c0eb39ba0782ea1f84ad034f68d74e6f9b6568aec8a57700a531d81bb07f5b89c07b84400dd1dde9b71
SSDEEP

1572864:1GsRtj0yo/2lMIFrUyClVroPTqS6NbVJ+e9lW3mtUwEISZqXd/iZG8V2FBZ3Buri:j0yoOlMs9TqrfJP9lWtj8E23nur2JWg1

Score

6^/10

discovery execution

Malware Config

Targets

- Target
  
  CrysisCoop/Bin32/Crysis Co-op.lnk
- Size
  
  1KB
- MD5
  
  a90cbdbeb3ca80e39d9af823d2c36595
- SHA1
  
  b21888022a70011504a5888ef72e28f6ab446cd4
- SHA256
  
  85e433bb16bbedadccf5c5528f7cf6608e852da3adda286a8ab8951c3fbeef93
- SHA512
  
  10127f5ad1fc973372bd3f68566153c5bd9173eac94278e4b42f95a2f01daa6fa7529cff5f9448608216813b8e2dd4dfa02f38d7428cdbf59b5f263b6bee2d4f
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2
- Target
  
  CrysisCoop/Bin32/CrysisCoop.dll
- Size
  
  2.7MB
- MD5
  
  e5e79da04d4da18a17c9dab14bf32ea5
- SHA1
  
  66d06f8f34a285846eb0512e6c48f5c065a55e4f
- SHA256
  
  59607bced90ddb43391b65e69d4b08d2bc690fe6d1ae0e48182c450cbd88518c
- SHA512
  
  77333f98c494701a914e044b2a3de501261492fcf6ed543a2b3db42e2d9d8603130732268e52c37400d68e381c64205ce3097e183aa2f72d370e52b59a911455
- SSDEEP
  
  49152:b2Nju6Vyk+BQ3s57qXBt90pB2egFxCvRS3MwXELaoH:bZ6ou3s5Ao2e/S8tLao
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  CrysisCoop/Bin32/Editor.lnk
- Size
  
  1KB
- MD5
  
  042ebf4571b77e766da770e2263a726d
- SHA1
  
  da214dd54342544f244ffca6b224ebf9cd8ac9ac
- SHA256
  
  02ad7b5cf9351ccf58c69f0544aaf0e60d193033bb0246425e61fc6abb829a12
- SHA512
  
  07b7f6181b309eb97d9285ee43d17e36e4211ccfabcf3f2ae649b5dfe3b7ff29a9eb73ca4d8fff45ecb1ecd4c10224b46a267625e6e9aacd7d87301eb66783a6
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral5 behavioral6
- Target
  
  CrysisCoop/Bin64/Crysis Co-op.lnk
- Size
  
  1KB
- MD5
  
  1a668109d996061cb7230abc2a7605fe
- SHA1
  
  62a391068a0d0f00f554b9ed78d5da9f82726ec0
- SHA256
  
  87f668dbc1fb0764266a866ba095ce8af94e4f090a05a26f81e86dbf883c5856
- SHA512
  
  dd67e43d68c87c1cc49733fec0ad1d9dd80ca6fac2faa4ef82b5d392f2663d903ca8d8994e8f5cb15b2c97ead5382a39d291b564fc6e511335ae9da9fa7db6c2
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral7 behavioral8
- Target
  
  CrysisCoop/Bin64/CrysisCoop.dll
- Size
  
  4.0MB
- MD5
  
  db3f4f70a3a56fa9adcb14b9c751f6b7
- SHA1
  
  7cc758227b772954d9f93215e7a031a2149ef91d
- SHA256
  
  d7b47bf065357af2d6103a9b8f5cba75814753d197f819bc1264a3775fce4a8a
- SHA512
  
  4010351a18736549afdccd3af6f03fbf2e68acb565260f23277efe10de447d847637f66a483a71c0cba18be2565c1873ebb0c674964e1059e38feca743035dcc
- SSDEEP
  
  49152:en2yH9QUiD3grmTJHQrAuizqfHnPPHTRnF8FdpY3iv52SIxixw6qKBa:da6QrAuii3HFng8ihBa
Score

1^/10
behavioral10 behavioral9
- Target
  
  CrysisCoop/Bin64/Editor.lnk
- Size
  
  1KB
- MD5
  
  a2ff097624fe8bf0b5cf6459ce64ed5f
- SHA1
  
  3f83dc1f423ee62373cd21fad355a78e9702c88e
- SHA256
  
  1ffda06f0346c2d9bb7242dcd3d3c9255bcb048cc692019a9eb7d12c18c57c30
- SHA512
  
  7d6b9c989dd9655297bb1562e9b39badf77c70d525a4f8f73e6428c9972e53db08e9656ed953601a118eb38645f3cfafbc8c083ccd51bb17902e699c5e0c8a1a
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral11 behavioral12
- Target
  
  tile2_2.raw
- Size
  
  3.0MB
- MD5
  
  40f7eca6248187e832a52b379d088ace
- SHA1
  
  f381d2b44cef38e51cc6e9422139449f8609e5fd
- SHA256
  
  44db3f71eb68d95ed4c49861bcbbfd251cddd048031a4b7b379f362730ae27d0
- SHA512
  
  c28ed0b74c24cec3c7d8071e40ec8dd07b76c9d15defb22de3891e1d68ac552884b69b060b02d940e1f2e9ee7ffbd317f8e3f66b8426b8306835dcc5b430d5fe
- SSDEEP
  
  24576:bT5Szz7mXqU1JhkMYnY9YURrrDlmJQO5YDaJOynT1/00ivlV3i+nHz4f188j2ug:bT5QmxLhKmJk5Y0tulVX06Mzg
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  CrysisCoop/Game/Scripts/Entities/Doors/AdvancedDoor.lua
- Size
  
  22KB
- MD5
  
  2d588685310b23b6b9bfe274cc33b1c6
- SHA1
  
  136ab4cb73b7bbaa65e5d61c37cd8c38eb73402d
- SHA256
  
  702894d65fbda677bdc4fa72621391e100203fdd573d62ffd3156c9181061ad8
- SHA512
  
  53e7b2c67638a440350f90b202cf7939e5b6a1ade49f7772687f9ce604f20970562fb4d4a318959e4f5f701ccf69e01f3a1ba29e1c73a49131e212721bab3cb2
- SSDEEP
  
  384:05qnAmd46DStqPV8VhL0RWdtpyIU8pNOqjB4ERoMRrwzvqiuYlLE6eieAe6+Vdr/:gqnAmd46DStqPV8VtTtpXB4ERoMRrwzA
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  CrysisCoop/Game/Scripts/Entities/Items/Item.lua
- Size
  
  10KB
- MD5
  
  19d5a42628fabe0a81fa7b75983855b0
- SHA1
  
  4048c716f362984b272edb69947b43ae6d1905ce
- SHA256
  
  116858569d03f44818adc57b3bfb9fad59d2fccdccbe3c12f494ff1aec6665d8
- SHA512
  
  300ba35a2555b888cc56f6e99c96ea6edb34122b392cae13052a58b667d5cc89f93378c9143176f9151f09f4bb661c8b77becfefb2e6c32948159b89b31c491c
- SSDEEP
  
  192:VnL+YSf2vC+7vjAi9NT4ivtzcTF6GNmGJjz57vjZ:VL6yC+bjb9WivtzgbjZ
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  CrysisCoop/Game/Scripts/Entities/Others/Mine.lua
- Size
  
  10KB
- MD5
  
  f2d06be10372f03a59fadde1c359d803
- SHA1
  
  a74f7c2726aeec4b6718481e60c92c504b8691d5
- SHA256
  
  3205324ee64f107dc6fa644b8e936a9024b8d8b997849bf6f9793ac31f5fc3fc
- SHA512
  
  1424df7d71f2d7b36e9b589b79b322ee2964bceae09ac9e1461f0ad5ccff7d7a5fbaffff1ed7347ce5544ee22fb76cf0c636598599e2730e93b8521fc3f0de49
- SSDEEP
  
  192:hrkk9iRF3K7USFOyDOGUX91IeieAe6vVGRKlhndaAC0J4yPHiFBgYRbW9S:hYkOhKwSFOyDOGUN1IeieAe69GRKlhnK
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  CrysisCoop/Game/Scripts/Entities/Others/Switch.lua
- Size
  
  12KB
- MD5
  
  fa1927554062b7e917df8686796f5ed2
- SHA1
  
  fddab16a2a3839e39a6f7464401e4f19966a7479
- SHA256
  
  dd5be4cc28174d5763785271353ab15c3a256418fbcd41a18e3a8b8bb9e05286
- SHA512
  
  6f9f9db1fa3d16811d1324e0457f59779df351e9ee24fc07b21f31bfce4cbc791f7765b4f7be200a92782384b5cad4c9469f1824f587c749a9b902dfa74020a2
- SSDEEP
  
  192:Y3Jn0DW4A/I1mHeWwg/7WjgjJ/rDVgr+nA8nhXbfK:Y3UcI1m+Wwg/7WjWvVgx
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  CrysisCoop/Game/Scripts/Entities/actor/player.lua
- Size
  
  39KB
- MD5
  
  7f7d63f46bc8f9291a8e831ac7f86e8b
- SHA1
  
  f543f590ddd64df72a8e91e286d3ba2abf4716df
- SHA256
  
  83351c1640a8aac90fa389f7475b528794267e55a7e5d0645ee60d73771763e1
- SHA512
  
  88791a110562f552199c9ebef153fe49b8b7caed94c7274be3bb786c07533a649b9423db31bea3bea2b4e0cd5e7fea2bd5af038b2ceb0f16c8a794db7c12df60
- SSDEEP
  
  768:3f68QSkpL8JT1qQLQXXSKbQ1mSJyOGVQ/d9xdQ2qp5QDaprEnHNUBRRz3aMmqE1Z:3fPQSkpL8JT1CSK8PyO99xLqp5Q6Enth
Score

3^/10

execution
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24