Overview

overview

7

Static

static

3

ZuQiuJingL...er.exe

windows7-x64

7

ZuQiuJingL...er.exe

windows10-2004-x64

7

ZuQiuJingL...��.url

windows7-x64

1

ZuQiuJingL...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    144s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2024, 19:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ZuQiuJingLi2019CE/Football.Manager.2019.v19.1.1.Plus.4.Trainer.exe

  • Size

    4.3MB

  • MD5

    c7a7c3e55c0194b45a87b5d94ce42620

  • SHA1

    62c4af6ccfe2b343def800383a9b8a278fde8ebc

  • SHA256

    1f426adb3ca8f8b529e52d470515a8978b7187c87cb2e04174d535de2c25d140

  • SHA512

    6652b990a9549f66b2c57affc1299e163fc11502eee85d5a889a4d08fdab1306e4bf2fefd0d39103ccdd3a15db5c10ec71b5a8c202174ecf4e2d58b9256e8875

  • SSDEEP

    98304:oW47DYQoDmSZaxYVJfFU5iRFwSukEIx0sGXL/hvcposyjz0l4vxyHAt:oW47D0DmSZhJ96ibwlPfXtv8y864At

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Drops file in System32 directory 51 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 16 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ZuQiuJingLi2019CE\Football.Manager.2019.v19.1.1.Plus.4.Trainer.exe
    "C:\Users\Admin\AppData\Local\Temp\ZuQiuJingLi2019CE\Football.Manager.2019.v19.1.1.Plus.4.Trainer.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Users\Admin\AppData\Local\Temp\cetrainers\CETD21E.tmp\Football.Manager.2019.v19.1.1.Plus.4.Trainer.exe
      "C:\Users\Admin\AppData\Local\Temp\cetrainers\CETD21E.tmp\Football.Manager.2019.v19.1.1.Plus.4.Trainer.exe" -ORIGIN:"C:\Users\Admin\AppData\Local\Temp\ZuQiuJingLi2019CE\"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2248
      • C:\Users\Admin\AppData\Local\Temp\cetrainers\CETD21E.tmp\extracted\Football.Manager.2019.v19.1.1.Plus.4.Trainer.exe
        C:\Users\Admin\AppData\Local\Temp\cetrainers\CETD21E.tmp\extracted\Football.Manager.2019.v19.1.1.Plus.4.Trainer.exe "C:\Users\Admin\AppData\Local\Temp\cetrainers\CETD21E.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:C:\Users\Admin\AppData\Local\Temp\ZuQiuJingLi2019CE\"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:3064

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\cetrainers\CETD21E.tmp\CET_Archive.dat
          Filesize

          4.0MB

          MD5

          63dda5da0ca8a45d7628528dd4dea57c

          SHA1

          2e2aa35e79d161c04cde098d2ecf9afeaebd6d06

          SHA256

          18fb145cfc4c4ee6af22c1fcb9e0dffb09bddc14674fda83cebdbde4293c6da2

          SHA512

          a5a9ef0a38b089d045180baa066fd159fbb60f2a56c93361c153231451f8b20a23ce63ca6ce6c061a5ff4172687d5a3bb85964e51bd59589fe18a7570038cfb8

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\cetrainers\CETD21E.tmp\extracted\CET_TRAINER.CETRAINER
          Filesize

          78KB

          MD5

          240b5867d2dfb441664a07c6f382b4ae

          SHA1

          fd122adcc14e26a6c171eb8cd1d75fbf98ed34bd

          SHA256

          6afe0652f6bb35911cbcda3b039388e468425d2de47ad4f5ea0fa5125e080c31

          SHA512

          9f91617972087bc3ac1ae3287319243463874ffd80f821c27803472d6f3814420a0fa57ab300c978dca758b0dd79dbfaeac58586d548c960d7e02ee26068332d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\cetrainers\CETD21E.tmp\extracted\defines.lua
          Filesize

          6KB

          MD5

          11262ee8c196ed4e1e0e65c1d1ca3b9f

          SHA1

          dbd2ff593134f1ae0ea476b445a5e965efb943c7

          SHA256

          9adb8ded37012dbd1ca984f89338ba555c809272bb5456e650713532d3d9b4a1

          SHA512

          f8c9bd72962fd0618cb94c42bdded5326b95774c073f36f322d87e35f026bdd3fa00c2138682d11c3cf0981731206830bf4d59eaa0a2d0c7772efd21e43ed7fc

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\cetrainers\CETD21E.tmp\extracted\lua53-64.dll
          Filesize

          522KB

          MD5

          b19ca65cd5c6f20c77dbc60bce20e826

          SHA1

          06ef80fc54bc5098b2c8d7c7530f2dd63bd4917d

          SHA256

          522fd7cac73f55f249b82fbaee587db6e527c76eac9837cf54622ee476be8fab

          SHA512

          4f0c9573e433efdcd7cc8b82286a2c5eb9ecc1666d535f4f4e4525fc0e58656b41a14f0c1cf3fa6958917632e69b9317a2553ec90a05e1ca3209b0b78dd69c33

          Download Submit

        • \Users\Admin\AppData\Local\Temp\cetrainers\CETD21E.tmp\Football.Manager.2019.v19.1.1.Plus.4.Trainer.exe
          Filesize

          189KB

          MD5

          a65c29111a4cf5a7fdd5a9d79f77bcab

          SHA1

          c0c59b1f792c975558c33a3b7cf0d94adc636660

          SHA256

          dab3003436b6861ae220cc5fdcb97970fc05afdf114c2f91e46eed627ce3d6af

          SHA512

          b37ef3351e8f46f7183550254acce99b54e0199fc37a02cca78b471dc2d8b697769afdaf7e6cfe89422cfed65a8dcc6d158ef52aba5b0ac9350ea05607fefd7f

          Download Submit

        • \Users\Admin\AppData\Local\Temp\cetrainers\CETD21E.tmp\extracted\Football.Manager.2019.v19.1.1.Plus.4.Trainer.exe
          Filesize

          11.7MB

          MD5

          8bdd19a934dce560ff0efa486b3b1b5a

          SHA1

          454f902b50773b623b4f30f9d643ae1df4f0f929

          SHA256

          53dec4958d065e410c51e2548fd873c5e5e7fb381450975e822d7c7fbd7f76cd

          SHA512

          21b1ea4751ea4c201fb92ef63e7556b07b6f1a69356940db8619e5346acdab679399e98ab37d66e74a188cd2e0bfa788d9cd24e38bf38ef04adfa4db530bb5d0

          Download Submit

        • memory/3064-20-0x0000000003EC0000-0x0000000003EC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3064-21-0x0000000003EC0000-0x0000000003EC1000-memory.dmp

          Filesize

          4KB

          Download