Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://www.unknownc...

windows10-2004-x64

3

https://www.unknownc...

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://www.unknowncheats.me/forum/downloads.php?do=file&id=42786&act=down&actionhash=1732133693-9a6c87424eb62b215029162dd65e041e37786737

  • Sample

    241120-y1p1esxkbn

Score
10/10
discoveryexecutionphishing

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://193.233.254.0/responsibilityleadpro.exe

Targets

    • Target

      https://www.unknowncheats.me/forum/downloads.php?do=file&id=42786&act=down&actionhash=1732133693-9a6c87424eb62b215029162dd65e041e37786737

    Score
    10/10
    discoveryexecutionphishing

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • A potential corporate email address has been identified in the URL: [email protected]

      phishing
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks