Overview

overview

10

Static

static

10

SAMXCHEATcrack1.exe

windows7-x64

10

SAMXCHEATcrack1.exe

windows10-2004-x64

10

Realtek HD...ce.exe

windows7-x64

10

Realtek HD...ce.exe

windows10-2004-x64

10

SAM X CHEA...k1.exe

windows7-x64

6

SAM X CHEA...k1.exe

windows10-2004-x64

6

Windows Sh...st.exe

windows7-x64

10

Windows Sh...st.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    22/11/2024, 18:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SAM X CHEAT crack1.exe

  • Size

    3.6MB

  • MD5

    38023663c5bba5e8d46cee0612e57a51

  • SHA1

    fd21a4aafa31ee8ebd851590e0ec79f7996725ac

  • SHA256

    a02b92ae36ca6fdc300a95a3e29d5a824f2f12a91e0bb6a6f499808ac12c816c

  • SHA512

    c8ab8e304d5e224153d8c7822646e9127520929cec32f655b69ea299540e6d824b9b7e57e6dc3c17ce97d6aaf71cda6dd499f9c7f6e59237276f5832a13573f1

  • SSDEEP

    98304:E+woaBHtFIT4bNJFY3Oqtbh+KH4kpc+DX/0Huhd:E+nAbjBHYcKYODtd

Score
6/10
discovery

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SAM X CHEAT crack1.exe
    "C:\Users\Admin\AppData\Local\Temp\SAM X CHEAT crack1.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious use of WriteProcessMemory
    PID:1764
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/BNXa5rYFXM
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2368
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2824

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    0903faff6262691b05dca2297d1beb02

    SHA1

    7fac8c40fb27f788263319bf81f306b5018d6ce9

    SHA256

    91175b8952b2c5b4cf78b3d900336c2a4216240c359d1bf72c58bb0f9719fafe

    SHA512

    472c07a5dd66e94024e2e1f27be84629657df651efbaafe546235a2e21103a273fd5cf35578277febfc3f98bffd6551106f56cfb6cd1952249c2e2aee1ffb138

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f4fcf2b78edd433a2727b82a0b5534c

    SHA1

    c9044d03736813ba0f02af611d8c0d9539eac1e6

    SHA256

    cbc4c36a02806c6ce74940c49587e10cdbeaabd47edf3d73b2fa5e601f8744f4

    SHA512

    c136aa02ec6ae87349c7e4f3f825275bb326d646bf2888b6afe242fa0f73db0ecfcffe11aa6540235a98ef7ac713615b6fe042247f93ea41f90a168b462022eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e236ccdea8a3d360499da2c20cffafdd

    SHA1

    f48e610dd90324c50d64c3755918a3367d313c89

    SHA256

    e1d8858fff6ee2823957809fa39d9d957bca65e433e120b44928778bddfbf17a

    SHA512

    3f3978915dce494ca82df619c3aadb090c8df68efbe2e31a5b50515c8d02ecdf42b5251ed1882bfee39abff4503f64600e5d03cbeec3f8a7a2252b20ef4ec59f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    51de71f1083b0e3cd3438f443a0aa5cd

    SHA1

    9cd1e8dedfe1366cf955de242703be78a81f2166

    SHA256

    a49a607f23105cc36070006e6752713d9e7fbf9a0965cbec1ebc2da929354a3b

    SHA512

    70a656d51532a21468642e6d9b83bb1a24bfd65a8ca4e75074bd0d5d9b5a78d3986f3244e6cd3c965158d35948053780078355aa0bd09f6a497715dcb3db2328

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    444c80499183f34e7ecd84e1b349830f

    SHA1

    5db49321fb929f7dff072c341319271776d0d783

    SHA256

    aae3131774329ccb4dbe7da0b77a62e7b655c5da145d367b0977d9fba9068f11

    SHA512

    9fd6e51c7159da6a95cc6d643673b1b1eab74b4d8e5243504a611fe5ed7939260468934983fa548d3d0aa4fede5bae90cfd62ea12dbedd91aab2bdffb62d7386

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a8a6cf2b56d409bec488e29aa7acbefa

    SHA1

    2c9a36a499d02bd6ac1fdbca60c2b465d23f889a

    SHA256

    37492bf6f484780ef3384bf2f1b9724fce8ffb3d26e337557a088e87588a8b6e

    SHA512

    d9c304c46e955f31f354cfbc4dcfbb8e76fd6d72f59809aca1a2e68a98dfc11f1e7422251af2970166d8c03fc72d5f0c6ba1445acd07bf6083b6032b7c3de519

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    38c206c7fef79446ea84276cb0d9ddf8

    SHA1

    0fba8e3bd14b23a742b3bcf5d385f747a97915fa

    SHA256

    bb6097e7270a7039f30f8316e06a223cc853ed30423c8bebfb6451164778efeb

    SHA512

    4fb910cac9d43d13ecda2de05dd3bf8203313f4be50a06f6910a2e4983b07ed6cb99368fb5c77279a4d90e22cce83806a9c58e3a2e0557bdd3eef8e057946f60

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56ae46461f86275f23db6c98146059d9

    SHA1

    a6620e6f13d3891dd10fd77f41b3534c70fff8f8

    SHA256

    0efe56675d21b24941d8ec05f91265683ee112debbc57042641d56fa94f32a6c

    SHA512

    4b424e493a49788b8ae2084c0b0f5ef3c0fe5d4b5bb0c66d1b81b72e1c332a12a18e042989b4514e1d9c341ee777d2b6c3dd6baf5ee9fe257e83dd3169e7913d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65d89d65e83d8738706b24cc85ca42fc

    SHA1

    9bed05250ec843b1fe99f4d50a95ead55c8ed1f2

    SHA256

    0cc15fb0f42d16989a21330a3368dedb8c8bce78be494b1741f922d2b08a9131

    SHA512

    1f6b76f4eac6e7ed47af542fbff28fcea1a1ae8906036a8b1e1b43c3c742e3febe907da745211778fa613c499d4d28ddb4b8bef78e40a1967a2d347fcbbe5bd2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3409f0bf1b840442ddcb81313dd8a607

    SHA1

    0f964635ebf60128623c981c8653f4be795208b9

    SHA256

    d40a0ff9a0bf8d60e97d953b3f2c7e5a989c02d8bd47b5cce0e6a1a37cbea10b

    SHA512

    7b7eb7ea5ae08552b2a57d473a8d9ba7033c9cbd4e5c94a86944fe847df75ac093b10f721ba2ba067182411ff4fb15b0c68eab3ec28c73b67f52f590adbe5707

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb7b0f692813ae78d3f05d5a3df81bc1

    SHA1

    d5c0a3df13770d277588658a13aaeb8ae4ba26ff

    SHA256

    876d12c13c11de1bf5e1d70a66bf2d2cc2409019f979f706388c03f58b4c0002

    SHA512

    bba11206d18cce1e0eaf9607227a8f0b20e1d5f2bd392455332134fadc6a00e2860cbdbc69e8af70c3988cecc549fb88ccd6e41839753ede182c338b437751d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d7e7bb89249f0add33991fe11877ad70

    SHA1

    09885cdcdcdf2c560c9523380d89df73021a2405

    SHA256

    b7d910fa927de7f4eae8b3196ffdbea03cc0e40ec42d000a4a6787f280e73b62

    SHA512

    0dae5a2a9a06502ba60608dec0de1e6d753db583130c7385362b052770b3ab65b4c1950cbeaf0766f04eecfc997c1e7d3a115c74d4831a148a7022f7719d6666

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1efed3785c7c789225d455b5bd446a81

    SHA1

    cdfc21f465081f425ba901b447b551346e0c6e1e

    SHA256

    9b3d6b4d159273d11dd9e66679e0e2bd8c7ed27109c9824b5e4188b6bd81acb8

    SHA512

    3158bf2635a30a18fbeb29031fd4562bddf207e42bffed7141cac3c441591c248ed875238408c404bcae7f21b988e7f3e03ff7e799ba356c7dddd616d0c2aa70

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cd8b80e9406c20315955536fec62a4e1

    SHA1

    e46496c148930824ad68ae4f9efdbb7f00a5b6b8

    SHA256

    93302bbed9115cf4cb72d9e443a8275a940323c834b8cd2239f3780bed90dda0

    SHA512

    003a816acedc3a71890108bbc1479e73ba4107d6d6d24679135e39217fc729081f90e1eb0d5abc7b7e5e823e43c06f596a58930fc5efc1728ad6cd1e67ca909c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9245578f4797b97543b9e6b4d51c8bf

    SHA1

    24d10238fd1dd7f40578633c2143e6ebf75b35ba

    SHA256

    1aaf7ce0e31fe58efcc25a4d6144151cf263893b7616b153b8ef66832d692e18

    SHA512

    c0a92491271c77c71f936a43ae56639bfccc2e5a9ccbb9e2f877b77fae2a187390b73eb3b9c8b8ad2943f077ec6b41443e3dce6e3808bc9d0c9bc132cfadf95d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92a45203a742988df58a723d95d90852

    SHA1

    2f68c7a8991748318e15398f227cc1a73cc4514f

    SHA256

    bcaf1990581febf50727814d998eb1408b832c36ce995164c83345dc7494271c

    SHA512

    6f252e87be6d44f7af1d5a7f28cf783855c6e18386232917743ae3bc217898b56d33147306bad79a89c614fe192230491315c0fcf4d169365954d098ada684f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ddff0c801875232fa5652fe91f9be09b

    SHA1

    8922dd333cbc65d3857591097affd680be2ebc73

    SHA256

    f5ad641657d323650ce2ac635f550c03295264fecd9be6cf814c12e97a15bf36

    SHA512

    4ad23e6c81700411be4498b906617626cf830dceb645f3b6537f5a602a5b1c08042217cb3639a02584736c9007bbaf128c1173c080ff1c171718d0a4102ea57f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2bf9556d42a21b843f4a4a6e64d16649

    SHA1

    8bee8d36be9929dc12d2c23a7c0b92b31ee86808

    SHA256

    2d2b375cc2ed596eb73f840f2032c922412d0d3f8c625accb723dcd86bc32d2b

    SHA512

    6822512f2ec4c465571dfbd736b96b0e521fb3620227a2af17365650307baaa1450500160ac23bfbd8ee9524058fdfbb73fadf324de1acc78543b35d8ec97d09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2aeb917d3bc38f1d5f7f395b74e4ff45

    SHA1

    959d9c5db1742fe4897a878f00d954cbed2ca9b4

    SHA256

    369c2f57b6604dad1269d7c3054ceb64463b177c496e0c15d66a5ccda6da9bd0

    SHA512

    244fdf06ad95da668bc3b0a5ba84c28f4e943df779385513315848fa41e418d1f1f4d6a4c45a022bbc17d09abe0a603f31cda5a9469c7358120ac5d42079e2ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    049d5de852e7e5c34f19576e5c126027

    SHA1

    99dd6bf9c60404d158b2b3de591eca5153c2a45f

    SHA256

    48da461ebdf6b4dc77079e50d49cadf7fd4464b543b3ae4116a11aa6a1501710

    SHA512

    7638cb333f3ebde683864faddf4fdb457bb581a89e1652b407e9acdb8971b785440bdf4cce6b83f3de2721feccee007c6d63db27182aa07fa46e2068757b1c94

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\melo7gx\imagestore.dat
    Filesize

    24KB

    MD5

    5ef66d7d0327249a29cef0a94c6b625c

    SHA1

    75dfaf2929b600b9094c466a703b5178fe3deec2

    SHA256

    b192d293f2521ab0f2d3e7553b6349551407f549d29900723975307bd66e89bb

    SHA512

    41955c2fbcbd42ee792951d3f23c8621b5eeb72fa3535fa0044324e099e883089f0924c2a789acf435d935dc179fde0975aa8f31e70cd0fdd7ed83c4cd486d7c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\favicon[1].ico
    Filesize

    23KB

    MD5

    ec2c34cadd4b5f4594415127380a85e6

    SHA1

    e7e129270da0153510ef04a148d08702b980b679

    SHA256

    128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

    SHA512

    c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4E13.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4E24.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1764-9-0x000007FEF5830000-0x000007FEF621C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1764-0-0x000007FEF5833000-0x000007FEF5834000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1764-60-0x000007FEF5830000-0x000007FEF621C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1764-8-0x000007FEF5833000-0x000007FEF5834000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1764-7-0x000007FEF5830000-0x000007FEF621C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1764-6-0x000007FEF5830000-0x000007FEF621C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1764-5-0x000000001C840000-0x000000001CA54000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1764-4-0x000007FEF5830000-0x000007FEF621C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1764-3-0x0000000000CB0000-0x0000000000CCA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1764-2-0x0000000000860000-0x0000000000872000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1764-1-0x0000000000E00000-0x0000000001192000-memory.dmp

    Filesize

    3.6MB

    Download