Overview

overview

7

Static

static

3

Mods Manag...45.zip

windows11-21h2-x64

7

data/app.so

windows11-21h2-x64

3

data/flutt...st.bin

windows11-21h2-x64

3

data/flutt...t.json

windows11-21h2-x64

3

data/flutt...t.json

windows11-21h2-x64

3

data/flutt...CES.gz

windows11-21h2-x64

1

NOTICES.z

windows11-21h2-x64

3

data/flutt...ar.otf

windows11-21h2-x64

3

data/flutt...e.frag

windows11-21h2-x64

3

data/icudtl.dat

windows11-21h2-x64

3

desktop_dr...in.dll

windows11-21h2-x64

1

flutter_windows.dll

windows11-21h2-x64

1

marvel_riv...er.exe

windows11-21h2-x64

1

url_launch...in.dll

windows11-21h2-x64

1

window_siz...in.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    16s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    01-01-2025 07:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Mods Manager MR-208-1-3-1735435045.zip

  • Size

    11.0MB

  • MD5

    c68117666fe93995a48c3f9ce5c89ef2

  • SHA1

    7637f2118d86460120ebb4d4184bac0c0812e510

  • SHA256

    96647169ccc0d8eb18abf345112cf71cef8b0b4768c908be73ca5f4653f110c1

  • SHA512

    a70645d3f4f23f59b7598dea61d10982d803dc423ffe0f9ea090a4a0b81412c49b671914b7d3c01b832fd250f1852d3986064680d3f5a7ce282704bc17a38bfd

  • SSDEEP

    196608:hncBqo7vYVA2WvRpwDg/40DUAH80J6ZP2p72jF7TYHtN5yTGyXaH2GdmcMbu:BcBqmwVARRUg/4PY+P3F7TYD5nyXu2up

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Mods Manager MR-208-1-3-1735435045.zip"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:4656
    • C:\Users\Admin\AppData\Local\Temp\7zO032D9E97\marvel_rivals_mod_manager.exe
      "C:\Users\Admin\AppData\Local\Temp\7zO032D9E97\marvel_rivals_mod_manager.exe"
      2⤵
      • Executes dropped EXE
      PID:5100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zO032D9E97\marvel_rivals_mod_manager.exe
    Filesize

    57KB

    MD5

    603c42fd7215987feb880bb5af375eee

    SHA1

    4804cd97ce430286559f0e9acfddb7eb0cd061c2

    SHA256

    2cec9a0e9ebd1e8cea5fae5c3a2681aa0eac8e19e568b1ae02d036b6363bb7fd

    SHA512

    31224fc7d7d9cfc63ac2ae9c34f4134fa99d2a7e638ee3b045ff4eebb0b4d2cf96ea1611625ff78a23aa34fb22fb5f3833fb1fa14c49f712c4acebe71be3340f

    Download Submit