Overview

overview

10

Static

static

10

R.E.P.O.v....02.rar

windows7-x64

7

R.E.P.O.v....02.rar

windows10-2004-x64

1

Resubmissions

22/03/2025, 22:23

250322-2ayfna11az 10

Analysis

  • max time kernel
    721s
  • max time network
    753s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    22/03/2025, 22:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    R.E.P.O.v.0.1.2.co-op_02.rar

  • Size

    358.0MB

  • MD5

    c4f6bba19690b8eca8416aceab8eb6c4

  • SHA1

    37cedee608cb68fff0d37c37924c3575ce292f7f

  • SHA256

    67d1d7881e51d02af2ff5726bee7ea59a5b561cc9f9b91a4b1eaf5052e9c80b6

  • SHA512

    81a4d7f0fb50d7c61159e99880b71cb6e0082f34382dc7c8f98607d2d3a8fe31e0efb63ba402790549da76ef7ffcc47d18a1e6527b9e32aab3704badfff07c01

  • SSDEEP

    6291456:77N8CpCR0cxfYCyGXXvPp215QUvvLtXRnZbk6yULGbjWr2M/RZYiDewvto:7q0CR0CfY9GPPpOQsvL5/wULGb6lXYio

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 29 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\R.E.P.O.v.0.1.2.co-op_02.rar"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2288
  • C:\Users\Admin\Desktop\R.E.P.O.v.0.1.2.co-op_02\REPO.exe
    "C:\Users\Admin\Desktop\R.E.P.O.v.0.1.2.co-op_02\REPO.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1012
    • C:\Windows\system32\cmd.exe
      cmd.exe /c start "link" "http://freetp.org/6564-.html"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3048
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://freetp.org/6564-.html
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2412
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2412 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1532
  • C:\Users\Admin\Desktop\R.E.P.O.v.0.1.2.co-op_02\REPO.exe
    "C:\Users\Admin\Desktop\R.E.P.O.v.0.1.2.co-op_02\REPO.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:2760
  • C:\Users\Admin\Desktop\R.E.P.O.v.0.1.2.co-op_02\REPO.exe
    "C:\Users\Admin\Desktop\R.E.P.O.v.0.1.2.co-op_02\REPO.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:2136
  • C:\Users\Admin\Desktop\R.E.P.O.v.0.1.2.co-op_02\REPO.exe
    "C:\Users\Admin\Desktop\R.E.P.O.v.0.1.2.co-op_02\REPO.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:1600

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    71KB

    MD5

    83142242e97b8953c386f988aa694e4a

    SHA1

    833ed12fc15b356136dcdd27c61a50f59c5c7d50

    SHA256

    d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

    SHA512

    bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
    Filesize

    230B

    MD5

    92135647c033f8effba65db0e51514c4

    SHA1

    eb7c7f9f3c29c664a069952b50469ab7ca9df40e

    SHA256

    2efbd711b4ae2fcad78c6e5894d726b2a2142b80bfc73d7318292cf335c261fc

    SHA512

    217f4cf89a114e5a0b086f4faa2a87c4e4a369e7ab9dfc9fc77e9098690136678811cc7fefaeabf86d060a9282e3bad0919de0fbfc3f0c03241836029c3d80d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dc2560ea9bb878bc6cc619d943f44df6

    SHA1

    6a463ce47fe7bba01fe75bb56d1f4a6d4b964a5a

    SHA256

    f9af2e5d4bd1b24c5e07a4725768bc27e327ce63acc879d490563b5c92cf2fd0

    SHA512

    72e3ee9836ee68c9eb276baae7523af9f72d8ff9978522f4ee452386efd216cc2cd9c0ac9639114ae4a3dc9c348a65812c2f90c6a058d240d81d896f7b342523

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    14badb6415fbd5579c7ed3cdab515b10

    SHA1

    21e1a240a847f616d7e438e1c829c26f4e53cb27

    SHA256

    5cfa340cf516772fbd4a75dc78b7a316af4c17a2fb550ceda82a5224db9b594b

    SHA512

    1d3edf224d30287142f8e47daefd51986709adc5b68564efbe296e05df0eed7f567f2df18794531f29e62969cadb469a05562a4a3777cf159de6bdef7ef599ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bdcac7d4caedab60a3ce0552eeb6ee53

    SHA1

    19786a5e330901aca63a94e2a1e2d388d732dac0

    SHA256

    e8647b527e668a62eb38425d5ba18e25ea098320df219376e7776f9164185a09

    SHA512

    9b919945bd4745c05b92544ff103dd8c73f38b1d4bc287f0132351c3ac5f48d65cb804a0fe4f715b7f09f29759b9a3f6a8217f32671c8e8278decfaaaa2c7aec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1d682cfde07364987e3c931921a7b6e8

    SHA1

    cc09238b940d2479790b29f35c30e17280fb7b78

    SHA256

    7fea4cbda2047377b0c07d1d429949d70529daf773689c98f3c04c7f6a99e9c8

    SHA512

    e9f48f4026ebe8b0d05cd0b3231ae63c109bae58ee2935ade272b64dc80ad4b08f94c7871b7305971840286b865d1e8afe6410ad44122be4c3b5e935dccffe77

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    42dfecfb45518db81f2eaa6ccadd921e

    SHA1

    272465493b7d2f44d681eca8f8af7171411447ea

    SHA256

    98321c678b50d5ade1b890c90daa177c6a287f9a8e19f6b33301c95653a8cd43

    SHA512

    654616e6fb83c0e1758fcaccaab761837a884b380993c146ca0f2e83dec8ec0cdc69cea1c31650c25fbcb6b35c6bcdf0e93a835e9bc26688ce11910a48a01e88

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zE0F82C86A\R.E.P.O.v.0.1.2.co-op_02\MonoBleedingEdge\etc\mono\4.5\Browsers\Compat.browser
    Filesize

    1KB

    MD5

    0d831c1264b5b32a39fa347de368fe48

    SHA1

    187dff516f9448e63ea5078190b3347922c4b3eb

    SHA256

    8a1082057ac5681dcd4e9c227ed7fb8eb42ac1618963b5de3b65739dd77e2741

    SHA512

    4b7549eda1f8ed2c4533d056b62ca5030445393f9c6003e5ee47301ff7f44b4bd5022b74d54f571aa890b6e4593c6eded1a881500ac5ba2a720dc0ff280300af

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zE0F82C86A\R.E.P.O.v.0.1.2.co-op_02\MonoBleedingEdge\etc\mono\4.5\DefaultWsdlHelpGenerator.aspx
    Filesize

    59KB

    MD5

    f7be9f1841ff92f9d4040aed832e0c79

    SHA1

    b3e4b508aab3cf201c06892713b43ddb0c43b7ae

    SHA256

    751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a

    SHA512

    380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabCF52.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCF75.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD0B3.tmp
    Filesize

    183KB

    MD5

    109cab5505f5e065b63d01361467a83b

    SHA1

    4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

    SHA256

    ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

    SHA512

    753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

    Download Submit

  • C:\Users\Admin\Desktop\R.E.P.O.v.0.1.2.co-op_02\FreeTP\.hashe
    Filesize

    4B

    MD5

    728609761977dc1b0732db8d07fe1e35

    SHA1

    556525f1394b757aa041519c721941688f432014

    SHA256

    df0a19d777926dab1e9bf2ec8dfc344d9a0bdaf38c9cc27f5f796b604252903e

    SHA512

    041502ffc1edb12ffe32d9b2e0a905a96409544b1afe2855441078b119c26429350eb050d89ee98716c8aa00f5e470a028d92411e5898620c48dcfc81d3f8ba6

    Download Submit

  • C:\Users\Admin\Desktop\R.E.P.O.v.0.1.2.co-op_02\SteamFix.ini
    Filesize

    348B

    MD5

    0fdad1c531e24377de0f33ca8a480a14

    SHA1

    3d42e104c9908696537664506d2860b412698c9a

    SHA256

    fac57717bfe66d895125c275c3de76fc611447f496c21d420bf05d22bc1efca8

    SHA512

    ed15af2e47dd46b4efc5fcffb735bf8b31922f4388e4b624b1eee2dc68f7a9decf5cee05d64bf1469aa98ef5b503f7c1edde74c8c9a9333262755d347b5733c0

    Download Submit

  • C:\Users\Admin\Desktop\R.E.P.O.v.0.1.2.co-op_02\SteamFix64.dll
    Filesize

    1.3MB

    MD5

    e17dce61f18ab57929879600c678caaf

    SHA1

    e94e94f1c08c0460a995baf8a5d9258afe0b7fbf

    SHA256

    fc230947f9b2647a5581a6ae91415464e60bc70c3948cdf4945c5c592bcd6eba

    SHA512

    561c61f1a4d2e907887dad3cf932f4dd6552c04debbe8afb4e13aa3f78137737787bb305c8e1a088cef3348dd5795c15e0489df20c7db607e4810ce11d058e20

    Download Submit

  • C:\Users\Admin\Desktop\R.E.P.O.v.0.1.2.co-op_02\UnityPlayer.dll
    Filesize

    29.5MB

    MD5

    b33d91200048e718c7207367f49d60fe

    SHA1

    cc95b2632f33ec9a533852df3402c58ef3faf0c1

    SHA256

    4b34672318371b54be9d89c9482a91ab3d26ae5d209935b8ad5919e00ec4f1d9

    SHA512

    edc94d2deab48e3aa57566904ebafc7082d63f14901c36067783deb10538e74124cdbadc72d40ec3c9db09c9e1cd27b18bdfd1969545e2607d34d5d12ec1d220

    Download Submit

  • C:\Users\Admin\Desktop\R.E.P.O.v.0.1.2.co-op_02\WINMM.dll
    Filesize

    21KB

    MD5

    93d2124fad54933b81f852507c9c3de5

    SHA1

    26426fc2fc6217675c887f515abe9674399552c1

    SHA256

    8c6649fb8f73ee2af7eb6b32b134e44ed5c506cc6d843b250efb515615d3548a

    SHA512

    2402a317203ca65f34870b111b6af4b79ef2f5918d1b9b163af88c29baa223c37dd9be6f40ca88e585f59a91535d3fd28b1d748079d0f2e8a46c4218f4916210

    Download Submit

  • C:\Users\Admin\Desktop\R.E.P.O.v.0.1.2.co-op_02\winmm.txt
    Filesize

    32B

    MD5

    da253540ef094e2b9f3bcf830d260f2e

    SHA1

    5e510f6e61bb6e44d6cddfc6808ce8467bafa970

    SHA256

    92573d4e2965257e4c9488982d96a03898b5beda033bffc731f7ca3c5f1e09fe

    SHA512

    5d270c406a892804e61c391049794fcdb6c61823ceca352d2550bf22583baa2f26df3d1fcb135a60e8ecd6af8a48651261a7b375b5ebb046767e40b6bd72d272

    Download Submit

  • \Users\Admin\Desktop\R.E.P.O.v.0.1.2.co-op_02\REPO.exe
    Filesize

    651KB

    MD5

    37e2e7e012343ccef500133286fcbf27

    SHA1

    4b7e66039d04b14ddcfb580a6e6a395ea52222be

    SHA256

    1643ff9ed131adde7a22363f26d36308b4b4fb8f9ba61e5afce3b6803c5cb302

    SHA512

    418dcb69e506f42248c00459eb3fa5a576006fead83cb5372e5710a8e95265654c316bbb314e4b8afa69e393a7cdf01219b7e17095d1990ab418f0aed68c687e

    Download Submit

  • \Users\Admin\Desktop\R.E.P.O.v.0.1.2.co-op_02\UnityCrashHandler64.exe
    Filesize

    1.1MB

    MD5

    9fbd5305c2c2fc8458c9774d3dd815e4

    SHA1

    4bb449696116301c686f51135699302d62770a0c

    SHA256

    670e0fe0d0b8e5d42109b0b4dec606c6f8252b8c98af807e36b40117c07f269f

    SHA512

    2ea7aecd995bbb102d03766ffc4a5419a784fc69cdee263afebcde70d2db795f88b9c39f591c0b1fcee7ab52334766b50e8827204b39b9f9cc497dc6f854684e

    Download Submit

  • memory/1012-449-0x000007FEF4860000-0x000007FEF4AA8000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/1012-450-0x000007FEF4860000-0x000007FEF4AA8000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/1012-781-0x000007FEF4860000-0x000007FEF4AA8000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/1600-851-0x000007FEF67F0000-0x000007FEF6A38000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/1600-852-0x000007FEF67F0000-0x000007FEF6A38000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/1600-855-0x000007FEF67F0000-0x000007FEF6A38000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2136-838-0x000007FEF4960000-0x000007FEF4BA8000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2136-839-0x000007FEF4960000-0x000007FEF4BA8000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2136-842-0x000007FEF4960000-0x000007FEF4BA8000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2760-828-0x000007FEF67F0000-0x000007FEF6A38000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2760-829-0x000007FEF67F0000-0x000007FEF6A38000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2760-833-0x000007FEF67F0000-0x000007FEF6A38000-memory.dmp

    Filesize

    2.3MB

    Download