Forcer.exe

Status: finished

Submission Time: 2023-07-31 21:34:07 +02:00

Malicious

Ransomware

Trojan

Evader

AsyncRAT, DcRat

Comments

Details

Analysis ID:
1283386
API (Web) ID:
1283386
Analysis Started:

2023-07-31 21:34:09 +02:00
Analysis Finished:

2023-07-31 21:52:44 +02:00
MD5:
1323af6b17a0a43fee4a4f45bd0437c5
SHA1:
c6833e169b6273f625a95e07aaf97bc843c28bd0
SHA256:
95c06a49c439b9c6baf3e39786a25e09c065e407c6b9bb0ba0e31a0bd8f12ad8
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 58	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

Score: 22/38

malicious

IPs

IP	Country	Detection
8.8.8.8	United States
2.21.22.169	European Union
173.222.108.226	United States
Click to see the 2 hidden entries
192.229.221.95	United States
147.185.221.16	United States

URLs

Name	Detection
https://support.steampowered.com/kb/6262-QXCN-0755/Steam
https://support.steampowered.com/kb/6262-QXCN-0755/This
http://support.steampowered.com/
Click to see the 38 hidden entries
http://schemas.xmlsoap.org/wsdl/
http://www.steampowered.com
https://contoso.com/
https://nuget.org/nuget.exe
http://fakecaptiveportal.org/
http://www.steampowered.com/HelpLinkDisplayIconUninstallStringNoModifyNoRepair
https://support.steampowered.com/kb/1266-QFZC-2141/%game%
https://support.steampowered.com/kb/6262-QXCN-0755/You
http://crl.m
https://support.steampowered.com/kb_article.php?ref=8509-RFXM-1964Video
http://crl.micr
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.steampowered.com/Steam/Messages/driver_update/index.phphttp://www.steampowered.com/Steam/
http://www.valvesoftware.com%game%
https://support.steampowered.com/kb/1266-QFZC-2141/This
http://www.steampowered.com/platform/game_info/czero/http://www.steampowered.com/platform/game_info/
https://support.steampowered.com/kb/1968-HKLX-7538/Activation
https://support.steampowered.com/kb_article.php?ref=5953-QTIO-1764Support
https://contoso.com/Icon
http://www.steampowered.comCongratulations
https://support.steampowered.comLearn
http://pesterbdd.com/images/Pester.png
http://schemas.xmlsoap.org/soap/encoding/
http://www.apache.org/licenses/LICENSE-2.0.html
http://support.amd.com/us/gpudownload/linux/Pages/radeon_linux.aspxYour
http://steampowered.com/index.php?area=forumsPlay
https://support.steampowered.com/kb_article.php?ref=9400-IPAX-9398&auth=e39b5c227cffc8ae65414aba013e
https://contoso.com/License
http://nuget.org/NuGet.exe
http://nsis.sf.net/NSIS_ErrorError
http://fakecaptiveportal.org/Captive
https://support.steampowered.com/kb_article.php?ref=5953-QTIO-1764Steam
https://support.steampowered.com/kb_article.php?ref=4020-ALZM-5519My
https://support.steampowered.com/kb_article.php?ref=7137-PGHL-8428COUNTRYDATEFRIENDLY
https://github.com/Pester/Pester
https://support.steampowered.com/kb/2734-UDFX-1098/Product
https://support.steampowered.com/kb/1266-QFZC-2141/Steam
http://support.steampowered.com/kb_article.php?ref=8787-WYIL-1543Please

Dropped files

Name	File Type	Hashes
C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\controller_config_controller_ps3.png_	PNG image data, 1000 x 598, 8-bit/color RGBA, non-interlaced	#
C:\Program Files (x86)\Steam\package\tenfoot_sounds_all.zip.vz.3a674120cadd742865159e85dd3ec75b7dcc748c_1226636	data	#
C:\Program Files (x86)\Steam\package\tmp\clientui\fonts\clientui.uifont_	PDP-11 pure executable not stripped	#
Click to see the 48 hidden entries
C:\Program Files (x86)\Steam\package\tmp\steamui-public\images\61cd6ef8419159a03d49.png_	PNG image data, 320 x 200, 8-bit/color RGB, non-interlaced	#
C:\Program Files (x86)\Steam\package\tmp\steamui-public\images\controller\controller_config_controller_ps3.png_	PNG image data, 1000 x 598, 8-bit/color RGBA, non-interlaced	#
C:\Program Files (x86)\Steam\package\tmp\steamui\images\61cd6ef8419159a03d49.png_	PNG image data, 320 x 200, 8-bit/color RGB, non-interlaced	#
C:\Program Files (x86)\Steam\package\tmp\steamui\images\controller\controller_config_controller_ps3.png_	PNG image data, 1000 x 598, 8-bit/color RGBA, non-interlaced	#
C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\browser\defaultfav.png_	PNG image data, 553 x 363, 8-bit/color RGB, non-interlaced	#
C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\carousel_bg.png_	PNG image data, 1920 x 400, 8-bit/color RGBA, non-interlaced	#
C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\homeglow.png_	PNG image data, 1936 x 600, 8-bit/color RGBA, non-interlaced	#
C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\alpha_controller.png_	PNG image data, 1574 x 768, 8-bit/color RGBA, non-interlaced	#
C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\alpha_controller_callout_backside_left.png_	PNG image data, 1574 x 768, 8-bit/color RGBA, non-interlaced	#
C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\alpha_controller_callout_backside_right.png_	PNG image data, 1574 x 768, 8-bit/color RGBA, non-interlaced	#
C:\Program Files (x86)\Steam\package\tenfoot_misc_all.zip.a49df66ba6bd900ed2c58bb4a9a578752f73f511	data	#
C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\controller_config_controller_ps4.png_	PNG image data, 1000 x 598, 8-bit/color RGBA, non-interlaced	#
C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\controller_config_controller_x360.png_	PNG image data, 1000 x 598, 8-bit/color RGBA, non-interlaced	#
C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\controller\controller_config_controller_xboxone.png_	PNG image data, 1000 x 598, 8-bit/color RGBA, non-interlaced	#
C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\library_app_details_bg_wash.png_	PNG image data, 1920 x 980, 8-bit/color RGBA, non-interlaced	#
C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\library\library_grid_bg_wash.png_	PNG image data, 1879 x 928, 8-bit/color RGBA, non-interlaced	#
C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\overlay\overlay_bg_wash.png_	PNG image data, 1879 x 928, 8-bit/color RGBA, non-interlaced	#
C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\store\store_app_bg.png_	PNG image data, 1920 x 948, 8-bit/color RGBA, non-interlaced	#
C:\Program Files (x86)\Steam\package\tmp\tenfoot\resource\images\store\store_app_bg_mask.png_	PNG image data, 1920 x 928, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, Windows 2000/XP setup, 63843 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression	#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Forcer.exe.log	CSV text	#
C:\Users\user\AppData\Local\Temp\Windows.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\WindowsInstaller.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Program Files (x86)\Steam\package\resources_music_all.zip.vz.6ab5be2f768f6d1bf0bcbd0f7ad2beb081b7472d_3707757	data	#
C:\Program Files (x86)\Steam\bin\SteamService.exe	PE32 executable (console) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Steam\clientui\fonts\clientui.uifont (copy)	PDP-11 pure executable not stripped	#
C:\Program Files (x86)\Steam\package\bins_cef_win32_win10-64.zip.vz.d63bcb5a2d579f048538e61ef9e9faa9ff46e362_68607483	data	#
C:\Program Files (x86)\Steam\package\bins_codecs_win32.zip.vz.75115d428dad4c6577a2fa8a6f8f422fa17b16cc_3095158	data	#
C:\Program Files (x86)\Steam\package\bins_misc_win32.zip.vz.f35d293b528a5cff5266c168f6bb160cc383e743_13267842	data	#
C:\Program Files (x86)\Steam\package\bins_webhelpers_win32_win10-64.zip.vz.c6c592a091c27d3dbbc42efdc0c8566ca2d46dbc_2813841	data	#
C:\Program Files (x86)\Steam\package\bins_win32.zip.vz.0fea7d66ad9217cd0646c9cee096c21a2d85e649_29716075	data	#
C:\Program Files (x86)\Steam\package\friendsui_all.zip.vz.dc5a05e568618d8b9a42a7ffb9c85a8368b39e19_2792909	data	#
C:\Program Files (x86)\Steam\package\public_all.zip.vz.9c814ca63a5b4779fbd99234e4c6ccdbcfb2cafb_10209176	data	#
C:\Program Files (x86)\Steam\package\resources_all.zip.vz.87b7b04f8107a68259af46cb088551ff46016ecf_19357713	data	#
C:\Program Files (x86)\Steam\package\resources_hidpi_all.zip.vz.3de815c3117712cb9eeb7ea4c8b275faf481dcfd_56342	data	#
C:\Program Files (x86)\Steam\package\resources_misc_all.zip.vz.e86a975545f3ab21a77373870cb311ef93934b8c_2224876	data	#
C:\Program Files (x86)\Steam\Steam.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Program Files (x86)\Steam\package\steam_win32_steamrow.zip.vz.f71a1a31ad111088c819b824acbf9063248dc6d9_1801552	data	#
C:\Program Files (x86)\Steam\package\steamui_websrc_all.zip.vz.69019218fe12f0c44fbad339b6e6bee6d7cdd142_22923135	data	#
C:\Program Files (x86)\Steam\package\steamui_websrc_movies_all.zip.e92f802a10e9495b1b1d84eca244237b0e1f6242	data	#
C:\Program Files (x86)\Steam\package\steamui_websrc_sounds_all.zip.vz.bd24952948415fdf999cc7546ec13ff0053438dd_2434551	data	#
C:\Program Files (x86)\Steam\package\strings_all.zip.vz.b4145d1f5eecd6456963e7c2b090d31360713c57_1976877	data	#
C:\Program Files (x86)\Steam\package\strings_en_all.zip.fa6949f4468780b96f0fd1dbaf1093db93b35245	Zip archive data, made by v2.0, extract using at least v2.0, last modified Sat Mar 5 07:24:24 2016, method=store	#
C:\Program Files (x86)\Steam\package\tenfoot_all.zip.vz.fab79f3519d90c15a2afbbc46e6c340b861953d1_2381108	data	#
C:\Program Files (x86)\Steam\package\tenfoot_ambientsounds_all.zip.c8342205c2cdfec5329ec8ec2905ddaa33be3cb8	data	#
C:\Program Files (x86)\Steam\package\tenfoot_dicts_all.zip.3a6cb3db75398c509bdc6e389408b6951017494b	data	#
C:\Program Files (x86)\Steam\package\tenfoot_fonts_all.zip.vz.e19674422bc376becd7bf4a73b4b52eefc34c7fe_12075477	data	#
C:\Program Files (x86)\Steam\package\tenfoot_images_all.zip.vz.2bb2e0fd7778b60915d496578aa4722e1db8c58f_32706663	data	#

Deep Malware Analysis

Forcer.exe

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Deep Malware Analysis

Forcer.exe Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

URLs

Dropped files

Search started

Forcer.exe