21fbcab3c652d5af9efe57454d60d5a5057773e1c234ed16ae14233724502b44

Analysis

max time kernel
61s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27-12-2022 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup_undertale_1.08_(18328).exe
Size

126.7MB
MD5

69a1054bcf85084cc4bc33e332f1844d
SHA1

a3db1a7c5a07ea07c31d40ab4c7685215ac4f170
SHA256

21fbcab3c652d5af9efe57454d60d5a5057773e1c234ed16ae14233724502b44
SHA512

f57df05d2d5db04cb48a1d72070ac5d76ae29620cca314817fbfbb30d42c2150115ac510acb216095115c210fe2eee80575ffc78a36fd455e72e4de9492b4f81
SSDEEP

3145728:WSHIqNWvNc0rn+0fslfSob+5Framz9LQMj5jMgQN7:WytNAfcSob2NaoLQ+7c7

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

setup_undertale_1.08_(18328).tmp

pid process

4884 setup_undertale_1.08_(18328).tmp

Loads dropped DLL 5 IoCs

Processes:

setup_undertale_1.08_(18328).tmp

pid	process
4884	setup_undertale_1.08_(18328).tmp
4884	setup_undertale_1.08_(18328).tmp
4884	setup_undertale_1.08_(18328).tmp
4884	setup_undertale_1.08_(18328).tmp
4884	setup_undertale_1.08_(18328).tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

setup_undertale_1.08_(18328).exe

description	pid	process	target process
PID 4856 wrote to memory of 4884	4856	setup_undertale_1.08_(18328).exe	setup_undertale_1.08_(18328).tmp
PID 4856 wrote to memory of 4884	4856	setup_undertale_1.08_(18328).exe	setup_undertale_1.08_(18328).tmp
PID 4856 wrote to memory of 4884	4856	setup_undertale_1.08_(18328).exe	setup_undertale_1.08_(18328).tmp

C:\Users\Admin\AppData\Local\Temp\setup_undertale_1.08_(18328).exe
"C:\Users\Admin\AppData\Local\Temp\setup_undertale_1.08_(18328).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4856

C:\Users\Admin\AppData\Local\Temp\is-07TJ8.tmp\setup_undertale_1.08_(18328).tmp
"C:\Users\Admin\AppData\Local\Temp\is-07TJ8.tmp\setup_undertale_1.08_(18328).tmp" /SL5="$901DA,132362071,185856,C:\Users\Admin\AppData\Local\Temp\setup_undertale_1.08_(18328).exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-07TJ8.tmp\setup_undertale_1.08_(18328).tmp
Filesize
1.2MB

MD5
3602e9114e7254a36fcd909cfa490c3a

SHA1
198af4c93cbcf2195df4cb4aa42096a799c7f374

SHA256
a153c8db6f20f9c54f4bd1607b2502d3914662caa9615e1c557cf0abd8777bab

SHA512
eb1caf37de29467977088952b782dd1cd97969083ef60a0307aa4dd1dde1a44227ef4a871da775b05665f5fec780294c15d6c0f2d9c275e519054eb4628d7fdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-25S2T.tmp\botva2.dll
Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-25S2T.tmp\botva2.dll
Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-25S2T.tmp\crcdll.dll
Filesize
69KB

MD5
1d51fac9e2384eeb674199cfd5281d7d

SHA1
861dfdc121357d605d0cc3793266713788109eb2

SHA256
23e90ce5a1f2d634a7bf5d5d0522fafeea6df9e536e16f5ce91035d5197128ec

SHA512
921b00adfe43b883200960e8d0958d4e6b97f6d5cfc096ee277766a3e44cc7805a20877a4edf8bd4d9102bb71a20ac218a9a512f4f76bd751d3ef14f4e0a6eda

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-25S2T.tmp\innocallback.dll
Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-25S2T.tmp\innocallback.dll
Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
memory/4856-132-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4856-136-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4856-146-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4884-134-0x0000000000000000-mapping.dmp

Download
memory/4884-143-0x0000000005B60000-0x0000000005B6E000-memory.dmp

Filesize
56KB

Download