7ed7bd10fcac95af3e17c39e39340c8e96d47d16728f625489da06cc58afa945

Analysis

max time kernel
60s
max time network
65s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
16-02-2023 16:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

gta san andreas jcres.exe
Size

5.5MB
MD5

69c3de7ef8db679bd3b078d7b0f1c264
SHA1

4060a0eefbe56f8030679eac07c1d431710379f1
SHA256

7ed7bd10fcac95af3e17c39e39340c8e96d47d16728f625489da06cc58afa945
SHA512

aea7fd6b926e01d96ca146a5e693d8fbd5d3fb67f499e4e81a07feb16469c5755a73d81151482a1e4b5728eb4774e712a1cc8256ee6a770174c1a85b7f485105
SSDEEP

98304:i4bL2BI4YLfYFwzLwgpfpu/LLJUqJodlZWb+J5YwXFrjoMoKtnq9kFPHWc:NbLYhYLPzEgDu/LJ69WqMKFbD6kFWc

Score

7^/10

aspackv2 discovery upx

Malware Config

Signatures

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
C:\Program Files (x86)\gta san andreas\StreamMemFix1.0.asi	aspack_v212_v242
\Program Files (x86)\gta san andreas\StreamMemFix1.0.asi	aspack_v212_v242

Executes dropped EXE 2 IoCs

Processes:

gta san andreas jcres.tmpgta_sa.exe

pid process

576 gta san andreas jcres.tmp
2024 gta_sa.exe

pid	process
576	gta san andreas jcres.tmp
2024	gta_sa.exe

Loads dropped DLL 18 IoCs

Processes:

gta san andreas jcres.exegta san andreas jcres.tmpgta_sa.exeWerFault.exe

pid	process
1132	gta san andreas jcres.exe
576	gta san andreas jcres.tmp
576	gta san andreas jcres.tmp
576	gta san andreas jcres.tmp
576	gta san andreas jcres.tmp
576	gta san andreas jcres.tmp
576	gta san andreas jcres.tmp
2024	gta_sa.exe
2024	gta_sa.exe
2024	gta_sa.exe
2024	gta_sa.exe
2024	gta_sa.exe
2024	gta_sa.exe
2024	gta_sa.exe
2024	gta_sa.exe
112	WerFault.exe
112	WerFault.exe
112	WerFault.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Program Files (x86)\gta san andreas\StreamMemFix1.0.asi	upx
\Program Files (x86)\gta san andreas\StreamMemFix1.0.asi	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 33 IoCs

Processes:

gta san andreas jcres.tmp

description	ioc	process
File created	C:\Program Files (x86)\gta san andreas\is-ECI9N.tmp	gta san andreas jcres.tmp
File opened for modification	C:\Program Files (x86)\gta san andreas\CLEO4.chm	gta san andreas jcres.tmp
File opened for modification	C:\Program Files (x86)\gta san andreas\GTAINTERFACE.dll	gta san andreas jcres.tmp
File opened for modification	C:\Program Files (x86)\gta san andreas\ogg.dll	gta san andreas jcres.tmp
File created	C:\Program Files (x86)\gta san andreas\unins000.dat	gta san andreas jcres.tmp
File created	C:\Program Files (x86)\gta san andreas\is-SPKGM.tmp	gta san andreas jcres.tmp
File created	C:\Program Files (x86)\gta san andreas\is-I7LVB.tmp	gta san andreas jcres.tmp
File created	C:\Program Files (x86)\gta san andreas\is-0QVK3.tmp	gta san andreas jcres.tmp
File opened for modification	C:\Program Files (x86)\gta san andreas\unins000.dat	gta san andreas jcres.tmp
File created	C:\Program Files (x86)\gta san andreas\is-PL53Q.tmp	gta san andreas jcres.tmp
File created	C:\Program Files (x86)\gta san andreas\is-PKRN4.tmp	gta san andreas jcres.tmp
File created	C:\Program Files (x86)\gta san andreas\is-K59GE.tmp	gta san andreas jcres.tmp
File created	C:\Program Files (x86)\gta san andreas\is-OA6I9.tmp	gta san andreas jcres.tmp
File created	C:\Program Files (x86)\gta san andreas\is-8FLFP.tmp	gta san andreas jcres.tmp
File created	C:\Program Files (x86)\gta san andreas\is-726TK.tmp	gta san andreas jcres.tmp
File created	C:\Program Files (x86)\gta san andreas\is-8OL5D.tmp	gta san andreas jcres.tmp
File created	C:\Program Files (x86)\gta san andreas\is-QTRP3.tmp	gta san andreas jcres.tmp
File created	C:\Program Files (x86)\gta san andreas\is-9L862.tmp	gta san andreas jcres.tmp
File created	C:\Program Files (x86)\gta san andreas\is-E3JOK.tmp	gta san andreas jcres.tmp
File opened for modification	C:\Program Files (x86)\gta san andreas\vorbisFile.dll	gta san andreas jcres.tmp
File opened for modification	C:\Program Files (x86)\gta san andreas\eax.dll	gta san andreas jcres.tmp
File opened for modification	C:\Program Files (x86)\gta san andreas\vorbishooked.dll	gta san andreas jcres.tmp
File created	C:\Program Files (x86)\gta san andreas\is-8F90I.tmp	gta san andreas jcres.tmp
File created	C:\Program Files (x86)\gta san andreas\is-AFPM6.tmp	gta san andreas jcres.tmp
File opened for modification	C:\Program Files (x86)\gta san andreas\gta_sa.exe	gta san andreas jcres.tmp
File opened for modification	C:\Program Files (x86)\gta san andreas\gta.exe	gta san andreas jcres.tmp
File created	C:\Program Files (x86)\gta san andreas\is-AH2BC.tmp	gta san andreas jcres.tmp
File created	C:\Program Files (x86)\gta san andreas\is-CNAF0.tmp	gta san andreas jcres.tmp
File created	C:\Program Files (x86)\gta san andreas\is-RML14.tmp	gta san andreas jcres.tmp
File opened for modification	C:\Program Files (x86)\gta san andreas\vorbis.dll	gta san andreas jcres.tmp
File opened for modification	C:\Program Files (x86)\gta san andreas\GGMM.exe	gta san andreas jcres.tmp
File created	C:\Program Files (x86)\gta san andreas\is-UJO0K.tmp	gta san andreas jcres.tmp
File opened for modification	C:\Program Files (x86)\gta san andreas\bass.dll	gta san andreas jcres.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

112 2024 WerFault.exe gta_sa.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

gta san andreas jcres.tmp

pid process

576 gta san andreas jcres.tmp
576 gta san andreas jcres.tmp

pid	pid_target	process	target process
112	2024	WerFault.exe	gta_sa.exe

pid	process
576	gta san andreas jcres.tmp
576	gta san andreas jcres.tmp

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	process
Token: 33	2012	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2012	AUDIODG.EXE
Token: 33	2012	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2012	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

gta san andreas jcres.tmp

pid process

576 gta san andreas jcres.tmp

pid	process
576	gta san andreas jcres.tmp

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

gta san andreas jcres.exegta san andreas jcres.tmpgta_sa.exe

description	pid	process	target process
PID 1132 wrote to memory of 576	1132	gta san andreas jcres.exe	gta san andreas jcres.tmp
PID 1132 wrote to memory of 576	1132	gta san andreas jcres.exe	gta san andreas jcres.tmp
PID 1132 wrote to memory of 576	1132	gta san andreas jcres.exe	gta san andreas jcres.tmp
PID 1132 wrote to memory of 576	1132	gta san andreas jcres.exe	gta san andreas jcres.tmp
PID 1132 wrote to memory of 576	1132	gta san andreas jcres.exe	gta san andreas jcres.tmp
PID 1132 wrote to memory of 576	1132	gta san andreas jcres.exe	gta san andreas jcres.tmp
PID 1132 wrote to memory of 576	1132	gta san andreas jcres.exe	gta san andreas jcres.tmp
PID 576 wrote to memory of 2024	576	gta san andreas jcres.tmp	gta_sa.exe
PID 576 wrote to memory of 2024	576	gta san andreas jcres.tmp	gta_sa.exe
PID 576 wrote to memory of 2024	576	gta san andreas jcres.tmp	gta_sa.exe
PID 576 wrote to memory of 2024	576	gta san andreas jcres.tmp	gta_sa.exe
PID 2024 wrote to memory of 112	2024	gta_sa.exe	WerFault.exe
PID 2024 wrote to memory of 112	2024	gta_sa.exe	WerFault.exe
PID 2024 wrote to memory of 112	2024	gta_sa.exe	WerFault.exe
PID 2024 wrote to memory of 112	2024	gta_sa.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\gta san andreas jcres.exe
"C:\Users\Admin\AppData\Local\Temp\gta san andreas jcres.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1132

C:\Users\Admin\AppData\Local\Temp\is-DDPAU.tmp\gta san andreas jcres.tmp
"C:\Users\Admin\AppData\Local\Temp\is-DDPAU.tmp\gta san andreas jcres.tmp" /SL5="$90120,5490190,49152,C:\Users\Admin\AppData\Local\Temp\gta san andreas jcres.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:576

C:\Program Files (x86)\gta san andreas\gta_sa.exe
"C:\Program Files (x86)\gta san andreas\gta_sa.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 120
4⤵
- Loads dropped DLL
- Program crash
PID:112

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1112

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:328

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x554
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2012

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\gta san andreas\BASS.dll
Filesize
97KB

MD5
df054025c9e845b33b27a99af750f9b9

SHA1
cb2a9dc07dada8e2d96d10baee878131aeff0d14

SHA256
dfa29cf9a2cbcd8b1dcf7fb7a72764ff2b05e47b056e2a80190338492e0ad0a4

SHA512
f1de2207a6ea3bb455ff763bb86404e57a78d0e1d229a0158e41c53507b7b63be926142ee39fae62b6408acb8e5a350ce0f5beaf1823c7d09a4bde88622e4f36

Download Submit
C:\Program Files (x86)\gta san andreas\CLEO.asi
Filesize
146KB

MD5
ec137c0fab1a69c09f64ba3eb8557cb6

SHA1
07f322e914a5d07dc753435fc99e7300c07a2a77

SHA256
cd398fdb1166f24b1145796492e131dcb3937b0060c372aaec0d49b12282734f

SHA512
81e23459394a4313589f9b4fa014b44af7a1194b0237af99a23410c27f6790bdf9907ef5ea7cee60c72629994294098a9c3fb3d3f16833057da1c0d454c32015

Download Submit
C:\Program Files (x86)\gta san andreas\EAX.DLL
Filesize
184KB

MD5
309d860fc8137e5fe9e7056c33b4b8be

SHA1
b5f626330520a970d10ece04fed62552d5ac7ffd

SHA256
b2da4f1e47ef8054c8390ead0b97d1fbb0c547245b79b8861cfa92ce9ef153fb

SHA512
9c345a125c8308f41fe3a0dc71f624f9b16a0119aa8b237ff2c16c63a15839f656f732c71b5198c4ba256320691a1302c90cbf01791745f99f00d50c8b4e3a61

Download Submit
C:\Program Files (x86)\gta san andreas\StreamMemFix1.0.asi
Filesize
27KB

MD5
f786108b7accebf37dc8c8fd25b563ff

SHA1
c9b31bee2e2b9377e319bcad247bff03db68a49a

SHA256
ef4b0fa41f332799d656c2c0c2143de5199840811da32b12e690e24e02c044b2

SHA512
9149b46cc9280246b405c952b31a8140ec63a7cd094ee63e038ce3a168393538094138a5d78358b4d3269ecce570ea994d8a0448d0b23164ceeb940544708a6b

Download Submit
C:\Program Files (x86)\gta san andreas\gta_sa.exe
Filesize
13.7MB

MD5
170b3a9108687b26da2d8901c6948a18

SHA1
185b73fbceaa05d66452691fc0d15c8d61b92a7e

SHA256
a559aa772fd136379155efa71f00c47aad34bbfeae6196b0fe1047d0645cbd26

SHA512
d5ac208636ea1ebe565d4f25adf9ffc3d83c5b08d80f615afc3f64cd2f06298295dbee14044fb1bff66c26be20cc3e42e4f6f916d2b4efbf475d8d3f41aae6ae

Download Submit
C:\Program Files (x86)\gta san andreas\ogg.dll
Filesize
36KB

MD5
0602f672ba595716e64ec4040e6de376

SHA1
b00735e08b821aa9fc5850084ae057b5f618fb2a

SHA256
4a4f65427e016b3c5ae0d2517a69db5f1cdc7a43d2c0a7957e8da5d6f378f063

SHA512
9c03bc45c6bfc9f323802813a040992789b99cb961bf43b6e7536e3a379e3c22ea2fc86998c005c6ff1264f6081458a8de9c827a5f5d6a9c065ad7484e796ede

Download Submit
C:\Program Files (x86)\gta san andreas\vorbis.dll
Filesize
1.0MB

MD5
2840f08dd9753a5b13c60d6d1c165c9a

SHA1
c89297e75b6813cf8950e278a5c390e2c5f9d9f6

SHA256
fefda850b69e007fceba644483c7616bc07e9f177fc634fb74e114f0d15b0db0

SHA512
41a36f50cb01714d7adcef0cea0e1ad0e5303618582d190d7e6c895ca1f9ff23a1a9e40a6f33e87c9ffdba8ce46cf464657942bf04d5a005aa3b28ca4fad44f5

Download Submit
C:\Program Files (x86)\gta san andreas\vorbisHooked.dll
Filesize
50KB

MD5
84c24d0e15ede7d9d400c168a4ab43ff

SHA1
7ae9d96715c4f4e54517b410a51d9f609ab008c1

SHA256
4a0a57dd3770da03290d063726a4be214a82eb3f8e636bc07888f3a331c6fbc9

SHA512
cbfeefb86873e7f7ab22431e7e66557851d5899e69c9ec6d92efe100cdec663f5c030d86a9f5329d3a0234380127754de55b87ffdafa5624d24e6176c49acb5a

Download Submit
C:\Program Files (x86)\gta san andreas\vorbisfile.dll
Filesize
3KB

MD5
6749a6f6886a9646c23bcbc7da412633

SHA1
88e29478519c7b1aa86668c346466e1ba75f8407

SHA256
7261135f3b2dafc3a6a9796cdc676ab50a9a541ee900cc9c61429415d54b6817

SHA512
0c9bbefdc76b6449814d722de1e12b73716c21db73d2a0acde9ba154663d8f31455ce7ffd4f48cadba2bfe00cf09c13de94ed7a04953d40f406496b1b6925a93

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DDPAU.tmp\gta san andreas jcres.tmp
Filesize
682KB

MD5
a546ecf8c27932aede6ce0fafce40aeb

SHA1
687977a4fc93746f9d082f3e7d3903f99ec96396

SHA256
346332efb594147d4c1ba043e97a424f6f63293896c8fadd64884ca1979a023a

SHA512
b6edb91ee8070697ac371ad868f17843529f79b3d63b037d21771dd453dbb26778e4906b3a510e04d12d98c9d341dd1d9b1ffa88e761bb343783b23ccea2e2fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DDPAU.tmp\gta san andreas jcres.tmp
Filesize
682KB

MD5
a546ecf8c27932aede6ce0fafce40aeb

SHA1
687977a4fc93746f9d082f3e7d3903f99ec96396

SHA256
346332efb594147d4c1ba043e97a424f6f63293896c8fadd64884ca1979a023a

SHA512
b6edb91ee8070697ac371ad868f17843529f79b3d63b037d21771dd453dbb26778e4906b3a510e04d12d98c9d341dd1d9b1ffa88e761bb343783b23ccea2e2fa

Download Submit
\Program Files (x86)\gta san andreas\CLEO.asi
Filesize
146KB

MD5
ec137c0fab1a69c09f64ba3eb8557cb6

SHA1
07f322e914a5d07dc753435fc99e7300c07a2a77

SHA256
cd398fdb1166f24b1145796492e131dcb3937b0060c372aaec0d49b12282734f

SHA512
81e23459394a4313589f9b4fa014b44af7a1194b0237af99a23410c27f6790bdf9907ef5ea7cee60c72629994294098a9c3fb3d3f16833057da1c0d454c32015

Download Submit
\Program Files (x86)\gta san andreas\StreamMemFix1.0.asi
Filesize
27KB

MD5
f786108b7accebf37dc8c8fd25b563ff

SHA1
c9b31bee2e2b9377e319bcad247bff03db68a49a

SHA256
ef4b0fa41f332799d656c2c0c2143de5199840811da32b12e690e24e02c044b2

SHA512
9149b46cc9280246b405c952b31a8140ec63a7cd094ee63e038ce3a168393538094138a5d78358b4d3269ecce570ea994d8a0448d0b23164ceeb940544708a6b

Download Submit
\Program Files (x86)\gta san andreas\bass.dll
Filesize
97KB

MD5
df054025c9e845b33b27a99af750f9b9

SHA1
cb2a9dc07dada8e2d96d10baee878131aeff0d14

SHA256
dfa29cf9a2cbcd8b1dcf7fb7a72764ff2b05e47b056e2a80190338492e0ad0a4

SHA512
f1de2207a6ea3bb455ff763bb86404e57a78d0e1d229a0158e41c53507b7b63be926142ee39fae62b6408acb8e5a350ce0f5beaf1823c7d09a4bde88622e4f36

Download Submit
\Program Files (x86)\gta san andreas\eax.dll
Filesize
184KB

MD5
309d860fc8137e5fe9e7056c33b4b8be

SHA1
b5f626330520a970d10ece04fed62552d5ac7ffd

SHA256
b2da4f1e47ef8054c8390ead0b97d1fbb0c547245b79b8861cfa92ce9ef153fb

SHA512
9c345a125c8308f41fe3a0dc71f624f9b16a0119aa8b237ff2c16c63a15839f656f732c71b5198c4ba256320691a1302c90cbf01791745f99f00d50c8b4e3a61

Download Submit
\Program Files (x86)\gta san andreas\gta_sa.exe
Filesize
13.7MB

MD5
170b3a9108687b26da2d8901c6948a18

SHA1
185b73fbceaa05d66452691fc0d15c8d61b92a7e

SHA256
a559aa772fd136379155efa71f00c47aad34bbfeae6196b0fe1047d0645cbd26

SHA512
d5ac208636ea1ebe565d4f25adf9ffc3d83c5b08d80f615afc3f64cd2f06298295dbee14044fb1bff66c26be20cc3e42e4f6f916d2b4efbf475d8d3f41aae6ae

Download Submit
\Program Files (x86)\gta san andreas\gta_sa.exe
Filesize
13.7MB

MD5
170b3a9108687b26da2d8901c6948a18

SHA1
185b73fbceaa05d66452691fc0d15c8d61b92a7e

SHA256
a559aa772fd136379155efa71f00c47aad34bbfeae6196b0fe1047d0645cbd26

SHA512
d5ac208636ea1ebe565d4f25adf9ffc3d83c5b08d80f615afc3f64cd2f06298295dbee14044fb1bff66c26be20cc3e42e4f6f916d2b4efbf475d8d3f41aae6ae

Download Submit
\Program Files (x86)\gta san andreas\gta_sa.exe
Filesize
13.7MB

MD5
170b3a9108687b26da2d8901c6948a18

SHA1
185b73fbceaa05d66452691fc0d15c8d61b92a7e

SHA256
a559aa772fd136379155efa71f00c47aad34bbfeae6196b0fe1047d0645cbd26

SHA512
d5ac208636ea1ebe565d4f25adf9ffc3d83c5b08d80f615afc3f64cd2f06298295dbee14044fb1bff66c26be20cc3e42e4f6f916d2b4efbf475d8d3f41aae6ae

Download Submit
\Program Files (x86)\gta san andreas\gta_sa.exe
Filesize
13.7MB

MD5
170b3a9108687b26da2d8901c6948a18

SHA1
185b73fbceaa05d66452691fc0d15c8d61b92a7e

SHA256
a559aa772fd136379155efa71f00c47aad34bbfeae6196b0fe1047d0645cbd26

SHA512
d5ac208636ea1ebe565d4f25adf9ffc3d83c5b08d80f615afc3f64cd2f06298295dbee14044fb1bff66c26be20cc3e42e4f6f916d2b4efbf475d8d3f41aae6ae

Download Submit
\Program Files (x86)\gta san andreas\gta_sa.exe
Filesize
13.7MB

MD5
170b3a9108687b26da2d8901c6948a18

SHA1
185b73fbceaa05d66452691fc0d15c8d61b92a7e

SHA256
a559aa772fd136379155efa71f00c47aad34bbfeae6196b0fe1047d0645cbd26

SHA512
d5ac208636ea1ebe565d4f25adf9ffc3d83c5b08d80f615afc3f64cd2f06298295dbee14044fb1bff66c26be20cc3e42e4f6f916d2b4efbf475d8d3f41aae6ae

Download Submit
\Program Files (x86)\gta san andreas\gta_sa.exe
Filesize
13.7MB

MD5
170b3a9108687b26da2d8901c6948a18

SHA1
185b73fbceaa05d66452691fc0d15c8d61b92a7e

SHA256
a559aa772fd136379155efa71f00c47aad34bbfeae6196b0fe1047d0645cbd26

SHA512
d5ac208636ea1ebe565d4f25adf9ffc3d83c5b08d80f615afc3f64cd2f06298295dbee14044fb1bff66c26be20cc3e42e4f6f916d2b4efbf475d8d3f41aae6ae

Download Submit
\Program Files (x86)\gta san andreas\ogg.dll
Filesize
36KB

MD5
0602f672ba595716e64ec4040e6de376

SHA1
b00735e08b821aa9fc5850084ae057b5f618fb2a

SHA256
4a4f65427e016b3c5ae0d2517a69db5f1cdc7a43d2c0a7957e8da5d6f378f063

SHA512
9c03bc45c6bfc9f323802813a040992789b99cb961bf43b6e7536e3a379e3c22ea2fc86998c005c6ff1264f6081458a8de9c827a5f5d6a9c065ad7484e796ede

Download Submit
\Program Files (x86)\gta san andreas\unins000.exe
Filesize
695KB

MD5
48693c3e6ae031918d8ff8ab9ac414a6

SHA1
fd5888b2b224f762c9f425ffb05073760b2110a4

SHA256
2f364cd3923c587a2bef08e4b791d9795ec7269e2e5f950a26dfeb17b9c94274

SHA512
4d52bc342530775fe56d13da437c3a32da4b9d7294600a0290f164e0820c44b1a12fd45ca62ea85c49a89e1408bb7878493183afbc20d20c09f5dfe1927742a2

Download Submit
\Program Files (x86)\gta san andreas\vorbis.dll
Filesize
1.0MB

MD5
2840f08dd9753a5b13c60d6d1c165c9a

SHA1
c89297e75b6813cf8950e278a5c390e2c5f9d9f6

SHA256
fefda850b69e007fceba644483c7616bc07e9f177fc634fb74e114f0d15b0db0

SHA512
41a36f50cb01714d7adcef0cea0e1ad0e5303618582d190d7e6c895ca1f9ff23a1a9e40a6f33e87c9ffdba8ce46cf464657942bf04d5a005aa3b28ca4fad44f5

Download Submit
\Program Files (x86)\gta san andreas\vorbisFile.dll
Filesize
3KB

MD5
6749a6f6886a9646c23bcbc7da412633

SHA1
88e29478519c7b1aa86668c346466e1ba75f8407

SHA256
7261135f3b2dafc3a6a9796cdc676ab50a9a541ee900cc9c61429415d54b6817

SHA512
0c9bbefdc76b6449814d722de1e12b73716c21db73d2a0acde9ba154663d8f31455ce7ffd4f48cadba2bfe00cf09c13de94ed7a04953d40f406496b1b6925a93

Download Submit
\Program Files (x86)\gta san andreas\vorbishooked.dll
Filesize
50KB

MD5
84c24d0e15ede7d9d400c168a4ab43ff

SHA1
7ae9d96715c4f4e54517b410a51d9f609ab008c1

SHA256
4a0a57dd3770da03290d063726a4be214a82eb3f8e636bc07888f3a331c6fbc9

SHA512
cbfeefb86873e7f7ab22431e7e66557851d5899e69c9ec6d92efe100cdec663f5c030d86a9f5329d3a0234380127754de55b87ffdafa5624d24e6176c49acb5a

Download Submit
\Users\Admin\AppData\Local\Temp\is-DDPAU.tmp\gta san andreas jcres.tmp
Filesize
682KB

MD5
a546ecf8c27932aede6ce0fafce40aeb

SHA1
687977a4fc93746f9d082f3e7d3903f99ec96396

SHA256
346332efb594147d4c1ba043e97a424f6f63293896c8fadd64884ca1979a023a

SHA512
b6edb91ee8070697ac371ad868f17843529f79b3d63b037d21771dd453dbb26778e4906b3a510e04d12d98c9d341dd1d9b1ffa88e761bb343783b23ccea2e2fa

Download Submit
\Users\Admin\AppData\Local\Temp\is-UHVF9.tmp\_isetup\_shfoldr.dll
Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-UHVF9.tmp\_isetup\_shfoldr.dll
Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
memory/112-96-0x0000000000000000-mapping.dmp

Download
memory/576-76-0x0000000003C00000-0x0000000004D77000-memory.dmp

Filesize
17.5MB

Download
memory/576-57-0x0000000000000000-mapping.dmp

Download
memory/576-63-0x00000000748A1000-0x00000000748A3000-memory.dmp

Filesize
8KB

Download
memory/576-67-0x0000000001E80000-0x0000000001E90000-memory.dmp

Filesize
64KB

Download
memory/1112-95-0x000007FEFBCE1000-0x000007FEFBCE3000-memory.dmp

Filesize
8KB

Download
memory/1132-73-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/1132-55-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/1132-62-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/1132-54-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

Filesize
8KB

Download
memory/2024-84-0x0000000001A00000-0x0000000001B08000-memory.dmp

Filesize
1.0MB

Download
memory/2024-94-0x0000000074BF0000-0x0000000074BF3000-memory.dmp

Filesize
12KB

Download
memory/2024-97-0x0000000011000000-0x0000000011063000-memory.dmp

Filesize
396KB

Download
memory/2024-70-0x0000000000000000-mapping.dmp

Download
memory/2024-87-0x0000000000320000-0x0000000000350000-memory.dmp

Filesize
192KB

Download
memory/2024-82-0x0000000000400000-0x0000000001577000-memory.dmp

Filesize
17.5MB

Download
memory/2024-80-0x0000000000020000-0x0000000000029000-memory.dmp

Filesize
36KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads