d782574a27892f6b0ecde29477a872fbca28b99b36e4e5f8aaef14574f80d1f3

General

Target

CaveCrawler.zip
Size

719.9MB
MD5

aab2dec1413b10bba626678299e823ea
SHA1

a4f78cf18bcafc6e373594cbe2a3cb755f517f07
SHA256

d782574a27892f6b0ecde29477a872fbca28b99b36e4e5f8aaef14574f80d1f3
SHA512

33f3284523582ec3fdeaf37cb90046696b2588c056bed1e0b407cca02ff187d648815f0dd3d20cfefca4920e261c4f9642c4ce2bdfad79f349ebec5fd69466fd
SSDEEP

12582912:mcFTzmyOVs4rDtiXii1aNwDDmlegru0a32QwL6aidT:bzm5VWXH1aNwDDmVrKLwGZ

Score

3^/10

Malware Config

Signatures

Program crash 4 IoCs

pid	pid_target	Process	procid_target
2696	912	WerFault.exe	102
3724	452	WerFault.exe	108
3368	3664	WerFault.exe	119
368	3020	WerFault.exe	124

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1560	CaveCrawler.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
912	CaveCrawler.exe
452	CaveCrawler.exe
1560	CaveCrawler.exe
3664	CaveCrawler.exe
3664	CaveCrawler.exe
4076	CaveCrawler.exe
3316	CaveCrawler.exe
3020	CaveCrawler.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 452	4540	CaveCrawler.console.exe	108
PID 4540 wrote to memory of 452	4540	CaveCrawler.console.exe	108
PID 2360 wrote to memory of 3664	2360	cmd.exe	119
PID 2360 wrote to memory of 3664	2360	cmd.exe	119
PID 2360 wrote to memory of 4076	2360	cmd.exe	122
PID 2360 wrote to memory of 4076	2360	cmd.exe	122
PID 2360 wrote to memory of 3316	2360	cmd.exe	123
PID 2360 wrote to memory of 3316	2360	cmd.exe	123
PID 2360 wrote to memory of 3020	2360	cmd.exe	124
PID 2360 wrote to memory of 3020	2360	cmd.exe	124

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\CaveCrawler.zip
1⤵
PID:4268

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2076

C:\Users\Admin\Desktop\CaveCrawler\CaveCrawler.exe
"C:\Users\Admin\Desktop\CaveCrawler\CaveCrawler.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:912
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 912 -s 1264
  2⤵
  - Program crash
  PID:2696

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 412 -p 912 -ip 912
1⤵
PID:1356

C:\Users\Admin\Desktop\CaveCrawler\CaveCrawler.console.exe
"C:\Users\Admin\Desktop\CaveCrawler\CaveCrawler.console.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4540
- C:\Users\Admin\Desktop\CaveCrawler\CaveCrawler.exe
  C:\Users\Admin\Desktop\CaveCrawler\CaveCrawler.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:452
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 452 -s 528
    3⤵
    - Program crash
    PID:3724

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 456 -p 452 -ip 452
1⤵
PID:3572

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Users\Admin\Desktop\CaveCrawler\CaveCrawler.exe
  "CaveCrawler.exe" --rendering-driver opengl3
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3664
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 3664 -s 532
    3⤵
    - Program crash
    PID:3368
- C:\Users\Admin\Desktop\CaveCrawler\CaveCrawler.exe
  "CaveCrawler.exe" --rendering-driver opengl2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4076
- C:\Users\Admin\Desktop\CaveCrawler\CaveCrawler.exe
  "CaveCrawler.exe" --rendering-driver dummy
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3316
- C:\Users\Admin\Desktop\CaveCrawler\CaveCrawler.exe
  "CaveCrawler.exe" --rendering-driver vulkan
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3020
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 3020 -s 500
    3⤵
    - Program crash
    PID:368

C:\Users\Admin\Desktop\CaveCrawler\CaveCrawler.exe
"C:\Users\Admin\Desktop\CaveCrawler\CaveCrawler.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1560

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 532 -p 3664 -ip 3664
1⤵
PID:912

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 404 -p 3020 -ip 3020
1⤵
PID:820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Godot\app_userdata\Cave Crawler\logs\godot.log

Filesize
72B

MD5
57d9cb299b237cf81a5181614aac87b1

SHA1
a6ccd0fdd593486de84d9050adf2867b4d6b4fc7

SHA256
aa5ae00daaae6a17247d9e07f3ef5f0b411836a3da4665161de9bcf73fd51eef

SHA512
f38eef2cc059b3d5bc19bb044e0a5bbf7a536f7416b51816bb6e170416962cafb23d6f3cbcf5de2767f7095ee08abc7ecbb7640bd1a7c097f5fa8863a785da35

Download Submit
C:\Users\Admin\AppData\Roaming\Godot\app_userdata\Cave Crawler\logs\godot.log

Filesize
179B

MD5
31fd3165b0d98fd6142a4c2a2ad4a9f8

SHA1
71af12c38a69e486a9286558e4572a978cee72c8

SHA256
6f8ebd5c0ac62bfc4fc14fb4228ba527eaf5a1d194bd347b1f2ff55d3f20daae

SHA512
5ee04b4d1e6e774270719d8195a8a069278177e63fc97f5bb295b1fc1fdc0a1152ab7b2420f6614b5892eb335b529f483660f8b65ba6fee7ede6d4e7596b6f91

Download Submit
C:\Users\Admin\AppData\Roaming\Godot\app_userdata\Cave Crawler\logs\godot2023-04-21T06.11.09.log

Filesize
179B

MD5
31fd3165b0d98fd6142a4c2a2ad4a9f8

SHA1
71af12c38a69e486a9286558e4572a978cee72c8

SHA256
6f8ebd5c0ac62bfc4fc14fb4228ba527eaf5a1d194bd347b1f2ff55d3f20daae

SHA512
5ee04b4d1e6e774270719d8195a8a069278177e63fc97f5bb295b1fc1fdc0a1152ab7b2420f6614b5892eb335b529f483660f8b65ba6fee7ede6d4e7596b6f91

Download Submit
C:\Users\Admin\AppData\Roaming\Godot\app_userdata\Cave Crawler\logs\godot2023-04-21T06.11.52.log

Filesize
179B

MD5
31fd3165b0d98fd6142a4c2a2ad4a9f8

SHA1
71af12c38a69e486a9286558e4572a978cee72c8

SHA256
6f8ebd5c0ac62bfc4fc14fb4228ba527eaf5a1d194bd347b1f2ff55d3f20daae

SHA512
5ee04b4d1e6e774270719d8195a8a069278177e63fc97f5bb295b1fc1fdc0a1152ab7b2420f6614b5892eb335b529f483660f8b65ba6fee7ede6d4e7596b6f91

Download Submit
memory/452-139-0x00007FF6E5430000-0x00007FF6E9741000-memory.dmp

Filesize
67.1MB

Download
memory/912-133-0x00007FF6E5430000-0x00007FF6E9741000-memory.dmp

Filesize
67.1MB

Download
memory/912-135-0x00007FF6E5430000-0x00007FF6E9741000-memory.dmp

Filesize
67.1MB

Download
memory/1560-143-0x00007FF6E5430000-0x00007FF6E9741000-memory.dmp

Filesize
67.1MB

Download
memory/3020-191-0x00007FF6E5430000-0x00007FF6E9741000-memory.dmp

Filesize
67.1MB

Download
memory/3316-184-0x00007FF6E5430000-0x00007FF6E9741000-memory.dmp

Filesize
67.1MB

Download
memory/3664-148-0x00007FF6E5430000-0x00007FF6E9741000-memory.dmp

Filesize
67.1MB

Download
memory/4076-178-0x00007FF6E5430000-0x00007FF6E9741000-memory.dmp

Filesize
67.1MB

Download
memory/4540-140-0x00007FF65C670000-0x00007FF65C69E000-memory.dmp

Filesize
184KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads