5bd23c4dc64b65701d8b7948d87f33c757db01fbd94446eb3bab9e1aea735ce1

Analysis

max time kernel
61s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23/04/2023, 20:52 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Cuphead/__support/scriptinterpreter.exe
Size

1.1MB
MD5

838f5a821203e6694f2d52f4b43a0fed
SHA1

64c01c33391c961f2a8f2c1dc52022b4524e1f61
SHA256

ee2af72e557435c833298115ab0b6a8ff85fc10488c67272151a890a2b1938ab
SHA512

18f4a9e693d17530734f784e5081beb929d63e5d1a4d336bd1c338435206ba1cef6d99cd27cd329e2bcd72f556387c737d420df541bc6d2f2669a9f41b282b1e
SSDEEP

24576:qBW9t1NCb5s07FKUUwloe2aEOh+2LGkS10t8Iy5YtPlqQFfYmFr:vdgNFDoeYOWO85Yttq9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4400	scriptinterpreter.tmp

Loads dropped DLL 2 IoCs

pid	Process
4400	scriptinterpreter.tmp
4400	scriptinterpreter.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4444 wrote to memory of 4400	4444	scriptinterpreter.exe	83
PID 4444 wrote to memory of 4400	4444	scriptinterpreter.exe	83
PID 4444 wrote to memory of 4400	4444	scriptinterpreter.exe	83

C:\Users\Admin\AppData\Local\Temp\Cuphead\__support\scriptinterpreter.exe
"C:\Users\Admin\AppData\Local\Temp\Cuphead\__support\scriptinterpreter.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4444
- C:\Users\Admin\AppData\Local\Temp\is-22KHD.tmp\scriptinterpreter.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-22KHD.tmp\scriptinterpreter.tmp" /SL5="$A0040,559450,185856,C:\Users\Admin\AppData\Local\Temp\Cuphead\__support\scriptinterpreter.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4400

Network

DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

74.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.32.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

86.8.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.8.109.52.in-addr.arpa

IN PTR

Response

93.184.220.29:80

322 B
7
20.50.201.195:443

322 B
7
209.197.3.8:80

322 B
7
209.197.3.8:80

322 B
7
173.223.113.164:443

322 B
7
173.223.113.131:80

322 B
7
131.253.33.203:80

322 B
7
209.197.3.8:80

322 B
7

8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

74.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

74.32.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

86.8.109.52.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.8.109.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-22KHD.tmp\scriptinterpreter.tmp

Filesize
1.2MB

MD5
81deecc63c5d711b1da2d3f70cfa517c

SHA1
af9cf82840d27bb0b8abbcb619c7a77619eeed6c

SHA256
336c9d33eb17c249295a0bdc8cd60d6e1bbe1c5e97d3e7f035ce775eba4aff2b

SHA512
a4ea8366394bf290d4cfbf6126aea85fecc85196948bacc79704bf184819436d92220a0517849040039397f555e27a2b6adb5512df99824073becbe45a3bd9b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DJ853.tmp\uninstall.dll

Filesize
689KB

MD5
b57815f1a4c9bd6cb7dc729fe90a7210

SHA1
04d1ebdb8f1c67ef2c2e17a2679754bddd133630

SHA256
8249f3c7cb935d0cd388df821cb9eb95bc6c7cb9908d8ab956fe65a1964ad2cd

SHA512
d9f896c9dccf776ce976adab48202f9bf9a7150c6a5e10475baae2b4d6fcdbc68d158c33762b3b51f44166126130089412785fbb2f8b3a37536ecc20d8ffa657

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DJ853.tmp\uninstall.dll

Filesize
689KB

MD5
b57815f1a4c9bd6cb7dc729fe90a7210

SHA1
04d1ebdb8f1c67ef2c2e17a2679754bddd133630

SHA256
8249f3c7cb935d0cd388df821cb9eb95bc6c7cb9908d8ab956fe65a1964ad2cd

SHA512
d9f896c9dccf776ce976adab48202f9bf9a7150c6a5e10475baae2b4d6fcdbc68d158c33762b3b51f44166126130089412785fbb2f8b3a37536ecc20d8ffa657

Download Submit
memory/4400-146-0x0000000002B00000-0x0000000002B01000-memory.dmp

Filesize
4KB

Download
memory/4400-138-0x00000000023D0000-0x00000000023D1000-memory.dmp

Filesize
4KB

Download
memory/4400-144-0x0000000005280000-0x0000000005337000-memory.dmp

Filesize
732KB

Download
memory/4400-148-0x0000000000400000-0x000000000053D000-memory.dmp

Filesize
1.2MB

Download
memory/4400-149-0x0000000005280000-0x0000000005337000-memory.dmp

Filesize
732KB

Download
memory/4400-150-0x00000000023D0000-0x00000000023D1000-memory.dmp

Filesize
4KB

Download
memory/4400-154-0x0000000000400000-0x000000000053D000-memory.dmp

Filesize
1.2MB

Download
memory/4444-133-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4444-147-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4444-156-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.