21fbcab3c652d5af9efe57454d60d5a5057773e1c234ed16ae14233724502b44

Resubmissions

03-06-2023 19:14

230603-xxs28sac3s 10

Analysis

max time kernel
152s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03-06-2023 19:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup_undertale_1.08_(18328).exe
Size

126.7MB
MD5

69a1054bcf85084cc4bc33e332f1844d
SHA1

a3db1a7c5a07ea07c31d40ab4c7685215ac4f170
SHA256

21fbcab3c652d5af9efe57454d60d5a5057773e1c234ed16ae14233724502b44
SHA512

f57df05d2d5db04cb48a1d72070ac5d76ae29620cca314817fbfbb30d42c2150115ac510acb216095115c210fe2eee80575ffc78a36fd455e72e4de9492b4f81
SSDEEP

3145728:WSHIqNWvNc0rn+0fslfSob+5Framz9LQMj5jMgQN7:WytNAfcSob2NaoLQ+7c7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4212	setup_undertale_1.08_(18328).tmp

Loads dropped DLL 5 IoCs

pid	Process
4212	setup_undertale_1.08_(18328).tmp
4212	setup_undertale_1.08_(18328).tmp
4212	setup_undertale_1.08_(18328).tmp
4212	setup_undertale_1.08_(18328).tmp
4212	setup_undertale_1.08_(18328).tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 4212	2028	setup_undertale_1.08_(18328).exe	81
PID 2028 wrote to memory of 4212	2028	setup_undertale_1.08_(18328).exe	81
PID 2028 wrote to memory of 4212	2028	setup_undertale_1.08_(18328).exe	81

C:\Users\Admin\AppData\Local\Temp\setup_undertale_1.08_(18328).exe
"C:\Users\Admin\AppData\Local\Temp\setup_undertale_1.08_(18328).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Users\Admin\AppData\Local\Temp\is-BT5SO.tmp\setup_undertale_1.08_(18328).tmp
  "C:\Users\Admin\AppData\Local\Temp\is-BT5SO.tmp\setup_undertale_1.08_(18328).tmp" /SL5="$801AE,132362071,185856,C:\Users\Admin\AppData\Local\Temp\setup_undertale_1.08_(18328).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-1TNFM.tmp\1207658702_english.jpg

Filesize
195KB

MD5
ed224bf981e588b310321e3364cde5cd

SHA1
b3a7c43742304b6541bd83b04104ba0511103cd9

SHA256
988c25e3d92bbce791a012beabe67b70d0f708fe658a75304261f9699de0c063

SHA512
9c1ee058e5adeb765b435c4de9b1c9d211dbfec1d6d9b78abb5c38887d21a9920d35cb61b8139662b03acc5b74132c4bf267a91927587ab59b490cdf519e3902

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1TNFM.tmp\1449139823_english.jpg

Filesize
192KB

MD5
c86d1d0ecf523cbc44a0f3cff1f81586

SHA1
a906d195974ef3afd6d7da7d820dcc9a4efe3987

SHA256
5091f3f1bd82d677b364080052f9166a0b85ae179c6ab6bbd6b87f4203c14e1f

SHA512
fab06cea1446b58abeece64a7e4bcd5e9f8a6ca75aa2255ae65f3e5d88c81abd17be9946e3702a30d7978660ec363c73c4e9483678558e8a79ffdfcaafd24bba

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1TNFM.tmp\BigOK.png

Filesize
3KB

MD5
5b43a5d975a53f4fc1da67ce9f7784c1

SHA1
8543fa1e471030049942252b23cb22e0880c3af5

SHA256
59d8bb3e87a89ef523c0495addce38d69560af42aaa82f56dd41b12e6612c13a

SHA512
5dd5c4e9859a555a4a32da76f5231b44f7556274c6501da530b2cdd570bcb4675f710bee708322a40ed3ef9280c0d652b4e7ef0e9eaf128c08534f59291917f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1TNFM.tmp\EULAAccepted.png

Filesize
2KB

MD5
461dfeb75927bdb39f9db5348612a611

SHA1
b7893b1fff6801e37ee7337d876962a09184941e

SHA256
0de278f5ca6d8570d9bda592268a14a28b87d3631fea2d25721947397aaab79c

SHA512
68528cf45c81c2c024a672f42c2cd6d4f72c015b443f103ca21deb8ee2bec4f4027490e7f33b5338a87537b5bf7f255f2828aed149f622155ec89cc81687651b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1TNFM.tmp\EULAShow.png

Filesize
1KB

MD5
c596bc9111edc702bbbb29b70984254f

SHA1
d4712c7b91ff4f8994e7907d31357c42eb47c738

SHA256
6112851daea2aaa7174e8cfac4a0f61c968bc090342503804c476eff47cc2462

SHA512
db50d0a39ec644873a03d64552fff1776cc94f016e8dfc8918e65aee94f7529a6de4637567b5e65c4ea988f3775785c4b52c2d96fe8dbc52b1e21ff59c737c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1TNFM.tmp\background.jpg

Filesize
308KB

MD5
79dd8f2494aef70c997f7627449d7e9d

SHA1
6fc00daa1c26ee76a90a55e39e0c3a72cf4b36e7

SHA256
502d1b67b2a2b390753fdcafd9b5f33c97796b580eaff893ba7360931092989f

SHA512
3af7da0eb62a38a3a4445cd0bd563a8fc7c3010830228d2bc075ae7b5bf990ca20bef806116c60d4a367548a821587328ab0509ab8ba73e6fdfc0a7be30a6c78

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1TNFM.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1TNFM.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1TNFM.tmp\btn_md5.png

Filesize
8KB

MD5
3befe9739354ee24a0b1ea8df05ce274

SHA1
ab0bda986a8c46aa19f57b75a2b7b22445a3c625

SHA256
b0193ab375f604fa4a25cabdea8f713babde1c07ab562ffc5679352c8e01db47

SHA512
ac016a59e0bfc9b22c376ae5d498c5660893a983d932b2bd502dabe032883c69e79ea8d93c2db49f95415c3cdb068e9f7d1d85527a4f9e68e065a989852d09dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1TNFM.tmp\crcdll.dll

Filesize
69KB

MD5
1d51fac9e2384eeb674199cfd5281d7d

SHA1
861dfdc121357d605d0cc3793266713788109eb2

SHA256
23e90ce5a1f2d634a7bf5d5d0522fafeea6df9e536e16f5ce91035d5197128ec

SHA512
921b00adfe43b883200960e8d0958d4e6b97f6d5cfc096ee277766a3e44cc7805a20877a4edf8bd4d9102bb71a20ac218a9a512f4f76bd751d3ef14f4e0a6eda

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1TNFM.tmp\error.png

Filesize
726B

MD5
df10adc25b673e74e19971c17bee5a98

SHA1
ee16fb1cf9491f5e611282f0574b27d76fede412

SHA256
142b16dc6239421691fa6e619d1a61e61176d89fa018a88b46893c29a57aad8b

SHA512
dc3de10e0321966cbbfb2e57b3b41da6f26dff0c7233a47469da58775b5c471e6b5181e4d4ffc81ef8b83dbcad74ccc1aad7678518f99c9185a441d2a23e010f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1TNFM.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1TNFM.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1TNFM.tmp\ok.png

Filesize
1KB

MD5
103c1368e60806b1b7995a0894eacf87

SHA1
971392527f6e4b655044773132505c901a6b5469

SHA256
0d37d4421a39ca8852eb6760b8e914302bdc6cfcc7b170dc1b6c9bb9be148b7e

SHA512
652177e94438aff102f2ed873b26f0985ebed134763852b49b1ca2698463c1dbeb85152f19c8e18d397229ec5cb2cd1d17c61d454ab7c425a2cab540adc8228a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1TNFM.tmp\slideshow.ini

Filesize
298B

MD5
dd34f5881d26a40468f4eb1a01aeb892

SHA1
6065a141c70d7eff63a0e879dad4868e1868a3f8

SHA256
23ffd13e24c21c28893f350c1283c8faa856a45ef554ecff9e96442bc51bc214

SHA512
34c7652ff16ce6895c20b63e6d9b33626f14bbbf549fd3662bb17c464f501d08a4cff8dcdcbc153cd7b76da09060d7e42babc683e441f8dbe69438ab9b98bf02

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-BT5SO.tmp\setup_undertale_1.08_(18328).tmp

Filesize
1.2MB

MD5
3602e9114e7254a36fcd909cfa490c3a

SHA1
198af4c93cbcf2195df4cb4aa42096a799c7f374

SHA256
a153c8db6f20f9c54f4bd1607b2502d3914662caa9615e1c557cf0abd8777bab

SHA512
eb1caf37de29467977088952b782dd1cd97969083ef60a0307aa4dd1dde1a44227ef4a871da775b05665f5fec780294c15d6c0f2d9c275e519054eb4628d7fdf

Download Submit
memory/2028-265-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2028-133-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4212-144-0x0000000002B70000-0x0000000002B85000-memory.dmp

Filesize
84KB

Download
memory/4212-138-0x0000000000840000-0x0000000000841000-memory.dmp

Filesize
4KB

Download
memory/4212-189-0x0000000004E00000-0x0000000004E0E000-memory.dmp

Filesize
56KB

Download
memory/4212-266-0x0000000000400000-0x000000000053D000-memory.dmp

Filesize
1.2MB

Download
memory/4212-267-0x0000000002B70000-0x0000000002B85000-memory.dmp

Filesize
84KB

Download
memory/4212-268-0x0000000004E00000-0x0000000004E0E000-memory.dmp

Filesize
56KB

Download
memory/4212-269-0x0000000000840000-0x0000000000841000-memory.dmp

Filesize
4KB

Download
memory/4212-276-0x0000000002B70000-0x0000000002B85000-memory.dmp

Filesize
84KB

Download
memory/4212-277-0x0000000004E00000-0x0000000004E0E000-memory.dmp

Filesize
56KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads