c1f38c1db278fec87611b113569a8c68e38cb4eab8a47d3d0d1b845c6f300a2e

Resubmissions

27/06/2023, 18:12

230627-wtjhysfa73 7

27/06/2023, 18:03

230627-wndqhsfa64 7

27/06/2023, 17:58

230627-wj98xsfh3x 7

Analysis

max time kernel
152s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2023, 18:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Setup PLAY 6 v6.1.9.exe
Size

169.8MB
MD5

538e486d41130db86ca64ce79204ec0f
SHA1

1ee0c2a2234fa1fc6320989286814df1bf7842b6
SHA256

c1f38c1db278fec87611b113569a8c68e38cb4eab8a47d3d0d1b845c6f300a2e
SHA512

bbd2ac4140f7767e74683d1b3c97c1a3e941297b267f14b27af27490a2ab6bb410fd16a924be8b0010d1d036468e27a36ff0f2dd61c687a982f7d7f8e45354e0
SSDEEP

3145728:BX/eF9C3O3I84fVoJpe/F/vvi+prTQPbs6i2SJJt8Ov:Fo6VoEF/va+prUPbs6iR2k

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4116	Setup PLAY 6 v6.1.9.tmp

Loads dropped DLL 5 IoCs

pid	Process
4116	Setup PLAY 6 v6.1.9.tmp
4116	Setup PLAY 6 v6.1.9.tmp
4116	Setup PLAY 6 v6.1.9.tmp
4116	Setup PLAY 6 v6.1.9.tmp
4116	Setup PLAY 6 v6.1.9.tmp

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4116	Setup PLAY 6 v6.1.9.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 4116	452	Setup PLAY 6 v6.1.9.exe	81
PID 452 wrote to memory of 4116	452	Setup PLAY 6 v6.1.9.exe	81
PID 452 wrote to memory of 4116	452	Setup PLAY 6 v6.1.9.exe	81

C:\Users\Admin\AppData\Local\Temp\Setup PLAY 6 v6.1.9.exe
"C:\Users\Admin\AppData\Local\Temp\Setup PLAY 6 v6.1.9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:452
- C:\Users\Admin\AppData\Local\Temp\is-6RGGC.tmp\Setup PLAY 6 v6.1.9.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-6RGGC.tmp\Setup PLAY 6 v6.1.9.tmp" /SL5="$401BC,177582603,121344,C:\Users\Admin\AppData\Local\Temp\Setup PLAY 6 v6.1.9.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:4116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-0KF31.tmp\ISSKINU.DLL

Filesize
357KB

MD5
f30afccd6fafc1cad4567ada824c9358

SHA1
60a65b72f208563f90fba0da6af013a36707caa9

SHA256
e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d

SHA512
59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0KF31.tmp\ISSKINU.DLL

Filesize
357KB

MD5
f30afccd6fafc1cad4567ada824c9358

SHA1
60a65b72f208563f90fba0da6af013a36707caa9

SHA256
e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d

SHA512
59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0KF31.tmp\R2RINNO.dll

Filesize
4KB

MD5
fe369a9470426cf1570198224f8922b0

SHA1
82cf9e81262feaa0648b20c90c88b53c9d1e9e01

SHA256
75e01c305e8e28eea25dea2b4b83c3d230ee6ec4ae4fe017bc7b52292e27b961

SHA512
fb31b0a0dd982f1e25f68027ae39ab2eeaeb53d570b0f60204fa058d356773c70d56fa420c12a4ee8cfaf6040be320304e16f6a8343b4b70ae231dbb3291570f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0KF31.tmp\SKIN.CJSTYLES

Filesize
813KB

MD5
5f87caf3f7cf63dde8e6af53bdf31289

SHA1
a2c3cc3d9d831acd797155b667db59a32000d7a8

SHA256
4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940

SHA512
4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0KF31.tmp\SKIN.CJSTYLES

Filesize
813KB

MD5
5f87caf3f7cf63dde8e6af53bdf31289

SHA1
a2c3cc3d9d831acd797155b667db59a32000d7a8

SHA256
4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940

SHA512
4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6RGGC.tmp\Setup PLAY 6 v6.1.9.tmp

Filesize
1.1MB

MD5
34acc2bdb45a9c436181426828c4cb49

SHA1
5adaa1ac822e6128b8d4b59a54d19901880452ae

SHA256
9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

SHA512
134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

Download Submit
memory/452-133-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4116-180-0x0000000076C50000-0x0000000076D33000-memory.dmp

Filesize
908KB

Download
memory/4116-187-0x0000000074F70000-0x0000000075180000-memory.dmp

Filesize
2.1MB

Download
memory/4116-150-0x00000000032C0000-0x0000000003321000-memory.dmp

Filesize
388KB

Download
memory/4116-156-0x0000000075EC0000-0x0000000075F3A000-memory.dmp

Filesize
488KB

Download
memory/4116-157-0x00000000032C0000-0x0000000003321000-memory.dmp

Filesize
388KB

Download
memory/4116-158-0x0000000075EC0000-0x0000000075F3A000-memory.dmp

Filesize
488KB

Download
memory/4116-159-0x00000000032C0000-0x0000000003321000-memory.dmp

Filesize
388KB

Download
memory/4116-160-0x0000000075EC0000-0x0000000075F3A000-memory.dmp

Filesize
488KB

Download
memory/4116-162-0x0000000075EC0000-0x0000000075F3A000-memory.dmp

Filesize
488KB

Download
memory/4116-161-0x00000000032C0000-0x0000000003321000-memory.dmp

Filesize
388KB

Download
memory/4116-163-0x0000000076A70000-0x0000000076A95000-memory.dmp

Filesize
148KB

Download
memory/4116-164-0x00000000032C0000-0x0000000003321000-memory.dmp

Filesize
388KB

Download
memory/4116-165-0x0000000075EC0000-0x0000000075F3A000-memory.dmp

Filesize
488KB

Download
memory/4116-166-0x0000000076A70000-0x0000000076A95000-memory.dmp

Filesize
148KB

Download
memory/4116-167-0x0000000074270000-0x00000000742A0000-memory.dmp

Filesize
192KB

Download
memory/4116-185-0x00000000740B0000-0x00000000741D2000-memory.dmp

Filesize
1.1MB

Download
memory/4116-169-0x00000000032C0000-0x0000000003321000-memory.dmp

Filesize
388KB

Download
memory/4116-170-0x0000000076A70000-0x0000000076A95000-memory.dmp

Filesize
148KB

Download
memory/4116-171-0x00000000032C0000-0x0000000003321000-memory.dmp

Filesize
388KB

Download
memory/4116-172-0x00000000032C0000-0x0000000003321000-memory.dmp

Filesize
388KB

Download
memory/4116-173-0x0000000076C50000-0x0000000076D33000-memory.dmp

Filesize
908KB

Download
memory/4116-174-0x0000000074F70000-0x0000000075180000-memory.dmp

Filesize
2.1MB

Download
memory/4116-175-0x00000000751B0000-0x0000000075763000-memory.dmp

Filesize
5.7MB

Download
memory/4116-176-0x0000000076AA0000-0x0000000076B4F000-memory.dmp

Filesize
700KB

Download
memory/4116-177-0x00000000740B0000-0x00000000741D2000-memory.dmp

Filesize
1.1MB

Download
memory/4116-178-0x00000000032C0000-0x0000000003321000-memory.dmp

Filesize
388KB

Download
memory/4116-179-0x0000000075800000-0x00000000758DC000-memory.dmp

Filesize
880KB

Download
memory/4116-146-0x00000000032C0000-0x0000000003321000-memory.dmp

Filesize
388KB

Download
memory/4116-182-0x00000000751B0000-0x0000000075763000-memory.dmp

Filesize
5.7MB

Download
memory/4116-181-0x0000000074F70000-0x0000000075180000-memory.dmp

Filesize
2.1MB

Download
memory/4116-149-0x0000000002270000-0x0000000002271000-memory.dmp

Filesize
4KB

Download
memory/4116-183-0x0000000076AA0000-0x0000000076B4F000-memory.dmp

Filesize
700KB

Download
memory/4116-168-0x00000000032C0000-0x0000000003321000-memory.dmp

Filesize
388KB

Download
memory/4116-186-0x00000000032C0000-0x0000000003321000-memory.dmp

Filesize
388KB

Download
memory/4116-184-0x0000000074EF0000-0x0000000074F64000-memory.dmp

Filesize
464KB

Download
memory/4116-188-0x00000000751B0000-0x0000000075763000-memory.dmp

Filesize
5.7MB

Download
memory/4116-189-0x0000000076AA0000-0x0000000076B4F000-memory.dmp

Filesize
700KB

Download
memory/4116-190-0x0000000074EF0000-0x0000000074F64000-memory.dmp

Filesize
464KB

Download
memory/4116-191-0x00000000740B0000-0x00000000741D2000-memory.dmp

Filesize
1.1MB

Download
memory/4116-192-0x00000000032C0000-0x0000000003321000-memory.dmp

Filesize
388KB

Download
memory/4116-193-0x0000000074F70000-0x0000000075180000-memory.dmp

Filesize
2.1MB

Download
memory/4116-194-0x00000000751B0000-0x0000000075763000-memory.dmp

Filesize
5.7MB

Download
memory/4116-195-0x0000000076AA0000-0x0000000076B4F000-memory.dmp

Filesize
700KB

Download
memory/4116-196-0x0000000076A70000-0x0000000076A95000-memory.dmp

Filesize
148KB

Download
memory/4116-197-0x0000000074EF0000-0x0000000074F64000-memory.dmp

Filesize
464KB

Download
memory/4116-199-0x00000000032C0000-0x0000000003321000-memory.dmp

Filesize
388KB

Download
memory/4116-198-0x00000000740B0000-0x00000000741D2000-memory.dmp

Filesize
1.1MB

Download
memory/4116-200-0x0000000074F70000-0x0000000075180000-memory.dmp

Filesize
2.1MB

Download
memory/4116-202-0x0000000076AA0000-0x0000000076B4F000-memory.dmp

Filesize
700KB

Download
memory/4116-204-0x00000000740B0000-0x00000000741D2000-memory.dmp

Filesize
1.1MB

Download
memory/4116-203-0x0000000074EF0000-0x0000000074F64000-memory.dmp

Filesize
464KB

Download
memory/4116-201-0x00000000751B0000-0x0000000075763000-memory.dmp

Filesize
5.7MB

Download
memory/4116-205-0x00000000032C0000-0x0000000003321000-memory.dmp

Filesize
388KB

Download
memory/4116-207-0x0000000076C50000-0x0000000076D33000-memory.dmp

Filesize
908KB

Download
memory/4116-208-0x0000000074F70000-0x0000000075180000-memory.dmp

Filesize
2.1MB

Download
memory/4116-209-0x00000000751B0000-0x0000000075763000-memory.dmp

Filesize
5.7MB

Download
memory/4116-210-0x0000000076AA0000-0x0000000076B4F000-memory.dmp

Filesize
700KB

Download
memory/4116-206-0x0000000075800000-0x00000000758DC000-memory.dmp

Filesize
880KB

Download
memory/4116-211-0x0000000074EF0000-0x0000000074F64000-memory.dmp

Filesize
464KB

Download
memory/4116-212-0x00000000740B0000-0x00000000741D2000-memory.dmp

Filesize
1.1MB

Download
memory/4116-213-0x00000000032C0000-0x0000000003321000-memory.dmp

Filesize
388KB

Download
memory/4116-214-0x0000000074F70000-0x0000000075180000-memory.dmp

Filesize
2.1MB

Download
memory/4116-294-0x0000000002270000-0x0000000002271000-memory.dmp

Filesize
4KB

Download