Overview

overview

7

Static

static

1

setup_pc_b...8).exe

windows7-x64

7

setup_pc_b...8).exe

windows10-2004-x64

7

Analysis

  • max time kernel
    291s
  • max time network
    32s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    02/07/2023, 20:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    setup_pc_building_simulator_v1.15.3_(64bit)_(54848).exe

  • Size

    1.0MB

  • MD5

    916274d1bd017889a2ea117c3b6a240c

  • SHA1

    573d1ea68f618c04791bb8277dc18f559bd37ee2

  • SHA256

    271026cce20be2d6d308de724710b97fb0580f3a1c7d67f8efd79443765481c8

  • SHA512

    71b47b49a534e7cc25043d4558e864277875e22feec9dcd52b4fcd0a8d051a564d865a0bf5f16926488ed209d0b8ca9181c56badab7ec804cb169a8212909fee

  • SSDEEP

    24576:hxct1NCgW7BxahUF3Me3DKe5+R+L8tf5c/:zigvD3XzP0Z54

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\setup_pc_building_simulator_v1.15.3_(64bit)_(54848).exe
    "C:\Users\Admin\AppData\Local\Temp\setup_pc_building_simulator_v1.15.3_(64bit)_(54848).exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1108
    • C:\Users\Admin\AppData\Local\Temp\is-0SKHU.tmp\setup_pc_building_simulator_v1.15.3_(64bit)_(54848).tmp
      "C:\Users\Admin\AppData\Local\Temp\is-0SKHU.tmp\setup_pc_building_simulator_v1.15.3_(64bit)_(54848).tmp" /SL5="$A0120,192512,0,C:\Users\Admin\AppData\Local\Temp\setup_pc_building_simulator_v1.15.3_(64bit)_(54848).exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1172

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-0SKHU.tmp\setup_pc_building_simulator_v1.15.3_(64bit)_(54848).tmp
          Filesize

          1.3MB

          MD5

          6cd99f762fa47d666b64eb115a50adff

          SHA1

          fbbb24b67fa98a86eeeebbe1609f0ad130eb967e

          SHA256

          13702e938342978c651ba982ef72b2dd9a45c4a663ab834e5350f6b9f0c6ec8b

          SHA512

          7b41e8ce2643d131f8a60674e43e37f9b5fab24aa765c6ee6827e0a4c058a7303f525ee6008b120fd7fc4a64bc5b8d2666db4d9f82f2076f75189497a1382b0a

          Download Submit

        • \Users\Admin\AppData\Local\Temp\is-0SKHU.tmp\setup_pc_building_simulator_v1.15.3_(64bit)_(54848).tmp
          Filesize

          1.3MB

          MD5

          6cd99f762fa47d666b64eb115a50adff

          SHA1

          fbbb24b67fa98a86eeeebbe1609f0ad130eb967e

          SHA256

          13702e938342978c651ba982ef72b2dd9a45c4a663ab834e5350f6b9f0c6ec8b

          SHA512

          7b41e8ce2643d131f8a60674e43e37f9b5fab24aa765c6ee6827e0a4c058a7303f525ee6008b120fd7fc4a64bc5b8d2666db4d9f82f2076f75189497a1382b0a

          Download Submit

        • memory/1108-54-0x0000000000C50000-0x0000000000C89000-memory.dmp

          Filesize

          228KB

          Download

        • memory/1108-63-0x0000000000C50000-0x0000000000C89000-memory.dmp

          Filesize

          228KB

          Download

        • memory/1172-61-0x00000000000A0000-0x00000000000A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1172-64-0x0000000000890000-0x00000000009E2000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/1172-65-0x00000000000A0000-0x00000000000A1000-memory.dmp

          Filesize

          4KB

          Download