81e77a4ca34a5da5c1053ff4b22de0f3c068549db48d29c0d5a4dc64fbe481ee

Resubmissions

12-07-2023 21:25

230712-z9pxfsff8v 7

12-07-2023 21:20

230712-z6psaaef88 7

Analysis

max time kernel
146s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
12-07-2023 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SPOILER_steamcode.exe
Size

5.9MB
MD5

4bf7fca667001b939575ab9de908fae0
SHA1

c7072f49b914697ab39a220ce06a646be7999e94
SHA256

81e77a4ca34a5da5c1053ff4b22de0f3c068549db48d29c0d5a4dc64fbe481ee
SHA512

d24d6ec80cf3d745c11ec385ac7603f329e36ce086cf9bb1ac23f4876ea2c6ea8acde85699c556e9f73879dc97b0df5353a88a825f8292bcdfc323b663a9fb18
SSDEEP

98304:LE85ttb6UCV5ICDtPfeE/joG4Ku1+sKsXJOLgTs5m2uTAgeMkeAhpjGdPHqG:LE0G5ICteEroGNE+sKsXXgITjkeWpjGk

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2904	SPOILER_steamcode.exe
2904	SPOILER_steamcode.exe
2904	SPOILER_steamcode.exe
2904	SPOILER_steamcode.exe
2904	SPOILER_steamcode.exe
2904	SPOILER_steamcode.exe
2904	SPOILER_steamcode.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 2904	2572	SPOILER_steamcode.exe	29
PID 2572 wrote to memory of 2904	2572	SPOILER_steamcode.exe	29
PID 2572 wrote to memory of 2904	2572	SPOILER_steamcode.exe	29

C:\Users\Admin\AppData\Local\Temp\SPOILER_steamcode.exe
"C:\Users\Admin\AppData\Local\Temp\SPOILER_steamcode.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Users\Admin\AppData\Local\Temp\SPOILER_steamcode.exe
  "C:\Users\Admin\AppData\Local\Temp\SPOILER_steamcode.exe"
  2⤵
  - Loads dropped DLL
  PID:2904

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:1084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI25722\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
5e2a9b9d83d943c4af82b6dc829bfe97

SHA1
22654769e7c79f1aa0e96a4c16dcb9ef865737aa

SHA256
902ffc6e350772803ac35568364005c09be5c5e5d3f18038e46e9316aed217ef

SHA512
d4a018aed49c84706038e118058832fe26d2727445bd6f4798ba9548f8afc5e746bde7a7329b0be5ddd106707983783932e7351b101cb729070b68c91c660ac0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25722\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
17468cdcf52d507d7d1a740323bad663

SHA1
c647494e52d5dde86bde8d850b1a49cd17024ade

SHA256
ae7f15d92e43bfb351363d149c89a0fad8453e2b2d08fdcb4d224c535a648fa1

SHA512
fef4616c4fd1521ca500fda0fac947e96a4b89b48c98847b23f42c6e8a34073076a39bcece01f19c546d0a734a9b688948fc34d425fd1ef36dffc378335881ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25722\api-ms-win-core-localization-l1-2-0.dll

Filesize
14KB

MD5
3991a12b40096a59d48a95b54ad1c812

SHA1
464da16182fd1053f4633b29e83d9afdfc39f1e1

SHA256
2ee4d131e5492a9980efa47ae5a9e1aad3d5bccb062c26d28cb0c9559e973481

SHA512
5bfd17e39c4ff999db7f36fe2dd044df346f1ea352098b4e3033c7ff8c382d7f2897c46ad543266d72a29561b984667c8d0dc1d2a163e3fab67bbaf10ae17085

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25722\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
12KB

MD5
7922c25a9a206110d298eb1adb747dd7

SHA1
c4431817fbc6d39b6504c121a8775f174f6cb9d3

SHA256
0528474ae1b64b2ef0089b87d53d84a36b5792c381ea9459ceda87a29c5abb2a

SHA512
f90f86d6ccd18ddf292115a8a45a22248683460a8b90d371d42d5274f596bd91c4ef4b62531e00ea304cb99b239c6b7bd50d0a39db45e539649ff6622cfaa48c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25722\api-ms-win-core-timezone-l1-1-0.dll

Filesize
12KB

MD5
8e0be9b6baceb5babc308039618870e5

SHA1
515d98afb7d0c17861bc87b83d553d4e80ecf8fb

SHA256
83ea1b0e636eac733c221a4fff4ab19371d8dacb8e80fa8295d86fe72bd2942c

SHA512
b14755c0192560f3c535895d7013eb39e62f2d17a26747518828bed5a17668932e6ea60d00d9a798298cf3a391c0c48b3de23207a2b64e1e79b6f93fb5a1a249

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25722\python310.dll

Filesize
4.3MB

MD5
316ce972b0104d68847ab38aba3de06a

SHA1
ca1e227fd7f1cfb1382102320dadef683213024b

SHA256
34f0e44a0d089587e1ea48c1cc4c3164a1819c6db27a7c1b746af46d6388c26e

SHA512
a11da6590a71d977c62b1c26c275763413f6a455e6d85fa052654d05d845dbbe8122bbd8e0a23887f9873d4291382ebbd5df19674ad2dda1cf0ff3206054939b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25722\ucrtbase.dll

Filesize
986KB

MD5
1268674e0227fba666728f77e9ba01bd

SHA1
bfb0c3b94319d2e524a0b9246b45edbd3f90c3da

SHA256
6dada6c2ae69c792cfb3e90aac122810052d845ce875364bde885eef4f8fe9c4

SHA512
82a7956ebbd491294728ffb07f7d7effac44578bf4fb579449e129fca007271d5c211fe17e195c419c813280f2abe229fdfe805221e0325305e71ea04a361b50

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25722\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
5e2a9b9d83d943c4af82b6dc829bfe97

SHA1
22654769e7c79f1aa0e96a4c16dcb9ef865737aa

SHA256
902ffc6e350772803ac35568364005c09be5c5e5d3f18038e46e9316aed217ef

SHA512
d4a018aed49c84706038e118058832fe26d2727445bd6f4798ba9548f8afc5e746bde7a7329b0be5ddd106707983783932e7351b101cb729070b68c91c660ac0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25722\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
17468cdcf52d507d7d1a740323bad663

SHA1
c647494e52d5dde86bde8d850b1a49cd17024ade

SHA256
ae7f15d92e43bfb351363d149c89a0fad8453e2b2d08fdcb4d224c535a648fa1

SHA512
fef4616c4fd1521ca500fda0fac947e96a4b89b48c98847b23f42c6e8a34073076a39bcece01f19c546d0a734a9b688948fc34d425fd1ef36dffc378335881ae

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25722\api-ms-win-core-localization-l1-2-0.dll

Filesize
14KB

MD5
3991a12b40096a59d48a95b54ad1c812

SHA1
464da16182fd1053f4633b29e83d9afdfc39f1e1

SHA256
2ee4d131e5492a9980efa47ae5a9e1aad3d5bccb062c26d28cb0c9559e973481

SHA512
5bfd17e39c4ff999db7f36fe2dd044df346f1ea352098b4e3033c7ff8c382d7f2897c46ad543266d72a29561b984667c8d0dc1d2a163e3fab67bbaf10ae17085

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25722\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
12KB

MD5
7922c25a9a206110d298eb1adb747dd7

SHA1
c4431817fbc6d39b6504c121a8775f174f6cb9d3

SHA256
0528474ae1b64b2ef0089b87d53d84a36b5792c381ea9459ceda87a29c5abb2a

SHA512
f90f86d6ccd18ddf292115a8a45a22248683460a8b90d371d42d5274f596bd91c4ef4b62531e00ea304cb99b239c6b7bd50d0a39db45e539649ff6622cfaa48c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25722\api-ms-win-core-timezone-l1-1-0.dll

Filesize
12KB

MD5
8e0be9b6baceb5babc308039618870e5

SHA1
515d98afb7d0c17861bc87b83d553d4e80ecf8fb

SHA256
83ea1b0e636eac733c221a4fff4ab19371d8dacb8e80fa8295d86fe72bd2942c

SHA512
b14755c0192560f3c535895d7013eb39e62f2d17a26747518828bed5a17668932e6ea60d00d9a798298cf3a391c0c48b3de23207a2b64e1e79b6f93fb5a1a249

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25722\python310.dll

Filesize
4.3MB

MD5
316ce972b0104d68847ab38aba3de06a

SHA1
ca1e227fd7f1cfb1382102320dadef683213024b

SHA256
34f0e44a0d089587e1ea48c1cc4c3164a1819c6db27a7c1b746af46d6388c26e

SHA512
a11da6590a71d977c62b1c26c275763413f6a455e6d85fa052654d05d845dbbe8122bbd8e0a23887f9873d4291382ebbd5df19674ad2dda1cf0ff3206054939b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25722\ucrtbase.dll

Filesize
986KB

MD5
1268674e0227fba666728f77e9ba01bd

SHA1
bfb0c3b94319d2e524a0b9246b45edbd3f90c3da

SHA256
6dada6c2ae69c792cfb3e90aac122810052d845ce875364bde885eef4f8fe9c4

SHA512
82a7956ebbd491294728ffb07f7d7effac44578bf4fb579449e129fca007271d5c211fe17e195c419c813280f2abe229fdfe805221e0325305e71ea04a361b50

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads