d44408b53aeb61cd645db7b19397276ceefb15908e6e9db334bcb5ee9d9569a8

Analysis

max time kernel
140s
max time network
185s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
18/08/2023, 18:40

Target

TatsuGame/Extras/Redist/en-us/UE4PrereqSetup_x64.exe
Size

39.1MB
MD5

a688d249c498d4d3b89ed876c8239520
SHA1

25bdaa9b0a339099e10cf9c26e8abdcd67a9e583
SHA256

145f4e4d11e76a2612db5ffbfae8f9ab8e4385ff7660802ffd2f473c9dcb2a0d
SHA512

ca24eee29e9ae1c919b98d1f5e41b96566c86b1e40e30f3f6c7fb5c7e4049f92fb64afa4c87e8e815d3926b9cac17d0347f1f9b69d06e01303ffcb1815efecc1
SSDEEP

786432:LVbdC1L48ilX91HpNS/R/fO8udf0yj8tmH3StGtv9xRtEh7:pHl/HpNS/R/m8oj8tmH3Sst1xRuh7

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
4800	UE4PrereqSetup_x64.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4800	UE4PrereqSetup_x64.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4696 wrote to memory of 4800	4696	UE4PrereqSetup_x64.exe	69
PID 4696 wrote to memory of 4800	4696	UE4PrereqSetup_x64.exe	69
PID 4696 wrote to memory of 4800	4696	UE4PrereqSetup_x64.exe	69

C:\Users\Admin\AppData\Local\Temp\TatsuGame\Extras\Redist\en-us\UE4PrereqSetup_x64.exe
"C:\Users\Admin\AppData\Local\Temp\TatsuGame\Extras\Redist\en-us\UE4PrereqSetup_x64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4696
- C:\Users\Admin\AppData\Local\Temp\TatsuGame\Extras\Redist\en-us\UE4PrereqSetup_x64.exe
  "C:\Users\Admin\AppData\Local\Temp\TatsuGame\Extras\Redist\en-us\UE4PrereqSetup_x64.exe" -burn.unelevated BurnPipe.{41E8DFA3-5CAD-49AB-A242-651705638C03} {CE356DD4-A988-429A-9B6F-D429DEBBA7A7} 4696
  2⤵
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  PID:4800

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1172

C:\Users\Admin\AppData\Local\Temp\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}\.ba1\Banner.bmp

Filesize
123KB

MD5
461fa4877514f318a0d5cbc602daf7df

SHA1
5d2ed3abc96bb1fb419828e3de3fc75a6292536a

SHA256
638d5bfc987b45d28a308e8a4d68bd7c0a82d21e615e534fbfaa3cd0ad53889e

SHA512
c4def63dfde38cb2e35d75c7e61428cb9df2429af799e3e0b29c7bc1d9c60e8e32f18cc0e7b55e177d95bdb333a7a0d1f4369b02f5c574b6688047e01e9f98e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}\.ba1\LogoSide.png

Filesize
43KB

MD5
63c9775d703ec8bdc9703f80d52ffc24

SHA1
1a5f3fa1fc4ee2a7e08506f8178d769cdcd7ec62

SHA256
8f03c6e8ce5f4898cc230e04d485e0e0744eb7ee180a3d8bb154f2fc9c7a93e5

SHA512
b2d9d18a3d6a1df401ede41e35af7167c6f253f54c290d1db64db212b5a2e9a2534e86e031e1e5499b2ce11bb952afc6bcd8f85aca351d49867c77dd4edba458

Download Submit
\Users\Admin\AppData\Local\Temp\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}\.ba1\wixstdba.dll

Filesize
135KB

MD5
36b53c5299a3b39e5c9cdbbd28a09506

SHA1
9f4c767ef7ea887a88a698bcd66e4ba691e1c17a

SHA256
97f1901e7c928b9231e503cd3a1315f0d8449356b9f25e7eb4c2cebeee72012a

SHA512
af4c7cea8bebe0f125b59eed11fa0053178dd546784f68ad7a642eb128ed0d05dd6ccfe685b912381b61becf9c336dcbbc8c4ce56884a511f3f0a69826d8de83

Download Submit