Overview

overview

10

Static

static

3

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    28-08-2023 20:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup.exe

  • Size

    120.1MB

  • MD5

    5fb9b3c109ad471d0bc148329344e8ca

  • SHA1

    21f2a06e7f83cb2886c16cafc20968f370fa2643

  • SHA256

    c9ae7f8a79a27955d93c32f1b9fc3100496f4cdb6acfa848e80acabca6d1749f

  • SHA512

    b50c9420e0709391be280b4f65be35bde9018388872c4ad675f104fd0093be22159a74b0d46b0d1c92043887824cb97464db452d422bcd339a1f3578b3f7456c

  • SSDEEP

    1572864:uiM7DhczCaxWLABs8spKCFLme+A2akcvAYBkbKiD5DEeM9VCwQdUzk+:ulOCaELAO8WLiA2aTVkbKidc9IdUz/

Score
10/10
snakebotsnakebot

Malware Config

Signatures

  • SnakeBOT

    SnakeBOT is a heavily obfuscated .NET downloader.

    snakebot
  • Contains SnakeBOT related strings 1 IoCs
    snakebot
  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 13 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Users\Admin\AppData\Local\Temp\is-H3VQT.tmp\Setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-H3VQT.tmp\Setup.tmp" /SL5="$80124,124988605,836608,C:\Users\Admin\AppData\Local\Temp\Setup.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1984
      • C:\Program Files (x86)\Undertale\UNDERTALE_1.001.exe
        "C:\Program Files (x86)\Undertale\UNDERTALE_1.001.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:3024
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 452
          4⤵
          • Loads dropped DLL
          • Program crash
          PID:1216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Undertale\UNDERTALE_1.001.exe
    Filesize

    3.7MB

    MD5

    62adbbb61850a3883c15a29a0d08df86

    SHA1

    835a9f036668f592d49d790eb933d706097ddf01

    SHA256

    71663af422d47908711fca5d24b4244b9eef78e1f2a45214ee59b14712de5500

    SHA512

    a95b0afe81fd4535959da755f468672c8abd2215522ac324a156f47b3eed485b4589724ed9f51b3d78939afedf94d4afb9463ab256b54b2b5d65c7acc67359d3

    Download Submit

  • C:\Program Files (x86)\Undertale\UNDERTALE_1.001.exe
    Filesize

    3.7MB

    MD5

    62adbbb61850a3883c15a29a0d08df86

    SHA1

    835a9f036668f592d49d790eb933d706097ddf01

    SHA256

    71663af422d47908711fca5d24b4244b9eef78e1f2a45214ee59b14712de5500

    SHA512

    a95b0afe81fd4535959da755f468672c8abd2215522ac324a156f47b3eed485b4589724ed9f51b3d78939afedf94d4afb9463ab256b54b2b5d65c7acc67359d3

    Download Submit

  • C:\Program Files (x86)\Undertale\UNDERTALE_1.001.exe
    Filesize

    3.7MB

    MD5

    62adbbb61850a3883c15a29a0d08df86

    SHA1

    835a9f036668f592d49d790eb933d706097ddf01

    SHA256

    71663af422d47908711fca5d24b4244b9eef78e1f2a45214ee59b14712de5500

    SHA512

    a95b0afe81fd4535959da755f468672c8abd2215522ac324a156f47b3eed485b4589724ed9f51b3d78939afedf94d4afb9463ab256b54b2b5d65c7acc67359d3

    Download Submit

  • C:\Program Files (x86)\Undertale\d3dx9_43.dll
    Filesize

    1.9MB

    MD5

    86e39e9161c3d930d93822f1563c280d

    SHA1

    f5944df4142983714a6d9955e6e393d9876c1e11

    SHA256

    0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f

    SHA512

    0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3

    Download Submit

  • C:\Program Files (x86)\Undertale\data.win
    Filesize

    55.2MB

    MD5

    a7728805e9789cb1288e6d807aa46833

    SHA1

    9c07858aa3ea04319644cc246d04ffa2dd77323c

    SHA256

    36e4544d49fbba8f484cd1c629085d240139b54e07dab6a466f0dd36f1753e98

    SHA512

    f8f54db54d921eff62327733d8a4811dc1c0e5c0fd3b9c898a84cdfeba513ec8e9dde2a333ef411b0190106c80e0a2a1776dc927d3ad9e62d0b515999690237d

    Download Submit

  • C:\Program Files (x86)\Undertale\options.ini
    Filesize

    97B

    MD5

    396f73a1185a5642f5f1e2538b64396a

    SHA1

    d72d687a5a1258986f218bfccacc6118c39ec4f9

    SHA256

    e267293f58d257d2dd1e00ad25425bdb798fcbf75256a7d45b7d7086159dbc58

    SHA512

    e17cfca14ce79c71eea01973385fa4151989d40bfc5a04b97fd3534ff5b4f04b385d11867d80a60325aa0bd13403910fee73ab9379f0e05c669d24d5d95957da

    Download Submit

  • C:\Program Files (x86)\Undertale\steam_api.dll
    Filesize

    251KB

    MD5

    23767288e6a003aaaa54355cbe108da8

    SHA1

    c7f21dc71491fe661c698f5c561405c0e3f423c1

    SHA256

    209135c082a8ef8323479384e97d769d9b2d98f727bbb34a7806ce150b750c89

    SHA512

    a870b2f99da48ad07f9b36d6730d74af5f285af12e21a24d61e6e3023d5917920bd343fe295b7374a2065bf9c09b6f1cbb03fbcf05206f4bd0544b5f0eb0e147

    Download Submit

  • C:\Program Files (x86)\Undertale\steam_emu.ini
    Filesize

    2KB

    MD5

    f98efa05e4c224bec6df0f38c1f41801

    SHA1

    b73f247e46657c5e78c410d7d5bef50dac8c172e

    SHA256

    303cfb51ad5a389296c7c86e4aea6d450276078d40d848df4a334e70d5b77885

    SHA512

    13bad72f40efb3ca91bc28490974af4a7a40c6da5b11ae2f277cc24def56c32b2f9381b09c11a028e5bd27966f88085eb98aebb6f81e7893efdd76bc3981cf4a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-H3VQT.tmp\Setup.tmp
    Filesize

    2.5MB

    MD5

    d9bc11c23aa360311d6b237b23b0c4fd

    SHA1

    2f6bca0a9d09a1928f139a8a2e0cc872f4284fe7

    SHA256

    88e4053e376c6597edc6533584b2f2fa3905237fe5db61867e8ee71c3a9e9f5d

    SHA512

    732b217963e415fb272556731cf8503df431dbc450f6caf59b7c47804c650baebd33735d9fee18537bac37d639f4491a168351fa4b431457f62bae0e219de6fa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-H3VQT.tmp\Setup.tmp
    Filesize

    2.5MB

    MD5

    d9bc11c23aa360311d6b237b23b0c4fd

    SHA1

    2f6bca0a9d09a1928f139a8a2e0cc872f4284fe7

    SHA256

    88e4053e376c6597edc6533584b2f2fa3905237fe5db61867e8ee71c3a9e9f5d

    SHA512

    732b217963e415fb272556731cf8503df431dbc450f6caf59b7c47804c650baebd33735d9fee18537bac37d639f4491a168351fa4b431457f62bae0e219de6fa

    Download Submit

  • \Program Files (x86)\Undertale\D3DX9_43.dll
    Filesize

    1.9MB

    MD5

    86e39e9161c3d930d93822f1563c280d

    SHA1

    f5944df4142983714a6d9955e6e393d9876c1e11

    SHA256

    0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f

    SHA512

    0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3

    Download Submit

  • \Program Files (x86)\Undertale\UNDERTALE_1.001.exe
    Filesize

    3.7MB

    MD5

    62adbbb61850a3883c15a29a0d08df86

    SHA1

    835a9f036668f592d49d790eb933d706097ddf01

    SHA256

    71663af422d47908711fca5d24b4244b9eef78e1f2a45214ee59b14712de5500

    SHA512

    a95b0afe81fd4535959da755f468672c8abd2215522ac324a156f47b3eed485b4589724ed9f51b3d78939afedf94d4afb9463ab256b54b2b5d65c7acc67359d3

    Download Submit

  • \Program Files (x86)\Undertale\UNDERTALE_1.001.exe
    Filesize

    3.7MB

    MD5

    62adbbb61850a3883c15a29a0d08df86

    SHA1

    835a9f036668f592d49d790eb933d706097ddf01

    SHA256

    71663af422d47908711fca5d24b4244b9eef78e1f2a45214ee59b14712de5500

    SHA512

    a95b0afe81fd4535959da755f468672c8abd2215522ac324a156f47b3eed485b4589724ed9f51b3d78939afedf94d4afb9463ab256b54b2b5d65c7acc67359d3

    Download Submit

  • \Program Files (x86)\Undertale\UNDERTALE_1.001.exe
    Filesize

    3.7MB

    MD5

    62adbbb61850a3883c15a29a0d08df86

    SHA1

    835a9f036668f592d49d790eb933d706097ddf01

    SHA256

    71663af422d47908711fca5d24b4244b9eef78e1f2a45214ee59b14712de5500

    SHA512

    a95b0afe81fd4535959da755f468672c8abd2215522ac324a156f47b3eed485b4589724ed9f51b3d78939afedf94d4afb9463ab256b54b2b5d65c7acc67359d3

    Download Submit

  • \Program Files (x86)\Undertale\UNDERTALE_1.001.exe
    Filesize

    3.7MB

    MD5

    62adbbb61850a3883c15a29a0d08df86

    SHA1

    835a9f036668f592d49d790eb933d706097ddf01

    SHA256

    71663af422d47908711fca5d24b4244b9eef78e1f2a45214ee59b14712de5500

    SHA512

    a95b0afe81fd4535959da755f468672c8abd2215522ac324a156f47b3eed485b4589724ed9f51b3d78939afedf94d4afb9463ab256b54b2b5d65c7acc67359d3

    Download Submit

  • \Program Files (x86)\Undertale\UNDERTALE_1.001.exe
    Filesize

    3.7MB

    MD5

    62adbbb61850a3883c15a29a0d08df86

    SHA1

    835a9f036668f592d49d790eb933d706097ddf01

    SHA256

    71663af422d47908711fca5d24b4244b9eef78e1f2a45214ee59b14712de5500

    SHA512

    a95b0afe81fd4535959da755f468672c8abd2215522ac324a156f47b3eed485b4589724ed9f51b3d78939afedf94d4afb9463ab256b54b2b5d65c7acc67359d3

    Download Submit

  • \Program Files (x86)\Undertale\UNDERTALE_1.001.exe
    Filesize

    3.7MB

    MD5

    62adbbb61850a3883c15a29a0d08df86

    SHA1

    835a9f036668f592d49d790eb933d706097ddf01

    SHA256

    71663af422d47908711fca5d24b4244b9eef78e1f2a45214ee59b14712de5500

    SHA512

    a95b0afe81fd4535959da755f468672c8abd2215522ac324a156f47b3eed485b4589724ed9f51b3d78939afedf94d4afb9463ab256b54b2b5d65c7acc67359d3

    Download Submit

  • \Program Files (x86)\Undertale\UNDERTALE_1.001.exe
    Filesize

    3.7MB

    MD5

    62adbbb61850a3883c15a29a0d08df86

    SHA1

    835a9f036668f592d49d790eb933d706097ddf01

    SHA256

    71663af422d47908711fca5d24b4244b9eef78e1f2a45214ee59b14712de5500

    SHA512

    a95b0afe81fd4535959da755f468672c8abd2215522ac324a156f47b3eed485b4589724ed9f51b3d78939afedf94d4afb9463ab256b54b2b5d65c7acc67359d3

    Download Submit

  • \Program Files (x86)\Undertale\UNDERTALE_1.001.exe
    Filesize

    3.7MB

    MD5

    62adbbb61850a3883c15a29a0d08df86

    SHA1

    835a9f036668f592d49d790eb933d706097ddf01

    SHA256

    71663af422d47908711fca5d24b4244b9eef78e1f2a45214ee59b14712de5500

    SHA512

    a95b0afe81fd4535959da755f468672c8abd2215522ac324a156f47b3eed485b4589724ed9f51b3d78939afedf94d4afb9463ab256b54b2b5d65c7acc67359d3

    Download Submit

  • \Program Files (x86)\Undertale\UNDERTALE_1.001.exe
    Filesize

    3.7MB

    MD5

    62adbbb61850a3883c15a29a0d08df86

    SHA1

    835a9f036668f592d49d790eb933d706097ddf01

    SHA256

    71663af422d47908711fca5d24b4244b9eef78e1f2a45214ee59b14712de5500

    SHA512

    a95b0afe81fd4535959da755f468672c8abd2215522ac324a156f47b3eed485b4589724ed9f51b3d78939afedf94d4afb9463ab256b54b2b5d65c7acc67359d3

    Download Submit

  • \Program Files (x86)\Undertale\steam_api.dll
    Filesize

    251KB

    MD5

    23767288e6a003aaaa54355cbe108da8

    SHA1

    c7f21dc71491fe661c698f5c561405c0e3f423c1

    SHA256

    209135c082a8ef8323479384e97d769d9b2d98f727bbb34a7806ce150b750c89

    SHA512

    a870b2f99da48ad07f9b36d6730d74af5f285af12e21a24d61e6e3023d5917920bd343fe295b7374a2065bf9c09b6f1cbb03fbcf05206f4bd0544b5f0eb0e147

    Download Submit

  • \Program Files (x86)\Undertale\unins000.exe
    Filesize

    2.5MB

    MD5

    139bf2303254dd2be5380bfa5b4bdb98

    SHA1

    f613802c53c0946dae97b83db5384a1740f6c2bb

    SHA256

    95dcd1c7aab6486fafd7cd0b7dea4c1810e8f06e3a041b324e961c9968068b46

    SHA512

    992cf9bbe39e4794ade0cfe8802ee5c0701a90461ebd80f2e95bbe91302c14616c5a5f6f2c64281436569a26c8d8f52361523e7bd300bd1017abf16c5d88d4ff

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-H3VQT.tmp\Setup.tmp
    Filesize

    2.5MB

    MD5

    d9bc11c23aa360311d6b237b23b0c4fd

    SHA1

    2f6bca0a9d09a1928f139a8a2e0cc872f4284fe7

    SHA256

    88e4053e376c6597edc6533584b2f2fa3905237fe5db61867e8ee71c3a9e9f5d

    SHA512

    732b217963e415fb272556731cf8503df431dbc450f6caf59b7c47804c650baebd33735d9fee18537bac37d639f4491a168351fa4b431457f62bae0e219de6fa

    Download Submit

  • memory/1976-1-0x0000000000400000-0x00000000004DA000-memory.dmp

    Filesize

    872KB

    Download

  • memory/1976-534-0x0000000000400000-0x00000000004DA000-memory.dmp

    Filesize

    872KB

    Download

  • memory/1976-12-0x0000000000400000-0x00000000004DA000-memory.dmp

    Filesize

    872KB

    Download

  • memory/1984-30-0x0000000000400000-0x0000000000695000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1984-533-0x0000000000400000-0x0000000000695000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1984-8-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1984-13-0x0000000000400000-0x0000000000695000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1984-14-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1984-499-0x0000000000400000-0x0000000000695000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1984-32-0x0000000000400000-0x0000000000695000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1984-45-0x0000000000400000-0x0000000000695000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/3024-530-0x00000000001E0000-0x00000000001E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3024-529-0x0000000077A30000-0x0000000077A31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3024-524-0x0000000074120000-0x00000000741D1000-memory.dmp

    Filesize

    708KB

    Download

  • memory/3024-542-0x0000000074120000-0x00000000741D1000-memory.dmp

    Filesize

    708KB

    Download