fc1a3a8a6d599fc235123b5e27111ad27469bf2ba29ae8a39d444cab9019e6ff

Analysis

max time kernel
301s
max time network
325s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
24/09/2023, 00:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup_slime_rancher_1.4.4-win.exe
Size

620.3MB
MD5

34bdf2ebe52dc979495d9c4ac8846f4c
SHA1

de062012ddc7419e797a79daf357fed918f67754
SHA256

fc1a3a8a6d599fc235123b5e27111ad27469bf2ba29ae8a39d444cab9019e6ff
SHA512

d05eda912c2d971021850e3c2bd072a6ecdbd7c003ecf5c672333ca5d08e5a3567acb3fe31c1b5038917437e207222d2653155551109dace8ddb75243fc6dd7f
SSDEEP

12582912:ueBprjjyldZw2Jilz1+159xJcimNk6oCfoYc3h7tVnJc/039xHNxuqrNckzBpeJm:tnLiLw2JY8jHJci59SZcR7tVWMtxtxuA

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1536	setup_slime_rancher_1.4.4-win.tmp

Loads dropped DLL 7 IoCs

pid	Process
1536	setup_slime_rancher_1.4.4-win.tmp
1536	setup_slime_rancher_1.4.4-win.tmp
1536	setup_slime_rancher_1.4.4-win.tmp
1536	setup_slime_rancher_1.4.4-win.tmp
1536	setup_slime_rancher_1.4.4-win.tmp
1536	setup_slime_rancher_1.4.4-win.tmp
1536	setup_slime_rancher_1.4.4-win.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4672 wrote to memory of 1536	4672	setup_slime_rancher_1.4.4-win.exe	89
PID 4672 wrote to memory of 1536	4672	setup_slime_rancher_1.4.4-win.exe	89
PID 4672 wrote to memory of 1536	4672	setup_slime_rancher_1.4.4-win.exe	89

C:\Users\Admin\AppData\Local\Temp\setup_slime_rancher_1.4.4-win.exe
"C:\Users\Admin\AppData\Local\Temp\setup_slime_rancher_1.4.4-win.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4672
- C:\Users\Admin\AppData\Local\Temp\is-B8ASI.tmp\setup_slime_rancher_1.4.4-win.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-B8ASI.tmp\setup_slime_rancher_1.4.4-win.tmp" /SL5="$30218,649762873,192512,C:\Users\Admin\AppData\Local\Temp\setup_slime_rancher_1.4.4-win.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-B8ASI.tmp\setup_slime_rancher_1.4.4-win.tmp

Filesize
1.3MB

MD5
fa2c7ffa21a5ac625f0f2ad2b5bba287

SHA1
f841a39ec22398f5ff5629ab41fe8425bf06c909

SHA256
e5232609e7549a697b0ec5c5b3e62388826863f0403d0c35e0c4d5717908bd24

SHA512
87c74a75ad68cf2dda4f29f7aff5d8ccb3d01024173e57088b3d163eb7c6078ae3d7a90229f1ec9ce110b2958be533ce07069d49723e30d70efbb9ee78bb66eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\1207659227_english.jpg

Filesize
210KB

MD5
6cec8a177d112d08321452593474ac82

SHA1
76bb35976acccb9c9d1b72ba6bef5003690c2f11

SHA256
9394c9eeb303d8596073efa72f5b3abfb2688165b5c1e51b18e01699cf2d4147

SHA512
167cf7ef71b1e21daf7b3e76d2d1de544ee148351967009ae75cbcb6cef9884e1a848ebb39676b31a3dd5e96e619ee40a6c875eff43ede4b14a5c7d162f031dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\1207659793_english.jpg

Filesize
192KB

MD5
2a59f12e4950e328a6945bf2b5bdd117

SHA1
685188da29b8ecd1f0cc64b08f0f6ec102d7bff6

SHA256
8d3437980779e2ed0900cb0930a13d67f91a4e3a9dc0ea183546246c8893ef80

SHA512
4d463ea5e525d92cdebd3bf44a51575877666efeeea650f73bb26953f19b2c445d3020ca967c0bdae035ef3ca4b00c3258242124f3cf5748bcbf07c470f7c886

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\1207666463_english.jpg

Filesize
133KB

MD5
562b1e8e2e2a3d1042708f11ef6caf54

SHA1
ae93bbdb6ea6f2c9fe9358227e623b64b0f3321c

SHA256
1316926179fb3a7647a5d7462334cd9753a6ba19be3ff3fbd74f5edee22f260f

SHA512
a51da10c4e1db6133066c8fddc879c971ccbaec91b214289722fa562cb5bbde50b482a6f91b91fea7b5c03e4e987eaf781987a29a0d9011db7f7c776d7339279

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\1420648479_english.jpg

Filesize
151KB

MD5
71756f06c58a0d30e52bd0f979a1b305

SHA1
aba4a00838d0cc83ddbaabf11692de6f7db5d811

SHA256
830de7d96c931d992dddedaf299173c138bf63faacc429126fccddb0aeb290fc

SHA512
29660ff1ade51d6df77a18502b1b4e0490fc746489e2796011d91dc58d6a3786c70db8fce2bb90a87fda34dce8995a2339dbe058383f0cbc4e44da65159f6bf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\1424782569_english.jpg

Filesize
189KB

MD5
63424f984b92e4987794a37d6cced5a9

SHA1
7cc76ebd93bd0405eeb8461d8e0b8ecf5554a1c7

SHA256
b75244eaeab419bfd0952dea896bf3bc5c2945fba42860ba1191f85cfc261162

SHA512
3b99b40b4f88fd26d406df7be5dfda12be1c7e0a503b88e03fcd632f0266fa13c3faa33dedbfd1ac1629332b8d51bab26be87211a91a481ae474a0cf94305912

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\1424868751_english.jpg

Filesize
161KB

MD5
b0780c088be3eca2c109997112516916

SHA1
c4b8a56efbb2e2de747545839c74a0f5316c2fde

SHA256
47c4ab8844f4b75bb859a61bb1dfe42e772790e80d66c452b45e2e32d972427b

SHA512
19f5ad321fd8c69ca7f1b633ecbc9e3a651a7d4ee6bf5fd762c08a43719ee6e58ac146360171c96cddf6675c0d1222812cde496cc03c3ca53675d01b7d1bcb3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\1431599567_english.jpg

Filesize
209KB

MD5
cdbc1be09b3ab7db009381c4dcab89b7

SHA1
2768b11ee3aee560c1ab52617de351803303a784

SHA256
09ad8b06c09331784018c51cf0a001597d67d0d755b143568398613e18a48dff

SHA512
dce59636270ddc6eeb96a11612cac9a206ac4b54ec1c58476acfd166421f15aae14fe280f2e695bbf723ea8bcb4823ae4d73f4adf2d601ffa78c883c8fbba2ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\1433157800_english.jpg

Filesize
149KB

MD5
b688815e73cb7736f57c5f430370fc8a

SHA1
1a3faba767a5a54aa22ae0625d26a56d0d74daf5

SHA256
a8e71d8846fb7801d9ef1cca402a6d6fb07abb44e7d06266fc038743b1d76e2d

SHA512
faf98af5497387bfbedc97475f7b0566c61f3ae28c96eff256ff496305dfa8a6bd758bbfe9b19ea512d6df2ccfff78483be75cfcd419ab1344ce0df35d079401

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\1448617555_english.jpg

Filesize
207KB

MD5
89393e001b1840b2f93cce3c6c678e86

SHA1
33ac215d448c38b06291f82f75f9feeaa4aae65b

SHA256
6fc6e7a0a4b8601a4973d93ac6563efcd21e1179add32da85098543445d71b4b

SHA512
ddb4f8cea0609922a8661b5e1e3a61798ebf63060ba2a0b4d0cde70adbf861dff519d5c694f4a29be7307739ac8c419ccfb8326c36ea1edcfb14d38ca1105202

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\1452699415_english.jpg

Filesize
197KB

MD5
377555f6619950a9480f16bafca9becb

SHA1
cb4573b8c50392131c532b08b7fee71339a7b248

SHA256
6cf80bd9ad9bbda29799d92fad76ee0ef3c92845ee947e933e33d69029c42f59

SHA512
ce8529689cc5d0b608ebb78b53a8303ae27043fdf633143b1263dc9cbb8b0794af238fb477b17abc5c52fbdf7378e796231c750bc301a6e566a1af90a66bdfad

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\1455704410_english.jpg

Filesize
255KB

MD5
1862abae892aa27375bf98f619b19756

SHA1
acf7cf47891cae1363a2c546ad5d1f3d13cc0837

SHA256
d26e5a58a3f5b0a385a422f9d57dfa8c59f97669f88e2e1c68bd32bdb9ee94d2

SHA512
d1bac38556b4ae1dc9be0fbea533cb3514b75079f37387a24ac87755415dfca12b4dfff57d420ca54cab331c5e077520cd5b52706ec3de704d4fa0c481a5ee15

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\2018730457_english.jpg

Filesize
160KB

MD5
efe75bde7779bd18d7c7cfa9a098fbde

SHA1
157e79bb764560fb33d888c3c1300469cc2e48f2

SHA256
079f094d054f2a4ab431c17960d360a3ef28fb0512a20c41e8375baf3c0b8d47

SHA512
a6ba914eb7bf13c9ed3422af9901a77c4be08da66622dbfe1391d3fcbb326847b81efb7722b6afd80c5d299c3696c044b3c85ff5f56f72f6f5bac83c6bd9b175

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\BigOK.png

Filesize
3KB

MD5
5b43a5d975a53f4fc1da67ce9f7784c1

SHA1
8543fa1e471030049942252b23cb22e0880c3af5

SHA256
59d8bb3e87a89ef523c0495addce38d69560af42aaa82f56dd41b12e6612c13a

SHA512
5dd5c4e9859a555a4a32da76f5231b44f7556274c6501da530b2cdd570bcb4675f710bee708322a40ed3ef9280c0d652b4e7ef0e9eaf128c08534f59291917f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\EULAAccepted.png

Filesize
2KB

MD5
461dfeb75927bdb39f9db5348612a611

SHA1
b7893b1fff6801e37ee7337d876962a09184941e

SHA256
0de278f5ca6d8570d9bda592268a14a28b87d3631fea2d25721947397aaab79c

SHA512
68528cf45c81c2c024a672f42c2cd6d4f72c015b443f103ca21deb8ee2bec4f4027490e7f33b5338a87537b5bf7f255f2828aed149f622155ec89cc81687651b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\EULAShow.png

Filesize
1KB

MD5
c596bc9111edc702bbbb29b70984254f

SHA1
d4712c7b91ff4f8994e7907d31357c42eb47c738

SHA256
6112851daea2aaa7174e8cfac4a0f61c968bc090342503804c476eff47cc2462

SHA512
db50d0a39ec644873a03d64552fff1776cc94f016e8dfc8918e65aee94f7529a6de4637567b5e65c4ea988f3775785c4b52c2d96fe8dbc52b1e21ff59c737c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\background.jpg

Filesize
314KB

MD5
35b0e17a6e0fc7ec621ce27d470cdda4

SHA1
6c2d1473287e7450e244dd33223e1f641210f2e2

SHA256
322aa0b76b91c1722dcaf346633376e0ebb9031817cc46cfbaafa6e8736625d1

SHA512
61b5031de1d9830203f29c5178a94ed454a91939ea91c2882648d059c6d4940d8b8cca102c2c87ada20cac274e59476446a61cf2bcd27848a29724be964a93ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\btn_md5.png

Filesize
8KB

MD5
3befe9739354ee24a0b1ea8df05ce274

SHA1
ab0bda986a8c46aa19f57b75a2b7b22445a3c625

SHA256
b0193ab375f604fa4a25cabdea8f713babde1c07ab562ffc5679352c8e01db47

SHA512
ac016a59e0bfc9b22c376ae5d498c5660893a983d932b2bd502dabe032883c69e79ea8d93c2db49f95415c3cdb068e9f7d1d85527a4f9e68e065a989852d09dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\crcdll.dll

Filesize
69KB

MD5
1d51fac9e2384eeb674199cfd5281d7d

SHA1
861dfdc121357d605d0cc3793266713788109eb2

SHA256
23e90ce5a1f2d634a7bf5d5d0522fafeea6df9e536e16f5ce91035d5197128ec

SHA512
921b00adfe43b883200960e8d0958d4e6b97f6d5cfc096ee277766a3e44cc7805a20877a4edf8bd4d9102bb71a20ac218a9a512f4f76bd751d3ef14f4e0a6eda

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\error.png

Filesize
726B

MD5
df10adc25b673e74e19971c17bee5a98

SHA1
ee16fb1cf9491f5e611282f0574b27d76fede412

SHA256
142b16dc6239421691fa6e619d1a61e61176d89fa018a88b46893c29a57aad8b

SHA512
dc3de10e0321966cbbfb2e57b3b41da6f26dff0c7233a47469da58775b5c471e6b5181e4d4ffc81ef8b83dbcad74ccc1aad7678518f99c9185a441d2a23e010f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\ok.png

Filesize
1KB

MD5
103c1368e60806b1b7995a0894eacf87

SHA1
971392527f6e4b655044773132505c901a6b5469

SHA256
0d37d4421a39ca8852eb6760b8e914302bdc6cfcc7b170dc1b6c9bb9be148b7e

SHA512
652177e94438aff102f2ed873b26f0985ebed134763852b49b1ca2698463c1dbeb85152f19c8e18d397229ec5cb2cd1d17c61d454ab7c425a2cab540adc8228a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\slideshow.ini

Filesize
1KB

MD5
f310e4ac873584b80e985c3b6c7224b8

SHA1
f25ea3b1bf963d5d261e2df3c46020d5e8032f57

SHA256
8536cb37247b77abc31f86f10060cc198b524627919d9664121d7ee1b4de641d

SHA512
fba374b3245ca1816904b6c5a81cfeb0c5ab524b49f58b5a93df7846467bb53db9abb9719698d6ef6b7ba794637b5298fdcfd44cbc177a077b2fe868ca50deb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\uninstall.dll

Filesize
691KB

MD5
7db706c324cc9b6fda497d081eed6e26

SHA1
ca97392e573af0cf61bfa3301801a85f2beea44c

SHA256
cc685dbcf798549ad1a51c1dde45462e2a451ec59f48ee91219182a3871cd5b0

SHA512
8edf1494d57d5e708faaff4170f21f435658be897a6fe0acf243ced0701a7fd574b3c973c5bc5e8d92815e966c98977e69ac1e3083ab00c11b072115527ffa19

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RRS9V.tmp\uninstall.dll

Filesize
691KB

MD5
7db706c324cc9b6fda497d081eed6e26

SHA1
ca97392e573af0cf61bfa3301801a85f2beea44c

SHA256
cc685dbcf798549ad1a51c1dde45462e2a451ec59f48ee91219182a3871cd5b0

SHA512
8edf1494d57d5e708faaff4170f21f435658be897a6fe0acf243ced0701a7fd574b3c973c5bc5e8d92815e966c98977e69ac1e3083ab00c11b072115527ffa19

Download Submit
memory/1536-64-0x00000000052D0000-0x00000000052DE000-memory.dmp

Filesize
56KB

Download
memory/1536-241-0x0000000000C20000-0x0000000000D72000-memory.dmp

Filesize
1.3MB

Download
memory/1536-260-0x00000000052D0000-0x00000000052DE000-memory.dmp

Filesize
56KB

Download
memory/1536-258-0x0000000002750000-0x0000000002765000-memory.dmp

Filesize
84KB

Download
memory/1536-6-0x0000000000BB0000-0x0000000000BB1000-memory.dmp

Filesize
4KB

Download
memory/1536-19-0x0000000005070000-0x0000000005127000-memory.dmp

Filesize
732KB

Download
memory/1536-240-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/1536-13-0x0000000002750000-0x0000000002765000-memory.dmp

Filesize
84KB

Download
memory/1536-245-0x0000000000BB0000-0x0000000000BB1000-memory.dmp

Filesize
4KB

Download
memory/1536-244-0x00000000052D0000-0x00000000052DE000-memory.dmp

Filesize
56KB

Download
memory/1536-243-0x0000000005070000-0x0000000005127000-memory.dmp

Filesize
732KB

Download
memory/1536-242-0x0000000002750000-0x0000000002765000-memory.dmp

Filesize
84KB

Download
memory/4672-7-0x0000000000560000-0x0000000000599000-memory.dmp

Filesize
228KB

Download
memory/4672-1-0x0000000000560000-0x0000000000599000-memory.dmp

Filesize
228KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads