50f5a8cf03415dd39d95ab261be6639f50ca511972f8d25a056a16249e18ebde

Analysis

max time kernel
173s
max time network
241s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 20:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup_stardew_valley_1.5.6.1988831614_(53038).exe
Size

587.2MB
MD5

b99ea7ba69d6c36113ed9fcfa1ff6fd6
SHA1

eebbf65822f2bff52b921fa16e599e391a8bfb93
SHA256

50f5a8cf03415dd39d95ab261be6639f50ca511972f8d25a056a16249e18ebde
SHA512

1ea042a17c2fd9afe318ceb4d4b6f29a42a96a0a3cff4de2f61228df59b4d4c40a402faafa38d5875453d1506c8b9dc72b2219ea4193c39a5199c6711cef8d37
SSDEEP

12582912:ZrZro437kTCA73Kkso8EX9RtU8zXcHSwgkMLdscY/HUKw:ZD3oTZqItRtZ8dhMLdscL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3696	setup_stardew_valley_1.5.6.1988831614_(53038).tmp

Loads dropped DLL 6 IoCs

pid	Process
3696	setup_stardew_valley_1.5.6.1988831614_(53038).tmp
3696	setup_stardew_valley_1.5.6.1988831614_(53038).tmp
3696	setup_stardew_valley_1.5.6.1988831614_(53038).tmp
3696	setup_stardew_valley_1.5.6.1988831614_(53038).tmp
3696	setup_stardew_valley_1.5.6.1988831614_(53038).tmp
3696	setup_stardew_valley_1.5.6.1988831614_(53038).tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4636 wrote to memory of 3696	4636	setup_stardew_valley_1.5.6.1988831614_(53038).exe	93
PID 4636 wrote to memory of 3696	4636	setup_stardew_valley_1.5.6.1988831614_(53038).exe	93
PID 4636 wrote to memory of 3696	4636	setup_stardew_valley_1.5.6.1988831614_(53038).exe	93

C:\Users\Admin\AppData\Local\Temp\setup_stardew_valley_1.5.6.1988831614_(53038).exe
"C:\Users\Admin\AppData\Local\Temp\setup_stardew_valley_1.5.6.1988831614_(53038).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4636
- C:\Users\Admin\AppData\Local\Temp\is-2OVOH.tmp\setup_stardew_valley_1.5.6.1988831614_(53038).tmp
  "C:\Users\Admin\AppData\Local\Temp\is-2OVOH.tmp\setup_stardew_valley_1.5.6.1988831614_(53038).tmp" /SL5="$601EC,614801487,192512,C:\Users\Admin\AppData\Local\Temp\setup_stardew_valley_1.5.6.1988831614_(53038).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-2OVOH.tmp\setup_stardew_valley_1.5.6.1988831614_(53038).tmp

Filesize
1.3MB

MD5
cf4a3ced53955ac3932662bd81b0e58c

SHA1
f0291fcb73309d569efa2bfe033fcf9d31c247da

SHA256
1c7b28c5dde2ff26adc204a198316569c810cf7db63d6fa8ef5cafc3eaf53ab3

SHA512
95d5637d1a3aa76867731bad7cddc0a793bf636288fd1dc0967bd82cb550cabd1cb71dde8b386d14846431e3edc701944d22d860773d2e30b7afae40dae5428c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T8PTH.tmp\1207666123_english.jpg

Filesize
227KB

MD5
6ae605edb3e45dd0df89c6ae10764372

SHA1
61d91eabc15e8acf7c4b2805603dcab8a1288a13

SHA256
57c4b9c2d2c18a5a170af3caf47d0b64e2396bfd8f7ea82ce351f260918841d3

SHA512
1754ab7dd582b0cc4f6a02c5cbd5760623b0d8a8406a14261375d3257a0ca6508684b1d08903e50150e511ceef1a1920b9998c48ab6088e2f8f62258dbb18e32

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T8PTH.tmp\1432297044_english.jpg

Filesize
228KB

MD5
8b0e59c0cb10b4c21fdd81f7df6b7cb5

SHA1
03c19fe23cae568212c6098909750ec4bedf054a

SHA256
136ef9aaaed43071446aa3f57b95567d7ab0ac728f1a03b1c23d4b0ecf0d52dd

SHA512
366185be5f75caaa1d7196682f4f8f2d383151c05f49d5fc9dacb97115efb4e6c09aa0c2fccfb99a21f26d15418da1ec3598b2211fd84d43ca7ac4b8e27983a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T8PTH.tmp\1434460532_english.jpg

Filesize
143KB

MD5
867262a5ef052a7e9449fc0ca80981b7

SHA1
79de93cdab8d86b9ff0e0bed592eacf24306ed44

SHA256
c5e80e836e4bacd18fa3914cb93b5adb9311563b3a613c154fa91a410d605312

SHA512
868c6eda3285535d8ac49276dbb5e01ae02c7f08ba61be48b70ea746c53b271a2bf51363a2c2ce1c87d84f2317168c2d2fd4202e3c6ab7729ec4361a0c1da6bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T8PTH.tmp\BigOK.png

Filesize
3KB

MD5
5b43a5d975a53f4fc1da67ce9f7784c1

SHA1
8543fa1e471030049942252b23cb22e0880c3af5

SHA256
59d8bb3e87a89ef523c0495addce38d69560af42aaa82f56dd41b12e6612c13a

SHA512
5dd5c4e9859a555a4a32da76f5231b44f7556274c6501da530b2cdd570bcb4675f710bee708322a40ed3ef9280c0d652b4e7ef0e9eaf128c08534f59291917f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T8PTH.tmp\EULAAccepted.png

Filesize
2KB

MD5
461dfeb75927bdb39f9db5348612a611

SHA1
b7893b1fff6801e37ee7337d876962a09184941e

SHA256
0de278f5ca6d8570d9bda592268a14a28b87d3631fea2d25721947397aaab79c

SHA512
68528cf45c81c2c024a672f42c2cd6d4f72c015b443f103ca21deb8ee2bec4f4027490e7f33b5338a87537b5bf7f255f2828aed149f622155ec89cc81687651b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T8PTH.tmp\EULAShow.png

Filesize
1KB

MD5
c596bc9111edc702bbbb29b70984254f

SHA1
d4712c7b91ff4f8994e7907d31357c42eb47c738

SHA256
6112851daea2aaa7174e8cfac4a0f61c968bc090342503804c476eff47cc2462

SHA512
db50d0a39ec644873a03d64552fff1776cc94f016e8dfc8918e65aee94f7529a6de4637567b5e65c4ea988f3775785c4b52c2d96fe8dbc52b1e21ff59c737c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T8PTH.tmp\background.jpg

Filesize
312KB

MD5
ee3d61b82617433152adc1cc54cffb42

SHA1
c8645b8686b7bacf6774790810b6925a86dae933

SHA256
fb70b740da03f942d9e25ef63cd6e6bd7dca7dc76a1467b2434842fbc9f60f90

SHA512
991cfd57aa468edd5e56c8e65733f0cbb0dd66b898fd7db2b970ed14af474570912f3e9d732df32954f1a68b6a3b14e47eaccef511bf7cee2ac8da40c18ec50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T8PTH.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T8PTH.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T8PTH.tmp\btn_md5.png

Filesize
8KB

MD5
3befe9739354ee24a0b1ea8df05ce274

SHA1
ab0bda986a8c46aa19f57b75a2b7b22445a3c625

SHA256
b0193ab375f604fa4a25cabdea8f713babde1c07ab562ffc5679352c8e01db47

SHA512
ac016a59e0bfc9b22c376ae5d498c5660893a983d932b2bd502dabe032883c69e79ea8d93c2db49f95415c3cdb068e9f7d1d85527a4f9e68e065a989852d09dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T8PTH.tmp\crcdll.dll

Filesize
69KB

MD5
1d51fac9e2384eeb674199cfd5281d7d

SHA1
861dfdc121357d605d0cc3793266713788109eb2

SHA256
23e90ce5a1f2d634a7bf5d5d0522fafeea6df9e536e16f5ce91035d5197128ec

SHA512
921b00adfe43b883200960e8d0958d4e6b97f6d5cfc096ee277766a3e44cc7805a20877a4edf8bd4d9102bb71a20ac218a9a512f4f76bd751d3ef14f4e0a6eda

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T8PTH.tmp\error.png

Filesize
726B

MD5
df10adc25b673e74e19971c17bee5a98

SHA1
ee16fb1cf9491f5e611282f0574b27d76fede412

SHA256
142b16dc6239421691fa6e619d1a61e61176d89fa018a88b46893c29a57aad8b

SHA512
dc3de10e0321966cbbfb2e57b3b41da6f26dff0c7233a47469da58775b5c471e6b5181e4d4ffc81ef8b83dbcad74ccc1aad7678518f99c9185a441d2a23e010f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T8PTH.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T8PTH.tmp\ok.png

Filesize
1KB

MD5
103c1368e60806b1b7995a0894eacf87

SHA1
971392527f6e4b655044773132505c901a6b5469

SHA256
0d37d4421a39ca8852eb6760b8e914302bdc6cfcc7b170dc1b6c9bb9be148b7e

SHA512
652177e94438aff102f2ed873b26f0985ebed134763852b49b1ca2698463c1dbeb85152f19c8e18d397229ec5cb2cd1d17c61d454ab7c425a2cab540adc8228a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T8PTH.tmp\slideshow.ini

Filesize
403B

MD5
85987637ee80396d218b6e4ebb12881d

SHA1
2aca2381f37b07f2b9a4e004273a12e54fd16165

SHA256
c6e4489aade22aa74bea3dad3cfb169e6e133fa4eeb4db8e2defdc0cb6899bc7

SHA512
7149917a35d504a728f02fe484f888fff385f19f6c5e6f244e9c03b5e1edeedaa2a6a46277dcfa13c3205a1365cb7296c2436b64c08e0cd6e0fb2d75d861fdec

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T8PTH.tmp\uninstall.dll

Filesize
691KB

MD5
7db706c324cc9b6fda497d081eed6e26

SHA1
ca97392e573af0cf61bfa3301801a85f2beea44c

SHA256
cc685dbcf798549ad1a51c1dde45462e2a451ec59f48ee91219182a3871cd5b0

SHA512
8edf1494d57d5e708faaff4170f21f435658be897a6fe0acf243ced0701a7fd574b3c973c5bc5e8d92815e966c98977e69ac1e3083ab00c11b072115527ffa19

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T8PTH.tmp\uninstall.dll

Filesize
691KB

MD5
7db706c324cc9b6fda497d081eed6e26

SHA1
ca97392e573af0cf61bfa3301801a85f2beea44c

SHA256
cc685dbcf798549ad1a51c1dde45462e2a451ec59f48ee91219182a3871cd5b0

SHA512
8edf1494d57d5e708faaff4170f21f435658be897a6fe0acf243ced0701a7fd574b3c973c5bc5e8d92815e966c98977e69ac1e3083ab00c11b072115527ffa19

Download Submit
memory/3696-6-0x0000000000E70000-0x0000000000E71000-memory.dmp

Filesize
4KB

Download
memory/3696-15-0x0000000003920000-0x00000000039D7000-memory.dmp

Filesize
732KB

Download
memory/3696-60-0x00000000056D0000-0x00000000056DE000-memory.dmp

Filesize
56KB

Download
memory/3696-146-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/3696-148-0x0000000000E70000-0x0000000000E71000-memory.dmp

Filesize
4KB

Download
memory/3696-149-0x0000000000760000-0x00000000008B2000-memory.dmp

Filesize
1.3MB

Download
memory/3696-150-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/3696-151-0x0000000003920000-0x00000000039D7000-memory.dmp

Filesize
732KB

Download
memory/3696-152-0x00000000056D0000-0x00000000056DE000-memory.dmp

Filesize
56KB

Download
memory/3696-165-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/3696-167-0x00000000056D0000-0x00000000056DE000-memory.dmp

Filesize
56KB

Download
memory/4636-1-0x0000000000EE0000-0x0000000000F19000-memory.dmp

Filesize
228KB

Download
memory/4636-147-0x0000000000EE0000-0x0000000000F19000-memory.dmp

Filesize
228KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads