f47475b05294c8bf017b9ec6fc533849ac0a8be52bb1f7eb772933385bc67494

Analysis

max time kernel
141s
max time network
113s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
23/10/2023, 18:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup_turmoil_2.0.0.2.exe
Size

44.4MB
MD5

a93fcd2b443ca844c9aa2f4ea2e33982
SHA1

fdf186988f7e33e69b9b1382d80bf5684ee03e0c
SHA256

f47475b05294c8bf017b9ec6fc533849ac0a8be52bb1f7eb772933385bc67494
SHA512

0a1071cec069855e3066adfc4fdf00c344ad84997dbbc4311cc15f88a0ec8409c2985a95f46bd0217578fe89d02737cf6bc78d2cd731894439b7b3c0ed50e8c9
SSDEEP

786432:vj29n7NVUWMnKXFamtXxFGUtIRkMkNt/lwyB/fRkk+H9Njusyw/cVZ/gdT+t9:bgnRVUWMnmFawxXIWNtNw6XRkk2DjR/Q

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2940	setup_turmoil_2.0.0.2.tmp

Loads dropped DLL 7 IoCs

pid	Process
2940	setup_turmoil_2.0.0.2.tmp
2940	setup_turmoil_2.0.0.2.tmp
2940	setup_turmoil_2.0.0.2.tmp
2940	setup_turmoil_2.0.0.2.tmp
2940	setup_turmoil_2.0.0.2.tmp
2940	setup_turmoil_2.0.0.2.tmp
2940	setup_turmoil_2.0.0.2.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4680 wrote to memory of 2940	4680	setup_turmoil_2.0.0.2.exe	71
PID 4680 wrote to memory of 2940	4680	setup_turmoil_2.0.0.2.exe	71
PID 4680 wrote to memory of 2940	4680	setup_turmoil_2.0.0.2.exe	71

C:\Users\Admin\AppData\Local\Temp\setup_turmoil_2.0.0.2.exe
"C:\Users\Admin\AppData\Local\Temp\setup_turmoil_2.0.0.2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4680
- C:\Users\Admin\AppData\Local\Temp\is-E4ADO.tmp\setup_turmoil_2.0.0.2.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-E4ADO.tmp\setup_turmoil_2.0.0.2.tmp" /SL5="$C0060,45894376,242688,C:\Users\Admin\AppData\Local\Temp\setup_turmoil_2.0.0.2.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-363NC.tmp\02.FTL-Faster-Than-Light.png

Filesize
957KB

MD5
9518357281d59d87e06bfed76678d02e

SHA1
197d1aa93e764695e577210f5b339c87d2bc7127

SHA256
c84578b2dbac55c719a6d77464277f16e0598772df3c085dce8babfb87efd403

SHA512
6dd7fda7cafd3aa5eda840b85391fec531cc7afa12fa420fb9cc9ef57a303be191eadcca24399e52aab02fffff96a934f891196b40257c1a93e86b7712d8456e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-363NC.tmp\02.Sid-Meier's-Alpha-Centauri.png

Filesize
1.1MB

MD5
3df2be1ad1b0e332f5355adc51bd8a20

SHA1
faa3a58992db4c11a469125aefa0ed20dc6dec1b

SHA256
d2ff576ab3dc7ed8c08d55ff3d462d934a41e25c65a9fb43b58c2c7d4481abe5

SHA512
0021bbf5633d5e8ec968996165e928e4b7fc671243f2f9011412e1eec3df5745310127eea0373ed187f36daf16de0dba6d3fc1722c6c1df9634aa574902f6d36

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-363NC.tmp\03.Dungeon-Keeper-2.png

Filesize
1.0MB

MD5
f3457d8d94955171bb8cc6e6ab3d87ba

SHA1
5576f6ab1aea19e484a276238c2111119a0c1b66

SHA256
76c0fe3f72c8770009f7373b39a7e5a84911bb6898bdc3317103f4ae16b433ab

SHA512
7b685d4a99709c9f55da1881baa609ed8ed37f295368edaa59ab035583fc73955d648463daffdbec32ac56db7fbfbfc5524b466313f2a48ef7e058bc1a60935b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-363NC.tmp\13.Zeus+Poseidon.png

Filesize
1.2MB

MD5
b99405f6bf6f204005b8445debaa072a

SHA1
70ae2918774464ef454897282b46f7e0eb5f36e4

SHA256
4e187c64e9f1534642afc16bcd4d023be7d69448a294ce4f5c50b268b2234167

SHA512
6d0a459a46f4529bae264382de225fc2824ca799d72ceef31f4e54b13c9fa8c8978b89e35cc2be053f1a96fda4941b213f73ab3cde4cb0fbe83e352715bfc916

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-363NC.tmp\15.Uplink-Hacker-Elite.png

Filesize
990KB

MD5
0fd260cbe0eea2d7f3ffcf92fbeaff5d

SHA1
b73cd43a75a12b1d4e27e56d4c3067b43dbdf434

SHA256
46d2c07863228c8415489edce838dbe28f4aa3acf16937fdab0de77704e29387

SHA512
b6beedeec938341f1538f80800145bf72ac712406508eeb1f510248df68da4b07f891e7dc105f2b4a6534c8ac3870d8dd410fa46510dfd7bbbbbc8769ddf90b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-363NC.tmp\1812631235.ini

Filesize
689B

MD5
469a2a994e7606f777d2effea5dea81b

SHA1
2bd3a71c028f01d2b85695f29c7479cbfb7098b8

SHA256
af9d0eb7d7fa4c6a45d531a8ce6026c1fd6c3338eef777296941ddf53c7d3eda

SHA512
087b25ffd37c04dc537e85fbaf0108aff7b42ce012d71bcb85b21b9887f20d91e19a3709af78b333ef7b2a25444eee8ddeb240b57da1747df85774b9364faebd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-363NC.tmp\BigOK.png

Filesize
3KB

MD5
5b43a5d975a53f4fc1da67ce9f7784c1

SHA1
8543fa1e471030049942252b23cb22e0880c3af5

SHA256
59d8bb3e87a89ef523c0495addce38d69560af42aaa82f56dd41b12e6612c13a

SHA512
5dd5c4e9859a555a4a32da76f5231b44f7556274c6501da530b2cdd570bcb4675f710bee708322a40ed3ef9280c0d652b4e7ef0e9eaf128c08534f59291917f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-363NC.tmp\EULAAccepted.png

Filesize
2KB

MD5
461dfeb75927bdb39f9db5348612a611

SHA1
b7893b1fff6801e37ee7337d876962a09184941e

SHA256
0de278f5ca6d8570d9bda592268a14a28b87d3631fea2d25721947397aaab79c

SHA512
68528cf45c81c2c024a672f42c2cd6d4f72c015b443f103ca21deb8ee2bec4f4027490e7f33b5338a87537b5bf7f255f2828aed149f622155ec89cc81687651b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-363NC.tmp\EULAShow.png

Filesize
1KB

MD5
c596bc9111edc702bbbb29b70984254f

SHA1
d4712c7b91ff4f8994e7907d31357c42eb47c738

SHA256
6112851daea2aaa7174e8cfac4a0f61c968bc090342503804c476eff47cc2462

SHA512
db50d0a39ec644873a03d64552fff1776cc94f016e8dfc8918e65aee94f7529a6de4637567b5e65c4ea988f3775785c4b52c2d96fe8dbc52b1e21ff59c737c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-363NC.tmp\background.jpg

Filesize
84KB

MD5
09c68a0c55c368983b3d8455196e8000

SHA1
29e4451e7ad233d85fa1bf12352e910301016032

SHA256
91d2052cea5accbe377d73b0ca3c2915893946d1a53e1174be021a7e3b650ba0

SHA512
78a714223acb52479ea0aebba2272addb2da154420b1228d7b8f1ceb52043a1e4c02b294e52f63d575a77ab008af25ff2d32461aa0e335be6ba5281dec032d5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-363NC.tmp\btn_md5.png

Filesize
8KB

MD5
3befe9739354ee24a0b1ea8df05ce274

SHA1
ab0bda986a8c46aa19f57b75a2b7b22445a3c625

SHA256
b0193ab375f604fa4a25cabdea8f713babde1c07ab562ffc5679352c8e01db47

SHA512
ac016a59e0bfc9b22c376ae5d498c5660893a983d932b2bd502dabe032883c69e79ea8d93c2db49f95415c3cdb068e9f7d1d85527a4f9e68e065a989852d09dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-363NC.tmp\error.png

Filesize
726B

MD5
df10adc25b673e74e19971c17bee5a98

SHA1
ee16fb1cf9491f5e611282f0574b27d76fede412

SHA256
142b16dc6239421691fa6e619d1a61e61176d89fa018a88b46893c29a57aad8b

SHA512
dc3de10e0321966cbbfb2e57b3b41da6f26dff0c7233a47469da58775b5c471e6b5181e4d4ffc81ef8b83dbcad74ccc1aad7678518f99c9185a441d2a23e010f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-363NC.tmp\ok.png

Filesize
1KB

MD5
103c1368e60806b1b7995a0894eacf87

SHA1
971392527f6e4b655044773132505c901a6b5469

SHA256
0d37d4421a39ca8852eb6760b8e914302bdc6cfcc7b170dc1b6c9bb9be148b7e

SHA512
652177e94438aff102f2ed873b26f0985ebed134763852b49b1ca2698463c1dbeb85152f19c8e18d397229ec5cb2cd1d17c61d454ab7c425a2cab540adc8228a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-E4ADO.tmp\setup_turmoil_2.0.0.2.tmp

Filesize
1.3MB

MD5
10a4aa3c67fb6a9da44a1d40c8ce56db

SHA1
82f7b235a49d25f00927e815098d18e0798c721f

SHA256
4f5eacf66000e465f19017fc8736174971b87fc0edf48613ca8f43be9bf7ce9e

SHA512
f0576d4a6e64e839b8376d469492d2d61a7f53048531b7764d8e8c4aa5317d04acdd2d5dc4732db3b747397a946394fd7a83a2881e368b95e617f7c202298284

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-E4ADO.tmp\setup_turmoil_2.0.0.2.tmp

Filesize
1.3MB

MD5
10a4aa3c67fb6a9da44a1d40c8ce56db

SHA1
82f7b235a49d25f00927e815098d18e0798c721f

SHA256
4f5eacf66000e465f19017fc8736174971b87fc0edf48613ca8f43be9bf7ce9e

SHA512
f0576d4a6e64e839b8376d469492d2d61a7f53048531b7764d8e8c4aa5317d04acdd2d5dc4732db3b747397a946394fd7a83a2881e368b95e617f7c202298284

Download Submit
\Users\Admin\AppData\Local\Temp\is-363NC.tmp\GameuxInstallHelper.dll

Filesize
94KB

MD5
4d3ac88054df63fc810427bdaa96c458

SHA1
e4d554e03ba91f6b53a2a80253b339f56e303c94

SHA256
b07ffcd0af80f6b9fba09abe816ba2f0ff0d336639f1768fc317291bc635ece6

SHA512
d4732ad89bbb19b316dff1b9c534acf98bb985c89d1295f08e24b21531123426500b3712979dda2f0e941a5969c0cbca15bbd52f6c167653f96a494a6677ca54

Download Submit
\Users\Admin\AppData\Local\Temp\is-363NC.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
\Users\Admin\AppData\Local\Temp\is-363NC.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
\Users\Admin\AppData\Local\Temp\is-363NC.tmp\crcdll.dll

Filesize
69KB

MD5
1d51fac9e2384eeb674199cfd5281d7d

SHA1
861dfdc121357d605d0cc3793266713788109eb2

SHA256
23e90ce5a1f2d634a7bf5d5d0522fafeea6df9e536e16f5ce91035d5197128ec

SHA512
921b00adfe43b883200960e8d0958d4e6b97f6d5cfc096ee277766a3e44cc7805a20877a4edf8bd4d9102bb71a20ac218a9a512f4f76bd751d3ef14f4e0a6eda

Download Submit
\Users\Admin\AppData\Local\Temp\is-363NC.tmp\get_hw_caps.dll

Filesize
76KB

MD5
2e35d2894df3b691dbd8e0d4f4c84efc

SHA1
d0fc14963e397d185e9f2d7dea1d07bc6308d5b9

SHA256
869079ba362cbc560d673db290248ec2aa075a74f22a82d90621f1118f8e1c4d

SHA512
29ba662ab2e77aef0547ff76213a1b6ef52be27a446923790a27cf8b69377621048387dbb9f22001b6d15837dddada84c7350614ec9622258319658822705f90

Download Submit
\Users\Admin\AppData\Local\Temp\is-363NC.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
\Users\Admin\AppData\Local\Temp\is-363NC.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
memory/2940-7-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/2940-21-0x0000000005240000-0x0000000005255000-memory.dmp

Filesize
84KB

Download
memory/2940-72-0x0000000005430000-0x000000000543E000-memory.dmp

Filesize
56KB

Download
memory/2940-184-0x00000000052B0000-0x00000000053B0000-memory.dmp

Filesize
1024KB

Download
memory/2940-187-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/2940-188-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/2940-189-0x0000000005240000-0x0000000005255000-memory.dmp

Filesize
84KB

Download
memory/2940-190-0x0000000005430000-0x000000000543E000-memory.dmp

Filesize
56KB

Download
memory/2940-191-0x00000000052B0000-0x00000000053B0000-memory.dmp

Filesize
1024KB

Download
memory/2940-198-0x0000000005240000-0x0000000005255000-memory.dmp

Filesize
84KB

Download
memory/2940-199-0x0000000005430000-0x000000000543E000-memory.dmp

Filesize
56KB

Download
memory/4680-1-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/4680-185-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads