Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Pokemon.In...up.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    204s
  • max time network
    194s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    23/11/2023, 06:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Pokemon.Infinite.Fusion.Launcher.Setup.exe

  • Size

    8.5MB

  • MD5

    c42168bbdf9a79fefba21129c6222715

  • SHA1

    d4487a5d6a194fc27501597763235d2c12cd9e71

  • SHA256

    76bec7c6d98ef11a58bc8f085c2830b57fab79659f5a5e683d0b7560eba66ded

  • SHA512

    439fab956f0b2044aeb079627093b7459ae609a772856b296ec90d410402cf0a04ae74c1c83570a2bf1b093ff1b76f05c498ff86845ada5a85ee29a3b05b23bf

  • SSDEEP

    196608:DtPzDOKciwUmSrV+59scQfZjQf9/qqKzEHBh3:1GKNwUmKQ59scQfZk1yqyCZ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Pokemon.Infinite.Fusion.Launcher.Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Pokemon.Infinite.Fusion.Launcher.Setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4544
    • C:\Users\Admin\AppData\Local\Temp\is-RBHQ2.tmp\Pokemon.Infinite.Fusion.Launcher.Setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-RBHQ2.tmp\Pokemon.Infinite.Fusion.Launcher.Setup.tmp" /SL5="$801FC,8060123,986112,C:\Users\Admin\AppData\Local\Temp\Pokemon.Infinite.Fusion.Launcher.Setup.exe"
      2⤵
      • Executes dropped EXE
      PID:1776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-RBHQ2.tmp\Pokemon.Infinite.Fusion.Launcher.Setup.tmp
    Filesize

    3.2MB

    MD5

    c771b653728b131e7eccf40316c3dc86

    SHA1

    bde49a9daee631a94d2cc04d3643c815f3137273

    SHA256

    36d44d61f6c926f91784689fac646ef9b7b84aedd6fb4c11f73c5cdc94d32852

    SHA512

    578028dcbff33c3f7b78da7e4abca3d58009e8aa95ed44db64d3218a22355f6888ea665da9bd54248580d661d703a8d237fd6a0630594fefa9672462fca5b94a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-RBHQ2.tmp\Pokemon.Infinite.Fusion.Launcher.Setup.tmp
    Filesize

    3.2MB

    MD5

    c771b653728b131e7eccf40316c3dc86

    SHA1

    bde49a9daee631a94d2cc04d3643c815f3137273

    SHA256

    36d44d61f6c926f91784689fac646ef9b7b84aedd6fb4c11f73c5cdc94d32852

    SHA512

    578028dcbff33c3f7b78da7e4abca3d58009e8aa95ed44db64d3218a22355f6888ea665da9bd54248580d661d703a8d237fd6a0630594fefa9672462fca5b94a

    Download Submit

  • memory/1776-6-0x0000000002760000-0x0000000002761000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1776-9-0x0000000000400000-0x000000000073A000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/1776-12-0x0000000002760000-0x0000000002761000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4544-0-0x0000000000400000-0x00000000004FE000-memory.dmp

    Filesize

    1016KB

    Download

  • memory/4544-8-0x0000000000400000-0x00000000004FE000-memory.dmp

    Filesize

    1016KB

    Download