Overview

overview

7

Static

static

1

setup_stal...17.exe

windows7-x64

7

setup_stal...17.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    03/01/2024, 10:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    setup_stalker_cop_2.1.0.17.exe

  • Size

    28.2MB

  • MD5

    30a61ac1900d59aa3af1682e58732378

  • SHA1

    9e0fcdf5a756ee1d19e34fbf9c1d42caf385db50

  • SHA256

    ef18229305e5d121300834c27485b518782aa7fbd3ec8e654d3114901cc88e1a

  • SHA512

    8e31602767a75581c5876ac92b831e735bcfef84c02a65a33ccfba1cc92e24b26b1a15baabf4b591fbe16d43ea6041bac7fc9d179b150fcd2277b326948fad11

  • SSDEEP

    786432:PXUMoJKOj/esMcOsbTAkSeGcX6vNrwtWHPEAk:/UMYywOsbTtSLcqNIQJ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 8 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\setup_stalker_cop_2.1.0.17.exe
    "C:\Users\Admin\AppData\Local\Temp\setup_stalker_cop_2.1.0.17.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2656
    • C:\Users\Admin\AppData\Local\Temp\is-MGSEJ.tmp\setup_stalker_cop_2.1.0.17.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-MGSEJ.tmp\setup_stalker_cop_2.1.0.17.tmp" /SL5="$30136,28894331,242688,C:\Users\Admin\AppData\Local\Temp\setup_stalker_cop_2.1.0.17.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-MGSEJ.tmp\setup_stalker_cop_2.1.0.17.tmp
    Filesize

    1.3MB

    MD5

    f5b7021b59e4e6d63b649e5c464ff4b2

    SHA1

    ebb127b5f8cb424c461866538cfe47bda62fc3bf

    SHA256

    b4017ff8cfc283232e76c4c0fc6c8f4c8a8fda65d838d7e0e8b4b9a36adea8b2

    SHA512

    17360f28e48936e409de4e78cd1923970054322c96cb2ff8b873a55b5eff47d58be8eff3a9892515dd838d6bc74c700513a9759c3873510a00069689d413fa00

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-M9304.tmp\GameuxInstallHelper.dll
    Filesize

    94KB

    MD5

    4d3ac88054df63fc810427bdaa96c458

    SHA1

    e4d554e03ba91f6b53a2a80253b339f56e303c94

    SHA256

    b07ffcd0af80f6b9fba09abe816ba2f0ff0d336639f1768fc317291bc635ece6

    SHA512

    d4732ad89bbb19b316dff1b9c534acf98bb985c89d1295f08e24b21531123426500b3712979dda2f0e941a5969c0cbca15bbd52f6c167653f96a494a6677ca54

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-M9304.tmp\_isetup\_shfoldr.dll
    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-M9304.tmp\botva2.dll
    Filesize

    35KB

    MD5

    0177746573eed407f8dca8a9e441aa49

    SHA1

    6b462adf78059d26cbc56b3311e3b97fcb8d05f7

    SHA256

    a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

    SHA512

    d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-M9304.tmp\crcdll.dll
    Filesize

    69KB

    MD5

    1d51fac9e2384eeb674199cfd5281d7d

    SHA1

    861dfdc121357d605d0cc3793266713788109eb2

    SHA256

    23e90ce5a1f2d634a7bf5d5d0522fafeea6df9e536e16f5ce91035d5197128ec

    SHA512

    921b00adfe43b883200960e8d0958d4e6b97f6d5cfc096ee277766a3e44cc7805a20877a4edf8bd4d9102bb71a20ac218a9a512f4f76bd751d3ef14f4e0a6eda

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-M9304.tmp\get_hw_caps.dll
    Filesize

    76KB

    MD5

    2e35d2894df3b691dbd8e0d4f4c84efc

    SHA1

    d0fc14963e397d185e9f2d7dea1d07bc6308d5b9

    SHA256

    869079ba362cbc560d673db290248ec2aa075a74f22a82d90621f1118f8e1c4d

    SHA512

    29ba662ab2e77aef0547ff76213a1b6ef52be27a446923790a27cf8b69377621048387dbb9f22001b6d15837dddada84c7350614ec9622258319658822705f90

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-M9304.tmp\innocallback.dll
    Filesize

    63KB

    MD5

    1c55ae5ef9980e3b1028447da6105c75

    SHA1

    f85218e10e6aa23b2f5a3ed512895b437e41b45c

    SHA256

    6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

    SHA512

    1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

    Download Submit

  • memory/2656-395-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2656-2-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2656-0-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/3020-21-0x0000000002150000-0x0000000002165000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3020-67-0x0000000002180000-0x000000000218E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3020-394-0x0000000003D30000-0x0000000003E30000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/3020-398-0x0000000002180000-0x000000000218E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3020-397-0x0000000002150000-0x0000000002165000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3020-396-0x0000000000400000-0x000000000054E000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3020-8-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3020-403-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download