355bb7cd13e2b17a20c4956af0f402c107a186e95ad82864913b1849cc044939

Analysis

max time kernel
85s
max time network
88s
platform
windows11-21h2_x64
resource
win11-20231222-en
resource tags

arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system
submitted
23-01-2024 11:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

funni game/_Redist/vcredist_x86.exe
Size

4.8MB
MD5

b88228d5fef4b6dc019d69d4471f23ec
SHA1

372d9c1670343d3fb252209ba210d4dc4d67d358
SHA256

8162b2d665ca52884507ede19549e99939ce4ea4a638c537fa653539819138c8
SHA512

cdd218d211a687dde519719553748f3fb36d4ac618670986a6dadb4c45b34a9c6262ba7bab243a242f91d867b041721f22330170a74d4d0b2c354aec999dbff8
SSDEEP

98304:RuLgywiN1ah6HcG0UJrN7SDgndrHZDMeaNNjt0CKKBgY2r71pZ/APaOR72HgQo0z:I7wq1W6HqULS8djZDTaNNeCKVP5ORsg0

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3368	Setup.exe

Loads dropped DLL 5 IoCs

pid	Process
3368	Setup.exe
3368	Setup.exe
3368	Setup.exe
3368	Setup.exe
3368	Setup.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3368	Setup.exe
3368	Setup.exe
3368	Setup.exe
3368	Setup.exe
3368	Setup.exe
3368	Setup.exe
3368	Setup.exe
3368	Setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5092 wrote to memory of 3368	5092	vcredist_x86.exe	80
PID 5092 wrote to memory of 3368	5092	vcredist_x86.exe	80
PID 5092 wrote to memory of 3368	5092	vcredist_x86.exe	80

C:\Users\Admin\AppData\Local\Temp\funni game\_Redist\vcredist_x86.exe
"C:\Users\Admin\AppData\Local\Temp\funni game\_Redist\vcredist_x86.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5092
- \??\c:\8fb80513af922e55f42912d619e0505e\Setup.exe
  c:\8fb80513af922e55f42912d619e0505e\Setup.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:3368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\8fb80513af922e55f42912d619e0505e\1033\SetupResources.dll

Filesize
16KB

MD5
9547d24ac04b4d0d1dbf84f74f54faf7

SHA1
71af6001c931c3de7c98ddc337d89ab133fe48bb

SHA256
36d0159ed1a7d88000737e920375868765c0a1dd6f5a5acbb79cf7d97d9e7a34

SHA512
8b6048f4185a711567679e2de4789407077ce5bfe72102d3cb1f23051b8d3e6bfd5886c801d85b4e62f467dd12da1c79026a4bc20b17f54c693b2f24e499d40f

Download Submit
C:\8fb80513af922e55f42912d619e0505e\SetupEngine.dll

Filesize
43KB

MD5
60c6c41c760ffed24b2b38c79233e2df

SHA1
619b83ccf7a2d1c3fb8f7e4ac848e782cbaac5b1

SHA256
499817ea9bd1485a724a8237af10273048d176080e4ecb2ae751a42747a8a734

SHA512
95250841e0ac1d1618997edd681318893501f5f3a3b376f81e612395e972fbf42e53e1f0114cd0bd9060d84e1ff07c0a41c20c708cdc0bc6772d77259f9ff373

Download Submit
C:\8fb80513af922e55f42912d619e0505e\sqmapi.dll

Filesize
61KB

MD5
522539538d30c7c65b7fb630e1e0d253

SHA1
2a24277b3a5bb0a23b22f5d2bb2960c908caa981

SHA256
1b6348f49c67b76f5ed1ba110e7dba1e4c8978ef44eb83752a09a0b7d7db8529

SHA512
4d9d89cfcf669afb7773b43a80d4fad62ad5f578ddffd1f40774fc083174a0a1f689a8e764b73a072630e92436ed8721d895c1c2a087d7e463aff14946a4f5c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Setup_20240123_120122165.html

Filesize
16KB

MD5
80ec1f4bdacdf4a790163d4984651946

SHA1
5f39ab048a650dcf732f8976852c7eb53c83777a

SHA256
263a98685d9bbc8dd6e838880a7767aef6edb97701430294ffd498646c45bedf

SHA512
dd65367ba14edc41fa775ac604d76b8e627617e59eb8253dbdcb239c55c2950ac67b46cf4dd9561462a7f12d2c956b62529da35774e0057cb4be7f8ea0b58c5d

Download Submit
\??\c:\8fb80513af922e55f42912d619e0505e\1028\LocalizedData.xml

Filesize
29KB

MD5
7fc06a77d9aafca9fb19fafa0f919100

SHA1
e565740e7d582cd73f8d3b12de2f4579ff18bb41

SHA256
a27f809211ea1a2d5224cd01101aa3a59bf7853168e45de28a16ef7ed6acd46a

SHA512
466dcc6a5fb015be1619f5725fa62ca46eb0fb428e11f93fd9d82e5df61c3950b3fb62d4db7746cc4a2be199e5e69eaa30b6f3354e0017cfa14d127fad52f8cf

Download Submit
\??\c:\8fb80513af922e55f42912d619e0505e\1031\LocalizedData.xml

Filesize
40KB

MD5
b83c3803712e61811c438f6e98790369

SHA1
61a0bc59388786ced045acd82621bee8578cae5a

SHA256
2aa6e8d402e44d9ee895b18195f46bf90259de1b6f44efd46a7075b110f2dcd6

SHA512
e020f93e3a082476087e690ad051f1feb210e0915924bb4548cc9f53a7ee2760211890eb6036ce9e5e4a311abc0300e89e25efbbb894c2a621ffbc9d64cc8a38

Download Submit
\??\c:\8fb80513af922e55f42912d619e0505e\1033\LocalizedData.xml

Filesize
38KB

MD5
d642e322d1e8b739510ca540f8e779f9

SHA1
36279c76d9f34c09ebddc84fd33fcc7d4b9a896c

SHA256
5d90345ff74e177f6da8fb6459c1cfcac080e698215ca75feb130d0d1f2a76b9

SHA512
e1e16ae14bc7cc1608e1a08d3c92b6d0518b5fabd27f2c0eb514c87afc3d6192bf7a793a583afc65f1899f03dc419263b29174456e1ec9ab0f0110e0258e0f0d

Download Submit
\??\c:\8fb80513af922e55f42912d619e0505e\1036\LocalizedData.xml

Filesize
40KB

MD5
e382abc19294f779d2833287242e7bc6

SHA1
1ceae32d6b24a3832f9244f5791382865b668a72

SHA256
43f913ff28d677316f560a0f45221f35f27cfaf5fc5bd645974a82dca589edbf

SHA512
06054c8048cade36a3af54f9a07fd8fa5eb4f3228790996d2abea7ee1ee7eb563d46bd54ff97441f9610e778194082c44e66c5f566c9c50a042aba9eb9cae25e

Download Submit
\??\c:\8fb80513af922e55f42912d619e0505e\1040\LocalizedData.xml

Filesize
39KB

MD5
0af948fe4142e34092f9dd47a4b8c275

SHA1
b3d6dd5c126280398d9055f90e2c2c26dbae4eaa

SHA256
c4c7c0ddaa6d6a3a1dc260e9c5a24bdfaa98c427c69e8a65427dd7cac0a4b248

SHA512
d97b5fe2553ca78a3019d53e33d2db80c9fa1cf1d8d2501d9ddf0576c7e6ea38dab754fe4712123abf34b97e10b18fb4bbd1c76d3dacb87b4682e501f93423d9

Download Submit
\??\c:\8fb80513af922e55f42912d619e0505e\1041\LocalizedData.xml

Filesize
33KB

MD5
7fcfbc308b0c42dcbd8365ba62bada05

SHA1
18a0f0e89b36818c94de0ad795cc593d0e3e29a9

SHA256
01e7d24dd8e00b5c333e96d1bb83813e02e96f89aad0c2f28f84551d28abbbe2

SHA512
cd6f912a037e86d9e1982c73f0f8b3c4d5a9a6b5b108a7b89a46e6691e430a7cb55718de9a0c05650bb194c8d4a2e309ad6221d638cfca8e16aa5920881ba649

Download Submit
\??\c:\8fb80513af922e55f42912d619e0505e\1042\LocalizedData.xml

Filesize
32KB

MD5
71dfd70ae141f1d5c1366cb661b354b2

SHA1
c4b22590e6f6dd5d39e5158b831ae217ce17a776

SHA256
cccda55294aeb4af166a8c0449bca2189ddf5aa9a43d5e939dd3803e61738331

SHA512
5000d62f3de41c3fb0ed8a8e9c37dbf4eb427c4f1e3ad3823d4716c6fe62250bac11b7987a302b8a45d91aabcf332457f7aff7d99f15edeffe540639e9440e8a

Download Submit
\??\c:\8fb80513af922e55f42912d619e0505e\1049\LocalizedData.xml

Filesize
39KB

MD5
0eeb554d0b9f9fcdb22401e2532e9cd0

SHA1
08799520b72a1ef92ac5b94a33509d1eddf6caf8

SHA256
beef0631c17a4fb1ff0b625c50c6cb6c8ce90a1ae62c5e60e14bf3d915ad509c

SHA512
2180e46a5a2ea1f59c879b729806ca02a232c66660f29c338c1fa7fbee2afa4b13d8777d1f7b63cf831eb42f3e55282d70aa8e53f40616b8a6e4d695c36e313d

Download Submit
\??\c:\8fb80513af922e55f42912d619e0505e\2052\LocalizedData.xml

Filesize
30KB

MD5
52b1dc12ce4153aa759fb3bbe04d01fc

SHA1
bf21f8591c473d1fce68a9faf1e5942f486f6eba

SHA256
d1735c8cfd8e10ba019d70818c19fa865e7c72f30ab6421a3748408f85fb96c3

SHA512
418903ae9a7baebf73d055e4774ff1917fbaab9ee7ed8c120c34bb10e7303f6dd7b7dae701596d4626387a30ae1b4d329a9af49b8718b360e2ff619c56c19623

Download Submit
\??\c:\8fb80513af922e55f42912d619e0505e\3082\LocalizedData.xml

Filesize
39KB

MD5
5397a12d466d55d566b4209e0e4f92d3

SHA1
fcffd8961fb487995543fc173521fdf5df6e243b

SHA256
f124d318138ff084b6484deb354cca0f72296e1341bf01169792b3e060c89e89

SHA512
7708f5a2ad3e4c90c4c216600435af87a1557f60caf880a3dd9b5f482e17399af9f0b9de03ff1dbdd210583e0fec5b466e35794ac24d6d37f9bbc094e52fc77b

Download Submit
\??\c:\8fb80513af922e55f42912d619e0505e\DHTMLHeader.html

Filesize
13KB

MD5
2f7c8f1228b8d6ae5674a5fc71f0eceb

SHA1
bf579f712fc4a92bfffb095dc47592d3d44b5cf5

SHA256
54693db0f0b9f0e64b1a40eaf31f6f661026ee4140c89b5610fcb850d9c3ac4d

SHA512
d5718f942e3165acd1cc7b27c9bcc46afb1115ab59d80aa3c0f16c17fd56acbd6296d8cd6e3f66e171497f5701e055148a4e7abcbe888ebccb5a7562ce60414a

Download Submit
\??\c:\8fb80513af922e55f42912d619e0505e\ParameterInfo.xml

Filesize
8KB

MD5
66590f13f4c9ba563a9180bdf25a5b80

SHA1
d6d9146faeec7824b8a09dd6978e5921cc151906

SHA256
bf787b8c697ce418f9d4c07260f56d1145ca70db1cc4b1321d37840837621e8f

SHA512
aba67c66c2f3d9b3c9d71d64511895f15f696be8be0eedd2d6908e1203c4b0cf318b366f9f3cd9c3b3b8c0770462f83e6eea73e304c43f88d0cbedf69e7c92b3

Download Submit
\??\c:\8fb80513af922e55f42912d619e0505e\Setup.exe

Filesize
76KB

MD5
006f8a615020a4a17f5e63801485df46

SHA1
78c82a80ebf9c8bf0c996dd8bc26087679f77fea

SHA256
d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be

SHA512
c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76

Download Submit
\??\c:\8fb80513af922e55f42912d619e0505e\SetupEngine.dll

Filesize
41KB

MD5
2ce89b538356e670e62750b1f33bd0ac

SHA1
7d3617a83245b67330d989419fb34a77273cd4ea

SHA256
751321dc3254ead521ec8c09a6ca8ef2003b4b39e2d0c65227c6054cd19c5638

SHA512
9604e55920c3977e0dcdeae81ba3107fe8cce9b07eae5dee799d993029ea00fad16f6c3c71ea20d886fd3e28c5bdc54a4125286a9b28d3a2566ddb7325519f38

Download Submit
\??\c:\8fb80513af922e55f42912d619e0505e\SetupUi.dll

Filesize
288KB

MD5
eb881e3dddc84b20bd92abcec444455f

SHA1
e2c32b1c86d4f70e39de65e9ebc4f361b24ff4a1

SHA256
11565d97287c01d22ad2e46c78d8a822fa3e6524561d4c02dfc87e8d346c44e7

SHA512
5750cec73b36a3f19bfb055f880f3b6498a7ae589017333f6272d26f1c72c6f475a3308826268a098372bbb096b43fbd1e06e93eecc0a81046668228bc179a75

Download Submit
\??\c:\8fb80513af922e55f42912d619e0505e\SetupUi.xsd

Filesize
29KB

MD5
2fadd9e618eff8175f2a6e8b95c0cacc

SHA1
9ab1710a217d15b192188b19467932d947b0a4f8

SHA256
222211e8f512edf97d78bc93e1f271c922d5e91fa899e092b4a096776a704093

SHA512
a3a934a8572ff9208d38cf381649bd83de227c44b735489fd2a9dc5a636ead9bb62459c9460ee53f61f0587a494877cd3a3c2611997be563f3137f8236ffc4ca

Download Submit
\??\c:\8fb80513af922e55f42912d619e0505e\Strings.xml

Filesize
13KB

MD5
332adf643747297b9bfa9527eaefe084

SHA1
670f933d778eca39938a515a39106551185205e9

SHA256
e49545feeae22198728ad04236e31e02035af7cc4d68e10cbecffd08669cbeca

SHA512
bea95ce35c4c37b4b2e36cc1e81fc297cc4a8e17b93f10423a02b015ddb593064541b5eb7003560fbeee512ed52869a113a6fb439c1133af01f884a0db0344b0

Download Submit
\??\c:\8fb80513af922e55f42912d619e0505e\UiInfo.xml

Filesize
35KB

MD5
812f8d2e53f076366fa3a214bb4cf558

SHA1
35ae734cfb99bb139906b5f4e8efbf950762f6f0

SHA256
0d36a884a8381778bea71f5f9f0fc60cacadebd3f814679cb13414b8e7dbc283

SHA512
1dcc3ef8c390ca49fbcd50c02accd8cc5700db3594428e2129f79feb81e4cbbeef1b4a10628b2cd66edf31a69ed39ca2f4e252ad8aa13d2f793fca5b9a1eaf23

Download Submit
\??\c:\8fb80513af922e55f42912d619e0505e\graphics\print.ico

Filesize
1KB

MD5
7e55ddc6d611176e697d01c90a1212cf

SHA1
e2620da05b8e4e2360da579a7be32c1b225deb1b

SHA256
ff542e32330b123486797b410621e19eafb39df3997e14701afa4c22096520ed

SHA512
283d381aa396820b7e15768b20099d67688da1f6315ec9f7938c2fcc3167777502cded0d1beddf015a34cc4e5d045bcb665ffd28ba2fbb6faf50fdd38b31d16e

Download Submit
\??\c:\8fb80513af922e55f42912d619e0505e\graphics\save.ico

Filesize
1KB

MD5
7d62e82d960a938c98da02b1d5201bd5

SHA1
194e96b0440bf8631887e5e9d3cc485f8e90fbf5

SHA256
ae041c8764f56fd89277b34982145d16fc59a4754d261c861b19371c3271c6e5

SHA512
ab06b2605f0c1f6b71ef69563c0c977d06c6ea84d58ef7f2baecba566d6037d1458c2b58e6bfd70ddef47dccbdea6d9c2f2e46dea67ea9e92457f754d7042f67

Download Submit
\??\c:\8fb80513af922e55f42912d619e0505e\graphics\setup.ico

Filesize
35KB

MD5
3d25d679e0ff0b8c94273dcd8b07049d

SHA1
a517fc5e96bc68a02a44093673ee7e076ad57308

SHA256
288e9ad8f0201e45bc187839f15aca79d6b9f76a7d3c9274c80f5d4a4c219c0f

SHA512
3bde668004ca7e28390862d0ae9903c756c16255bdbb3f7e73a5b093ce6a57a3165d6797b0a643b254493149231aca7f7f03e0af15a0cbe28aff02f0071ec255

Download Submit
\??\c:\8fb80513af922e55f42912d619e0505e\graphics\stop.ico

Filesize
9KB

MD5
5dfa8d3abcf4962d9ec41cfc7c0f75e3

SHA1
4196b0878c6c66b6fa260ab765a0e79f7aec0d24

SHA256
b499e1b21091b539d4906e45b6fdf490d5445256b72871aece2f5b2562c11793

SHA512
69a13d4348384f134ba93c9a846c6760b342e3a7a2e9df9c7062088105ac0b77b8a524f179efb1724c0ce168e01ba8bb46f2d6fae39cabe32cab9a34fc293e4a

Download Submit
\??\c:\8fb80513af922e55f42912d619e0505e\sqmapi.dll

Filesize
47KB

MD5
c4ac0aa1013c5f3a2a98c0e43b78a31b

SHA1
77fb9510e43e2751b043a6ddd95c10e5fd4274d6

SHA256
55a44e4943d0264aae6723be94ebefab3be2e2964582f16c4ffc54bdf49cc54f

SHA512
01b2a944d7e3b35036ec992a5d5a709c865d0ee7ad2a50cd53f3e15c257d405d6349078a097d50a240c76fa08d594a43e31dca48a5b134d733006c750f2dcb4d

Download Submit
memory/3368-97-0x0000000001390000-0x0000000001391000-memory.dmp

Filesize
4KB

Download
memory/3368-102-0x0000000001390000-0x0000000001391000-memory.dmp

Filesize
4KB

Download