630bb768660838447cb5f7be8a676488cf0de0ccbc914f685e0761be6a57ce17

Analysis

max time kernel
315s
max time network
390s
platform
windows10-1703_x64
resource
win10-20240221-es
resource tags

arch:x64arch:x86image:win10-20240221-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
11/03/2024, 22:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Gacha Launcher.exe
Size

11.1MB
MD5

240f411792646893cffbff0a173266b7
SHA1

dac3954cedad187dd25947b80a380f5a562c4e85
SHA256

630bb768660838447cb5f7be8a676488cf0de0ccbc914f685e0761be6a57ce17
SHA512

f8edec5135eddb12d2fead878b357c33e90b2a30f4f0fd476a7e5cbef5e655a341cef1f666cb69b6badf7fb73de863b2715053e96a652ce6810c315f25397d02
SSDEEP

196608:SavaICteErowdNE+sKsXXg+W+TA32/1q3+dgS41k9nuKjxnwuou0W8/LBmIk+x2:UInEro+sKkXg+W+TA3oq3+d9L9nuKjxj

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 16 IoCs

pid	Process
4624	Gacha Launcher.exe
4624	Gacha Launcher.exe
4624	Gacha Launcher.exe
4624	Gacha Launcher.exe
4624	Gacha Launcher.exe
4624	Gacha Launcher.exe
4624	Gacha Launcher.exe
4624	Gacha Launcher.exe
4624	Gacha Launcher.exe
4624	Gacha Launcher.exe
4624	Gacha Launcher.exe
4624	Gacha Launcher.exe
4624	Gacha Launcher.exe
4624	Gacha Launcher.exe
4624	Gacha Launcher.exe
4624	Gacha Launcher.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4256 wrote to memory of 4624	4256	Gacha Launcher.exe	73
PID 4256 wrote to memory of 4624	4256	Gacha Launcher.exe	73

C:\Users\Admin\AppData\Local\Temp\Gacha Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Gacha Launcher.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4256
- C:\Users\Admin\AppData\Local\Temp\Gacha Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\Gacha Launcher.exe"
  2⤵
  - Loads dropped DLL
  PID:4624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI42562\_lzma.pyd

Filesize
149KB

MD5
80da699f55ca8ed4df2d154f17a08583

SHA1
fbd6c7f3c72a6ba4185394209e80373177c2f8d7

SHA256
2e3fd65c4e02c99a61344ce59e09ec7fde74c671db5f82a891732e1140910f20

SHA512
15ea7cd4075940096a4ab66778a0320964562aa4ae2f6e1acbe173cd5da8855977c66f019fd343cfe8dacc3e410edf933bce117a4e9b542182bad3023805fd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42562\_tkinter.pyd

Filesize
59KB

MD5
c76da9cb5af654367036201cd6b77a96

SHA1
3a8a41c728cfc17556dcb0cbcd762aae4cbc8239

SHA256
e616f850e6905d5f5f1c821a5c39360090444555c1444f97bd2313f4cb99aaf4

SHA512
d91b1027d2ff6e3491c62f2fbc9942e75d76795cc9d48fef423378d69eb8d813add17c8dacb4cea252c5f2cc13b8550057dae41a1de8ffdb720099efca66370c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42562\base_library.zip

Filesize
1.0MB

MD5
d93a486d04fc582b2a00007f1a8c64e2

SHA1
74bc3e610e4507a94622cbf90a11cca67595b5a3

SHA256
60a48703b232801d7e035ca57450a30f4637eb501d59276d5a563bde0751cdd2

SHA512
32c87c4ff9a05bd72556078cae221ffd576890c7e20a6ac4ca82d72dc599de292d8fd41185c894ed1f7571d2dd270317fec73668289d5ae1a47274be4ca59c7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42562\libcrypto-1_1.dll

Filesize
3.3MB

MD5
63c4f445b6998e63a1414f5765c18217

SHA1
8c1ac1b4290b122e62f706f7434517077974f40e

SHA256
664c3e52f914e351bb8a66ce2465ee0d40acab1d2a6b3167ae6acf6f1d1724d2

SHA512
aa7bdb3c5bc8aeefbad70d785f2468acbb88ef6e6cac175da765647030734453a2836f9658dc7ce33f6fff0de85cb701c825ef5c04018d79fa1953c8ef946afd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42562\python310.dll

Filesize
4.3MB

MD5
316ce972b0104d68847ab38aba3de06a

SHA1
ca1e227fd7f1cfb1382102320dadef683213024b

SHA256
34f0e44a0d089587e1ea48c1cc4c3164a1819c6db27a7c1b746af46d6388c26e

SHA512
a11da6590a71d977c62b1c26c275763413f6a455e6d85fa052654d05d845dbbe8122bbd8e0a23887f9873d4291382ebbd5df19674ad2dda1cf0ff3206054939b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42562\sqlite3.dll

Filesize
1.4MB

MD5
29725c00f4e6a3035bb12ca64a20a2f3

SHA1
3f27663b93a75e5595cb4bb48509d31055d86ff6

SHA256
20290d47f466c31d5f412eca9f412a9b1d45aa5c2be3d9719f9a12b970c635f4

SHA512
a6f8d56b44a982ff7585ba52de05ba1bc026f2982a1d0bec80cf2add8a10bd64475c8fb8f8c5f4308d807be036bad0958931e67cffc489547181faa2d39a59ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42562\tcl86t.dll

Filesize
704KB

MD5
fd4101f0d0e644f9ae5f47c618b6fc69

SHA1
b3d5b5eae3ac2a225b781f5d50d813cba34812ae

SHA256
8863f77541da4efe0be33c95384536330dbbf457e89afcc293180a7a66dcc7cc

SHA512
887fab068209c1391bc36ee0dd9f69b9c72c08a8df6a7477d8ddc10b3cfb934c7a141b112e56894b620f24e2b628ceb2644220dc7451e5f0231d50eed1cfc1d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42562\tcl\encoding\cp1252.enc

Filesize
1KB

MD5
e9117326c06fee02c478027cb625c7d8

SHA1
2ed4092d573289925a5b71625cf43cc82b901daf

SHA256
741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e

SHA512
d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42562\tk86t.dll

Filesize
576KB

MD5
8dc04f576707ff7f444e3f830aaef7c2

SHA1
a9a68d62eb4b66189f6d1cd974a3d72f04c5309d

SHA256
9abf505f1c317f2fc0e0d00ecac239f9d584cb5f7002fd9bee43bbd0e1a19425

SHA512
fd2223fde362ef744c5a3f8528a83e880bdc922661e8e0246891057005634a44c5b3c5411ce6814ccb9ab0e8b1c9f70b6edf33a9aa00d43dc83573c2c7ff32e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42562\ucrtbase.dll

Filesize
1.1MB

MD5
b76f01ae50ce43187be1d701b51ca644

SHA1
cb59f1ff16f8f3996646930f02d3090422c64a02

SHA256
903806c8888e3c9ac0212ed50be6889c21cf4fd12f49931da8b548b5326a0bf8

SHA512
d0962bdc5439c7068d67e59d6434606581744daf41a628c083ae147936074f489b44dca8dd737a6766dcdc2b99a2cb7e5cbc79e13e0d9b661f77acd13a9c5300

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI42562\VCRUNTIME140.dll

Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI42562\_bz2.pyd

Filesize
78KB

MD5
e877e39cc3c42ed1f5461e2d5e62fc0f

SHA1
156f62a163aca4c5c5f6e8f846a1edd9b073ed7e

SHA256
4b1d29f19adaf856727fa4a1f50eee0a86c893038dfba2e52f26c11ab5b3672f

SHA512
d6579d07ede093676cdca0fb15aa2de9fcd10ff4675919ab689d961de113f6543edbceecf29430da3f7121549f5450f4fe43d67b9eab117e2a7d403f88501d51

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI42562\_hashlib.pyd

Filesize
57KB

MD5
4fb84e5d3f58453d7ccbf7bcc06266a0

SHA1
15fd2d345ec3a7f4d337450d4f55d1997fae0694

SHA256
df47255c100d9cc033a14c7d60051abe89c24da9c60362fe33cdf24c19651f7c

SHA512
1ca574e9e58ced8d4b2a87a119a2db9874cd1f6cedef5d7cbf49abf324fb0d9fb89d8aac7e7dfefbeb00f6834719ed55110bcb36056e0df08b36576ffd4db84c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI42562\_socket.pyd

Filesize
72KB

MD5
7f25ab4019e6c759fc77383f523ef9af

SHA1
5e6748ce7f6753195117fdc2820996b49fd8d3af

SHA256
d0497b79345b2c255f6274baea6ac44b74f345e111ab25bf6c91af9b2a3f3b95

SHA512
a179b22c61f661e4d9b17f56b6a7f66f2d8d8e1d2a9a8aca3c4d6a9cb7755ce6d223bfbca817c1098692a39b6fc20ffbdacefd9bfb47ff02ffa47badca437514

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI42562\_sqlite3.pyd

Filesize
91KB

MD5
485aa66e439a3fe177dc41ca99c47764

SHA1
804c3e453f033f32e7550f5665b4275e68b8addd

SHA256
89d32e0206c06cdd196c1dc97a7540d8893eb31ec4703c996494ac68ca62dc7d

SHA512
d40eec1e2a63f141752f4a8390db1f20720601cce6ce98f16f7f2bbbc41234d1b290dee2399e9b0e65774751bc6c4c39a3c200adda1e78b1362d293420c3506b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI42562\_ssl.pyd

Filesize
152KB

MD5
cf2f95ecf1a72f8670177c081eedeb04

SHA1
6652f432c86718fed9a83be93e66ea5755986709

SHA256
ba6025ab22d8e6c5ad53c66dc919f219a542e87540502905609b33dc0a8dddd8

SHA512
7e5df920f6acb671e78078e9c4fa3278ae838ea6bef49c0ae44de6a79923a3d7bccf0fb3f0e477ca5092e23450494dee265d8735b24d8026456e1328f6fe8b2e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI42562\libssl-1_1.dll

Filesize
678KB

MD5
bd857f444ebbf147a8fcd1215efe79fc

SHA1
1550e0d241c27f41c63f197b1bd669591a20c15b

SHA256
b7c0e42c1a60a2a062b899c8d4ebd0c50ef956177ba21785ce07c517c143aeaf

SHA512
2b85c1521edeadf7e118610d6546fafbbad43c288a7f0f9d38d97c4423a541dfac686634cde956812916830fbb4aad8351a23d95cd490c4a5c0f628244d30f0a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI42562\python310.dll

Filesize
2.8MB

MD5
0365f7ad6d7401d5c91bf8e6b8b21d51

SHA1
b4aa5a01f388b41d5e2e1c6bf0f768d91e51559a

SHA256
43489ba57ef298353b7541d8ef20a4051cc2b429905b922d4be662af166eed23

SHA512
82339030c8785ba35e91704d51896a3b72c124e94eacdcff77d99bada8fb3c7d993ca7d7f7abea83097608c7f5d2da63d5f53f922bc5dcfc2bd194d19aa25443

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI42562\select.pyd

Filesize
24KB

MD5
589f030c0baa8c47f7f8082a92b834f5

SHA1
6c0f575c0556b41e35e7272f0f858dcf90c192a7

SHA256
b9ef1709ed4cd0fd72e4c4ba9b7702cb79d1619c11554ea06277f3dac21bd010

SHA512
6761c0e191795f504fc2d63fd866654869d8819c101de51df78ff071a8985541eec9a9659626dfcb31024d25fd47eff42caa2ae85cc0deb8a11113675fac8500

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI42562\tcl86t.dll

Filesize
24KB

MD5
3f90c06b0b005145c41c20268398ac89

SHA1
a5dc42b886263c6cab5579c30f6d57da0dde078b

SHA256
c51154f6936fff8adc693f58f4c2ad8a3366b2b650b813f9fed921d403f937c5

SHA512
b8a69d561139c4336b51297ee25683598c64a44feec221dfe76f00adf7dbf4b417eba25bb05ef4b55083432e9644cf1f87dd4132282e0883c7edb7eaf5cb8628

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI42562\tk86t.dll

Filesize
64KB

MD5
d8c7e562199aabfee39c49cfc3ff1c69

SHA1
ebd1fa8a455ca1c84f093fae2a73eac9c7f3d48d

SHA256
e247f67a4086d5943ec6493351158668c5841ee10beb88be0496e5f601972558

SHA512
94b98f32c2867b627da3e1a4da609135fea585dab4818c578bc432b9b5f6759e7e3814130c546bdbb557264e01eeb9e1afe782aa3217fcba58e11227a89b8949

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads