d40ddf0c8dbc80b316043f424972fd0dd1949aa4a5f9d11b8cf8d39a29c9d6df

Analysis

max time kernel
143s
max time network
28s
platform
windows7_x64
resource
win7-20240221-it
resource tags

arch:x64arch:x86image:win7-20240221-itlocale:it-itos:windows7-x64systemwindows
submitted
13-03-2024 13:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup_recettear_an_item_shops_tale_2.0.0.2.exe
Size

444.3MB
MD5

5eea5de53fa8d68b13824518e5faf617
SHA1

f55bfa0c2291d426aad1f87a4736d88a4e97024f
SHA256

d40ddf0c8dbc80b316043f424972fd0dd1949aa4a5f9d11b8cf8d39a29c9d6df
SHA512

ce6f7b4c7d79c771315c6c1e91a4a0cc5b94fa63030cba98ac174728f695eb43e99dbdea795df30e2a5364d2b56b5e4412a2345d78fa835736e21cda3ceba0f4
SSDEEP

12582912:5NvUgbz9djmJLtSb3kgnKkxA33E9IlY2oJW+2J:5J5BBmRXgnxy6imH2J

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1404	setup_recettear_an_item_shops_tale_2.0.0.2.tmp

Loads dropped DLL 8 IoCs

pid	Process
1068	setup_recettear_an_item_shops_tale_2.0.0.2.exe
1404	setup_recettear_an_item_shops_tale_2.0.0.2.tmp
1404	setup_recettear_an_item_shops_tale_2.0.0.2.tmp
1404	setup_recettear_an_item_shops_tale_2.0.0.2.tmp
1404	setup_recettear_an_item_shops_tale_2.0.0.2.tmp
1404	setup_recettear_an_item_shops_tale_2.0.0.2.tmp
1404	setup_recettear_an_item_shops_tale_2.0.0.2.tmp
1404	setup_recettear_an_item_shops_tale_2.0.0.2.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1068 wrote to memory of 1404	1068	setup_recettear_an_item_shops_tale_2.0.0.2.exe	30
PID 1068 wrote to memory of 1404	1068	setup_recettear_an_item_shops_tale_2.0.0.2.exe	30
PID 1068 wrote to memory of 1404	1068	setup_recettear_an_item_shops_tale_2.0.0.2.exe	30
PID 1068 wrote to memory of 1404	1068	setup_recettear_an_item_shops_tale_2.0.0.2.exe	30
PID 1068 wrote to memory of 1404	1068	setup_recettear_an_item_shops_tale_2.0.0.2.exe	30
PID 1068 wrote to memory of 1404	1068	setup_recettear_an_item_shops_tale_2.0.0.2.exe	30
PID 1068 wrote to memory of 1404	1068	setup_recettear_an_item_shops_tale_2.0.0.2.exe	30

C:\Users\Admin\AppData\Local\Temp\setup_recettear_an_item_shops_tale_2.0.0.2.exe
"C:\Users\Admin\AppData\Local\Temp\setup_recettear_an_item_shops_tale_2.0.0.2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1068
- C:\Users\Admin\AppData\Local\Temp\is-6VKAG.tmp\setup_recettear_an_item_shops_tale_2.0.0.2.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-6VKAG.tmp\setup_recettear_an_item_shops_tale_2.0.0.2.tmp" /SL5="$7012E,465156083,242688,C:\Users\Admin\AppData\Local\Temp\setup_recettear_an_item_shops_tale_2.0.0.2.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-D5RPI.tmp\02.Syndicate.png

Filesize
1.1MB

MD5
a3b03ce0a5946e83823ab67d62fc4263

SHA1
8e0df5fa18b5332856c7178c04de30d467d41ecc

SHA256
0535877c36798770ae70d2498dbf782d24ff7f9dbbd0f122c82de0ccfc6f71fc

SHA512
5be75191f596f75a8333f9f5dbe6874c35ef987aa60954f3c0be74fb55fa65a1a92cad0251e6be69e4b83e571dde42a752670b9c387f899b2c61f72f3a76676a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D5RPI.tmp\03.Giants-Citizen-Kabuto.png

Filesize
1.1MB

MD5
04c097cd709db5f21cdb45bdde4780b4

SHA1
10912bfdf322cc8d3031cc088c0277c4c60f9682

SHA256
c99c804a547dab6507c15c25737d204cbc13fe8d71e91177a17d5e5a214a9d5a

SHA512
8387b91e6d0f75ab18ba37eca3dda1055e732db7e79cc08388feef11d04ca4bb98f3a2eb7211dd0b86b11b333a3ce0fe564b3956eb48490a09d80899648b1982

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D5RPI.tmp\04.Beyond-Good-&-Evil.png

Filesize
1.1MB

MD5
09a1c0bd5cc9a98eb1fbfdfe3f0088a1

SHA1
e7f52becab2ee85791f952bbaa241e284642ec18

SHA256
9dccdb83823e116a86f5ae1dee97dd9f1602e6dfa769e1dd416ad46290623b84

SHA512
9adb4e073c5ba5e291fc0df810f9aad7d4ce3b6edc326d0d484274ea71b6c586e363c22c94c4f69f2a50c5de7acc3d83589add45557fdab137e6784533878db9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D5RPI.tmp\04.Carmageddon-Max-Pack.png

Filesize
1010KB

MD5
2c49c35f31f5df5e96029df661a0ae74

SHA1
9acbfd9f961a1af7d03f3a79f08325774da74afd

SHA256
6a8513601c5a9e130c952b5f727fc6131430ecc699e29f6d3e1cae458740bef3

SHA512
90e2d6f505dfa00addd36cf571234c323e7f07fa2dff2591a34307eccb2d4188adfd2cc82a75844b441e63680be73b7b9d454534a2796f640daee123cf09c168

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D5RPI.tmp\05.Psychonauts.png

Filesize
1.2MB

MD5
e50d7371254fda6b0a8d1f892daaaf4d

SHA1
9cc9198dbd87f4c7829a96209d465d2aea8d06df

SHA256
e3a61fc05d7381c1b201ad06e39ee07fb0573a56c17100360001e57071f1bb65

SHA512
55f47ae839efe66ff57acbe1f62f277c6838439b6f255eeda163d4e9cbe65533bf0227ce112a007e9d68abd06c7d51a65fcaa354f34c9c711aa1dfa36b6b82cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D5RPI.tmp\06.Thief-II.png

Filesize
1011KB

MD5
81c52d0d48b007ea74cd8a167011c4a4

SHA1
bdb94ff36032e3b94dced441506f0777ec4a2644

SHA256
28ec000c84c9a8fea3bbaa96081b59068da6e573f6f08646def7eec01a12d651

SHA512
5ac0dd13c21021b80c2c5e2bc51d22ac44c40e8a0c2efc50f7be9732c9225ef78f3ba1b40af04040b8a83e03548044cbd477caea231538046cd729c1c915f817

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D5RPI.tmp\07.Rayman-Forever.png

Filesize
1.0MB

MD5
82830e0104487ea417c74e8441c5d07d

SHA1
346571a856c562ec086a5b992e7c492b846ad567

SHA256
ea1c5d75f9356758b0c4be73b3b18cd290b17fd53b7c968ee6e0b5186f16e393

SHA512
eb5e6a42b7ce6dd98c3f778737fabf7abe87409dd504c9c38814494e658318693851e250ef204e2401e26aba9bdf6609fa3a6569248a7524b38e90351e8f3302

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D5RPI.tmp\1441875624.ini

Filesize
915B

MD5
de3f5543c611e91dfda2159002967fc0

SHA1
436ca5c221527f035ec76776d72bdaae66d8e72f

SHA256
5bbe6fb516dc35ca783b9c4b3cd1e62f5386f7f1edd984fb0ae9b055ea7209fd

SHA512
48f56076225682c72152cfe4c5ef0a34b92617bafd15d26e004075fd9e0b4e21d605437f8f325f6c6b5033334d4b29c3737fd9c8aa1784b5aec20a42e3b7ae53

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D5RPI.tmp\BigOK.png

Filesize
3KB

MD5
5b43a5d975a53f4fc1da67ce9f7784c1

SHA1
8543fa1e471030049942252b23cb22e0880c3af5

SHA256
59d8bb3e87a89ef523c0495addce38d69560af42aaa82f56dd41b12e6612c13a

SHA512
5dd5c4e9859a555a4a32da76f5231b44f7556274c6501da530b2cdd570bcb4675f710bee708322a40ed3ef9280c0d652b4e7ef0e9eaf128c08534f59291917f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D5RPI.tmp\EULAAccepted.png

Filesize
2KB

MD5
461dfeb75927bdb39f9db5348612a611

SHA1
b7893b1fff6801e37ee7337d876962a09184941e

SHA256
0de278f5ca6d8570d9bda592268a14a28b87d3631fea2d25721947397aaab79c

SHA512
68528cf45c81c2c024a672f42c2cd6d4f72c015b443f103ca21deb8ee2bec4f4027490e7f33b5338a87537b5bf7f255f2828aed149f622155ec89cc81687651b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D5RPI.tmp\EULAShow.png

Filesize
1KB

MD5
c596bc9111edc702bbbb29b70984254f

SHA1
d4712c7b91ff4f8994e7907d31357c42eb47c738

SHA256
6112851daea2aaa7174e8cfac4a0f61c968bc090342503804c476eff47cc2462

SHA512
db50d0a39ec644873a03d64552fff1776cc94f016e8dfc8918e65aee94f7529a6de4637567b5e65c4ea988f3775785c4b52c2d96fe8dbc52b1e21ff59c737c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D5RPI.tmp\background.jpg

Filesize
388KB

MD5
2c3557a57cd021068344e4ebfd2bccb4

SHA1
3f3fafe927939072bbc3f7d1894e306ad0a052b1

SHA256
56229066775703c1d203ca8e035f2fdc00b6e7650f9cc04bfe32e9b7d5560ca3

SHA512
baaaba6808edba04433667b43b2dfc673275a2374a7089630ca606ab261b70429fc8fff792d04929e57388559fedc8a7fc91c2d691350047b3115d30508b630f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D5RPI.tmp\btn_md5.png

Filesize
8KB

MD5
3befe9739354ee24a0b1ea8df05ce274

SHA1
ab0bda986a8c46aa19f57b75a2b7b22445a3c625

SHA256
b0193ab375f604fa4a25cabdea8f713babde1c07ab562ffc5679352c8e01db47

SHA512
ac016a59e0bfc9b22c376ae5d498c5660893a983d932b2bd502dabe032883c69e79ea8d93c2db49f95415c3cdb068e9f7d1d85527a4f9e68e065a989852d09dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D5RPI.tmp\error.png

Filesize
726B

MD5
df10adc25b673e74e19971c17bee5a98

SHA1
ee16fb1cf9491f5e611282f0574b27d76fede412

SHA256
142b16dc6239421691fa6e619d1a61e61176d89fa018a88b46893c29a57aad8b

SHA512
dc3de10e0321966cbbfb2e57b3b41da6f26dff0c7233a47469da58775b5c471e6b5181e4d4ffc81ef8b83dbcad74ccc1aad7678518f99c9185a441d2a23e010f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D5RPI.tmp\ok.png

Filesize
1KB

MD5
103c1368e60806b1b7995a0894eacf87

SHA1
971392527f6e4b655044773132505c901a6b5469

SHA256
0d37d4421a39ca8852eb6760b8e914302bdc6cfcc7b170dc1b6c9bb9be148b7e

SHA512
652177e94438aff102f2ed873b26f0985ebed134763852b49b1ca2698463c1dbeb85152f19c8e18d397229ec5cb2cd1d17c61d454ab7c425a2cab540adc8228a

Download Submit
\Users\Admin\AppData\Local\Temp\is-6VKAG.tmp\setup_recettear_an_item_shops_tale_2.0.0.2.tmp

Filesize
1.3MB

MD5
6e7a2cb953eae23d52af247687419092

SHA1
953e4b42cd60dfae24b59ae310230628964ac091

SHA256
c4aac5f2e941be354a61d9e469546939a15eab3da5df6e9d70d097ec8993dc15

SHA512
ac93b7559ca98e31c3216c552f4ac4819eface29f613c9812eea4957e4c00443c4ec8fa77e22fbbe2bcdf4a7ff20c8c352ad8ff274372f8702fe68fbc4bcaee5

Download Submit
\Users\Admin\AppData\Local\Temp\is-D5RPI.tmp\GameuxInstallHelper.dll

Filesize
94KB

MD5
4d3ac88054df63fc810427bdaa96c458

SHA1
e4d554e03ba91f6b53a2a80253b339f56e303c94

SHA256
b07ffcd0af80f6b9fba09abe816ba2f0ff0d336639f1768fc317291bc635ece6

SHA512
d4732ad89bbb19b316dff1b9c534acf98bb985c89d1295f08e24b21531123426500b3712979dda2f0e941a5969c0cbca15bbd52f6c167653f96a494a6677ca54

Download Submit
\Users\Admin\AppData\Local\Temp\is-D5RPI.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-D5RPI.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
\Users\Admin\AppData\Local\Temp\is-D5RPI.tmp\crcdll.dll

Filesize
69KB

MD5
1d51fac9e2384eeb674199cfd5281d7d

SHA1
861dfdc121357d605d0cc3793266713788109eb2

SHA256
23e90ce5a1f2d634a7bf5d5d0522fafeea6df9e536e16f5ce91035d5197128ec

SHA512
921b00adfe43b883200960e8d0958d4e6b97f6d5cfc096ee277766a3e44cc7805a20877a4edf8bd4d9102bb71a20ac218a9a512f4f76bd751d3ef14f4e0a6eda

Download Submit
\Users\Admin\AppData\Local\Temp\is-D5RPI.tmp\get_hw_caps.dll

Filesize
76KB

MD5
2e35d2894df3b691dbd8e0d4f4c84efc

SHA1
d0fc14963e397d185e9f2d7dea1d07bc6308d5b9

SHA256
869079ba362cbc560d673db290248ec2aa075a74f22a82d90621f1118f8e1c4d

SHA512
29ba662ab2e77aef0547ff76213a1b6ef52be27a446923790a27cf8b69377621048387dbb9f22001b6d15837dddada84c7350614ec9622258319658822705f90

Download Submit
\Users\Admin\AppData\Local\Temp\is-D5RPI.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
memory/1068-1-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/1068-201-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/1404-21-0x0000000002ED0000-0x0000000002EE5000-memory.dmp

Filesize
84KB

Download
memory/1404-8-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1404-200-0x00000000070D0000-0x00000000071D0000-memory.dmp

Filesize
1024KB

Download
memory/1404-67-0x0000000007360000-0x000000000736E000-memory.dmp

Filesize
56KB

Download
memory/1404-202-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/1404-203-0x0000000002ED0000-0x0000000002EE5000-memory.dmp

Filesize
84KB

Download
memory/1404-204-0x0000000007360000-0x000000000736E000-memory.dmp

Filesize
56KB

Download
memory/1404-209-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1404-210-0x00000000070D0000-0x00000000071D0000-memory.dmp

Filesize
1024KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads