a89795a9baa1c9e0fff552f3d0ee7d81e9ef3565750462617220b4d86d089cba

Resubmissions

14-03-2024 07:01

240314-htlfnadc8w 7

14-03-2024 06:59

240314-hsdpesdc5v 7

14-03-2024 06:52

240314-hnee6afd65 7

Analysis

max time kernel
162s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14-03-2024 06:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Supermarket Simulator 0.1.1.1 to 0.1.2.exe
Size

28.9MB
MD5

05cf83a49484c1361d211c6e600b6fc5
SHA1

e2cec391a25615aad8dddca7d1c743893fc99707
SHA256

a89795a9baa1c9e0fff552f3d0ee7d81e9ef3565750462617220b4d86d089cba
SHA512

457a8d743aa25ca884599a364ef33d60fa7984c6829da22cf3a302b7be4282d8886246f107ed5d74c5878f8f1444cbe480e14756077cadb3ad1f3225cae7aed1
SSDEEP

786432:Pk+fabSzGhsh8ViciYScwzCQFkrixM99NHNxl+XMo:MpSzE4PciL4rsqHNxE

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp

Loads dropped DLL 10 IoCs

pid	Process
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2088	216	WerFault.exe	96
3120	216	WerFault.exe	96

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
216	Supermarket Simulator 0.1.1.1 to 0.1.2.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5056 wrote to memory of 216	5056	Supermarket Simulator 0.1.1.1 to 0.1.2.exe	96
PID 5056 wrote to memory of 216	5056	Supermarket Simulator 0.1.1.1 to 0.1.2.exe	96
PID 5056 wrote to memory of 216	5056	Supermarket Simulator 0.1.1.1 to 0.1.2.exe	96

C:\Users\Admin\AppData\Local\Temp\Supermarket Simulator 0.1.1.1 to 0.1.2.exe
"C:\Users\Admin\AppData\Local\Temp\Supermarket Simulator 0.1.1.1 to 0.1.2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5056
- C:\Users\Admin\AppData\Local\Temp\is-RG2P4.tmp\Supermarket Simulator 0.1.1.1 to 0.1.2.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-RG2P4.tmp\Supermarket Simulator 0.1.1.1 to 0.1.2.tmp" /SL5="$50160,29942592,121344,C:\Users\Admin\AppData\Local\Temp\Supermarket Simulator 0.1.1.1 to 0.1.2.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:216
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 216 -s 1016
    3⤵
    - Program crash
    PID:2088
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 216 -s 1040
    3⤵
    - Program crash
    PID:3120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 216 -ip 216
1⤵
PID:1960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 216 -ip 216
1⤵
PID:1932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
1⤵
PID:1236

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2368

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:1608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-MKL0R.tmp\BASS.dll

Filesize
109KB

MD5
36946ab0740fa086bfc8b8a86260eee9

SHA1
57e154464dd247f14ec90de065d7be685dcc1293

SHA256
9ac13f9bc5564fd8a1eab5f7c945dce1c27940dd63a913108eac64481ddde6af

SHA512
51a090119c36f19c8b008d52f1faf76ee1d511e151df777c577cf91da84300a8474d7e17004e3f374434b2d16eb1da3cfaee853e47528f9a1f6fb8bab71ed3e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MKL0R.tmp\VclStylesInno.dll

Filesize
1.5MB

MD5
4814eb0e940fcbb6367c5eef4a102c0d

SHA1
250689efbc8484d62e52f293a12ae1e7114001f8

SHA256
21dbfb05b2cad24342bfc9920ed8c2dc373b74948252cfa83fcd68c74968cd7e

SHA512
f2ed38640ae6e989f11de962c50c201025015a1a976e9fd2f1794f4a312f0a9501fbbec418f93556347e98f0bc774014b85e8cb3ae56b1b219341f7df08059f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MKL0R.tmp\VclStylesInno.dll

Filesize
1.5MB

MD5
66fd14a6aaf0f7fc08e8a2941b95b5a0

SHA1
06bd8960abcc9a2383d272e4a32d71571b98ad4d

SHA256
a7b6aa521ec5081765df00241ac6c013ce8d52d23a15edfc53bb1b2e0f01e9d1

SHA512
301853c5362ae922a44bb97caacf22d9882602656e457a934af240d3ff3b584933a5c77b5df00e05f6a386d7361b3fc798a911a7c2ab72c2ed5111b14da334cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MKL0R.tmp\crc32c.dll

Filesize
5KB

MD5
e2867743d26b705b350a0747197ddb70

SHA1
38de462110fa4457b7844c3ac23bff314ea2cf1b

SHA256
1062674d8e10298beabe1a8b24dea7ffc04a12f131491524fd326bb1aa3d8892

SHA512
07caec90c76790030d218c2ea85403801b9c1d1e7fe915cf3dd673ff5c7a97befcfdbd2403c4798debd505c049d77ff465937545087923e3b45a7c5dc7d9ce43

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MKL0R.tmp\crc32c.dll

Filesize
8KB

MD5
f492f93f7798625506b6ee97d00452e9

SHA1
7cbd3ef64678ddad2da249fc534466ba240236bb

SHA256
52a805d14971190720320083101e915c7f122c17a5078f57630751576bc85456

SHA512
c31ab08222f78acd6920633519499285a85647846caea9eaf91e2781fe63900e81a2043bd9b042bfce96879f5c0c5fdbfa009cf871983dc9d59bebcec181b5e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MKL0R.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MKL0R.tmp\isproc.dll

Filesize
16KB

MD5
4bafb0739c5fcd96be991f2a3cc9ac2f

SHA1
9372b03e4515660f732bf6338c4d7e183a78d2ee

SHA256
7f74f1c445bf5e9456aae6fae695a8ca60e1d0eb5a2f44ac2cf0239a71f1a8a1

SHA512
095946b16020d52beb25b4037775af8bbf6a7f15b56e260a1bf90af5ccadc11cbcb78c80540f087597a2df6bf5d6b2c8358249aed121ef68e96a302a9fb2ec55

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MKL0R.tmp\wintb.dll

Filesize
16KB

MD5
9436df49e08c83bad8ddc906478c2041

SHA1
a4fa6bdd2fe146fda2e78fdbab355797f53b7dce

SHA256
1910537aa95684142250ca0c7426a0b5f082e39f6fbdbdba649aecb179541435

SHA512
f9dc6602ab46d709efdaf937dcb8ae517caeb2bb1f06488c937be794fd9ea87f907101ae5c7f394c7656a6059dc18472f4a6747dcc8cc6a1e4f0518f920cc9bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RG2P4.tmp\Supermarket Simulator 0.1.1.1 to 0.1.2.tmp

Filesize
1.1MB

MD5
34acc2bdb45a9c436181426828c4cb49

SHA1
5adaa1ac822e6128b8d4b59a54d19901880452ae

SHA256
9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

SHA512
134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

Download Submit
memory/216-46-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-51-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-21-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-22-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-24-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-25-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-23-0x00000000034B0000-0x00000000034B1000-memory.dmp

Filesize
4KB

Download
memory/216-26-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/216-27-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-30-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-31-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-32-0x0000000007950000-0x0000000007951000-memory.dmp

Filesize
4KB

Download
memory/216-29-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/216-33-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-34-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-28-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-36-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-35-0x0000000007960000-0x0000000007961000-memory.dmp

Filesize
4KB

Download
memory/216-37-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-40-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-39-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-41-0x0000000007980000-0x0000000007981000-memory.dmp

Filesize
4KB

Download
memory/216-42-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-43-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-44-0x0000000007990000-0x0000000007991000-memory.dmp

Filesize
4KB

Download
memory/216-38-0x0000000007970000-0x0000000007971000-memory.dmp

Filesize
4KB

Download
memory/216-45-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-19-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-47-0x00000000079A0000-0x00000000079A1000-memory.dmp

Filesize
4KB

Download
memory/216-50-0x00000000079B0000-0x00000000079B1000-memory.dmp

Filesize
4KB

Download
memory/216-52-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-54-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-53-0x00000000079C0000-0x00000000079C1000-memory.dmp

Filesize
4KB

Download
memory/216-20-0x00000000034A0000-0x00000000034A1000-memory.dmp

Filesize
4KB

Download
memory/216-49-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-55-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-57-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-58-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-59-0x00000000079E0000-0x00000000079E1000-memory.dmp

Filesize
4KB

Download
memory/216-56-0x00000000079D0000-0x00000000079D1000-memory.dmp

Filesize
4KB

Download
memory/216-48-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-60-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-61-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-63-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-62-0x00000000079F0000-0x00000000079F1000-memory.dmp

Filesize
4KB

Download
memory/216-64-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-66-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-67-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-65-0x0000000007A00000-0x0000000007A01000-memory.dmp

Filesize
4KB

Download
memory/216-18-0x0000000003330000-0x0000000003470000-memory.dmp

Filesize
1.2MB

Download
memory/216-72-0x0000000007A10000-0x0000000007A25000-memory.dmp

Filesize
84KB

Download
memory/216-77-0x00000000747C0000-0x0000000074810000-memory.dmp

Filesize
320KB

Download
memory/216-110-0x0000000007B30000-0x0000000007B41000-memory.dmp

Filesize
68KB

Download
memory/216-101-0x0000000007A10000-0x0000000007A25000-memory.dmp

Filesize
84KB

Download
memory/216-86-0x0000000007B30000-0x0000000007B48000-memory.dmp

Filesize
96KB

Download
memory/216-17-0x0000000003490000-0x0000000003491000-memory.dmp

Filesize
4KB

Download
memory/216-85-0x0000000007B30000-0x0000000007B41000-memory.dmp

Filesize
68KB

Download
memory/216-15-0x0000000007620000-0x000000000784E000-memory.dmp

Filesize
2.2MB

Download
memory/216-6-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/216-97-0x0000000003470000-0x0000000003471000-memory.dmp

Filesize
4KB

Download
memory/216-98-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/216-99-0x000000006B080000-0x000000006B08D000-memory.dmp

Filesize
52KB

Download
memory/216-100-0x0000000007620000-0x000000000784E000-memory.dmp

Filesize
2.2MB

Download
memory/5056-80-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/5056-1-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/5056-114-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download