Overview
overview
7Static
static
3Terraria_R...2_.exe
windows10-1703-x64
3Redist/dot...up.exe
windows10-1703-x64
7Redist/dxwebsetup.exe
windows10-1703-x64
7Redist/vcr...86.exe
windows10-1703-x64
7Redist/xna...st.msi
windows10-1703-x64
6Terraria.exe
windows10-1703-x64
3TerrariaServer.exe
windows10-1703-x64
3small-games.info.url
windows10-1703-x64
7start-server.bat
windows10-1703-x64
3steam_api.dll
windows10-1703-x64
1uninstall.exe
windows10-1703-x64
7$PLUGINSDI...LL.dll
windows10-1703-x64
3Analysis
-
max time kernel
128s -
max time network
142s -
platform
windows10-1703_x64 -
resource
win10-20240221-en -
resource tags
arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system -
submitted
04/04/2024, 13:32
Static task
static1
Behavioral task
behavioral1
Sample
Terraria_Rus_v1.1.2_.exe
Resource
win10-20240221-en
Behavioral task
behavioral2
Sample
Redist/dotNetFx40_Full_setup.exe
Resource
win10-20240319-en
Behavioral task
behavioral3
Sample
Redist/dxwebsetup.exe
Resource
win10-20240221-en
Behavioral task
behavioral4
Sample
Redist/vcredist_x86.exe
Resource
win10-20240221-en
Behavioral task
behavioral5
Sample
Redist/xnafx40_redist.msi
Resource
win10-20240221-en
Behavioral task
behavioral6
Sample
Terraria.exe
Resource
win10-20240221-en
Behavioral task
behavioral7
Sample
TerrariaServer.exe
Resource
win10-20240214-en
Behavioral task
behavioral8
Sample
small-games.info.url
Resource
win10-20240221-en
Behavioral task
behavioral9
Sample
start-server.bat
Resource
win10-20240221-en
Behavioral task
behavioral10
Sample
steam_api.dll
Resource
win10-20240221-en
Behavioral task
behavioral11
Sample
uninstall.exe
Resource
win10-20240221-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10-20240221-en
General
-
Target
steam_api.dll
-
Size
121KB
-
MD5
fbeb939ec32ffa442a59b164f396d197
-
SHA1
de0ca0d90ae03c0e5031a880fb11256b5a5eb64e
-
SHA256
f4893648c923c55c0b90ff8fa3e8431997e355d5976a620faf9151671d99a01d
-
SHA512
f7debd53d0fb9de741015202c484e29ad86e31377448b301812744b8269d3390e93c70fbb133d23e1558cdf3f8808ab4726dd566af1ec9cdc492a96b3a143b72
-
SSDEEP
1536:Z+rkG7lV2h9DAzbaBvI5ZZSPRq4RJtTMjjwJxGmi0It/bXtndaIxSC6D:Iz2hSaWow4Jwmut/rHaFD
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4996 wrote to memory of 4140 4996 rundll32.exe 72 PID 4996 wrote to memory of 4140 4996 rundll32.exe 72 PID 4996 wrote to memory of 4140 4996 rundll32.exe 72