Overview
overview
7Static
static
3Terraria_R...2_.exe
windows10-1703-x64
3Redist/dot...up.exe
windows10-1703-x64
7Redist/dxwebsetup.exe
windows10-1703-x64
7Redist/vcr...86.exe
windows10-1703-x64
7Redist/xna...st.msi
windows10-1703-x64
6Terraria.exe
windows10-1703-x64
3TerrariaServer.exe
windows10-1703-x64
3small-games.info.url
windows10-1703-x64
7start-server.bat
windows10-1703-x64
3steam_api.dll
windows10-1703-x64
1uninstall.exe
windows10-1703-x64
7$PLUGINSDI...LL.dll
windows10-1703-x64
3Analysis
-
max time kernel
140s -
max time network
155s -
platform
windows10-1703_x64 -
resource
win10-20240221-en -
resource tags
arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system -
submitted
04/04/2024, 13:32
Static task
static1
Behavioral task
behavioral1
Sample
Terraria_Rus_v1.1.2_.exe
Resource
win10-20240221-en
Behavioral task
behavioral2
Sample
Redist/dotNetFx40_Full_setup.exe
Resource
win10-20240319-en
Behavioral task
behavioral3
Sample
Redist/dxwebsetup.exe
Resource
win10-20240221-en
Behavioral task
behavioral4
Sample
Redist/vcredist_x86.exe
Resource
win10-20240221-en
Behavioral task
behavioral5
Sample
Redist/xnafx40_redist.msi
Resource
win10-20240221-en
Behavioral task
behavioral6
Sample
Terraria.exe
Resource
win10-20240221-en
Behavioral task
behavioral7
Sample
TerrariaServer.exe
Resource
win10-20240214-en
Behavioral task
behavioral8
Sample
small-games.info.url
Resource
win10-20240221-en
Behavioral task
behavioral9
Sample
start-server.bat
Resource
win10-20240221-en
Behavioral task
behavioral10
Sample
steam_api.dll
Resource
win10-20240221-en
Behavioral task
behavioral11
Sample
uninstall.exe
Resource
win10-20240221-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10-20240221-en
General
-
Target
start-server.bat
-
Size
123B
-
MD5
3798fb8eb473c4a6311314c6923ff485
-
SHA1
0ac527028375eb760fbcb917a6016857ceffedbc
-
SHA256
131e7ea3f8e4ae359fef01a689ec0c6e113752712cb86624f5705333ac6a41f3
-
SHA512
31164ab7a32e16a448a2c06b9ef3c6c74c7f898e0ba312767b5fe2d44cfbe1a562f844203ac9e3c0334855e81f30649304acc85e97c83be7bc9481d927005755
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3352 4356 WerFault.exe 74 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4856 wrote to memory of 4356 4856 cmd.exe 74 PID 4856 wrote to memory of 4356 4856 cmd.exe 74 PID 4856 wrote to memory of 4356 4856 cmd.exe 74
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\start-server.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:4856 -
C:\Users\Admin\AppData\Local\Temp\TerrariaServer.exeTerrariaServer.exe -config serverconfig.txt2⤵PID:4356
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 8003⤵
- Program crash
PID:3352
-
-