553b3f3b413e2f29dc857f1cf4e4c67c8f0715e3530e260dd2ac26041d2c7807

Analysis

max time kernel
1790s
max time network
1587s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
27/05/2024, 20:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

The.Escapists.v1.37/setup_the_escapists_escape_team_1.37_jingle_cells_update_(37718).exe
Size

16.9MB
MD5

085cb5c6bf4b4d663a20fafacbc00155
SHA1

f24a66cd4521b7230304e553b7d8b6e49f997e69
SHA256

9668043f73d61ba2417af4139509759b26adaecac127f4589466ec2c667ec39d
SHA512

01d1d49e6a8d58784aa121dae21b61ed3ced2b3229b27919b9bb3cc7f99442e47f641a7bbaf881ca7c334ffffd65b7c0a156b3b2b00ad84adf8ba4c517013939
SSDEEP

393216:IPfpEt0QiT+ylaeg+erc2rHX8dxSCiPCeER8Ody2eCkR6bwHHLcnd:5klTbErHX8dwCiPRER8P2HWW

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4672	setup_the_escapists_escape_team_1.37_jingle_cells_update_(37718).tmp

Loads dropped DLL 6 IoCs

pid	Process
4672	setup_the_escapists_escape_team_1.37_jingle_cells_update_(37718).tmp
4672	setup_the_escapists_escape_team_1.37_jingle_cells_update_(37718).tmp
4672	setup_the_escapists_escape_team_1.37_jingle_cells_update_(37718).tmp
4672	setup_the_escapists_escape_team_1.37_jingle_cells_update_(37718).tmp
4672	setup_the_escapists_escape_team_1.37_jingle_cells_update_(37718).tmp
4672	setup_the_escapists_escape_team_1.37_jingle_cells_update_(37718).tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 4672	2780	setup_the_escapists_escape_team_1.37_jingle_cells_update_(37718).exe	74
PID 2780 wrote to memory of 4672	2780	setup_the_escapists_escape_team_1.37_jingle_cells_update_(37718).exe	74
PID 2780 wrote to memory of 4672	2780	setup_the_escapists_escape_team_1.37_jingle_cells_update_(37718).exe	74

C:\Users\Admin\AppData\Local\Temp\The.Escapists.v1.37\setup_the_escapists_escape_team_1.37_jingle_cells_update_(37718).exe
"C:\Users\Admin\AppData\Local\Temp\The.Escapists.v1.37\setup_the_escapists_escape_team_1.37_jingle_cells_update_(37718).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Users\Admin\AppData\Local\Temp\is-QHB8E.tmp\setup_the_escapists_escape_team_1.37_jingle_cells_update_(37718).tmp
  "C:\Users\Admin\AppData\Local\Temp\is-QHB8E.tmp\setup_the_escapists_escape_team_1.37_jingle_cells_update_(37718).tmp" /SL5="$70228,17110085,192512,C:\Users\Admin\AppData\Local\Temp\The.Escapists.v1.37\setup_the_escapists_escape_team_1.37_jingle_cells_update_(37718).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-815RJ.tmp\1424782569_english.jpg

Filesize
189KB

MD5
5c28d7f381c8d98041726772d1d20d3f

SHA1
12901dfc251f79f4c47c2a967fd6b720a74b0ab8

SHA256
5f4fb89c3b7ae8dd2bf98bc0fa867b08fd1f9de27ebae18643d5d8b6c451a50e

SHA512
285d941427ae40dc8ad6d430f249e4e9f455f42839a8e4edce9c08690540df8bba8a3d1e737fc879e55c07f8a3611fbc01c1e7cf80cc71d38b015c18cb868a9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-815RJ.tmp\1436885062_english.jpg

Filesize
202KB

MD5
8bb58a71a92c11f8795fdf43213309ee

SHA1
f1d21f00b6ea5557226561dc98a6684978670b01

SHA256
3c9bf1922d78b735272077d0d00777c365e7a4136eef515f8b98df899349b7a1

SHA512
46b560abc4e6fead375568f0b9c77a562684c06f31c8874db04d2be58a41a7aea3417a71f997a6ba087602ad9e9f918e54e25ead9067c67d1834a255d240f301

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-815RJ.tmp\BigOK.png

Filesize
3KB

MD5
5b43a5d975a53f4fc1da67ce9f7784c1

SHA1
8543fa1e471030049942252b23cb22e0880c3af5

SHA256
59d8bb3e87a89ef523c0495addce38d69560af42aaa82f56dd41b12e6612c13a

SHA512
5dd5c4e9859a555a4a32da76f5231b44f7556274c6501da530b2cdd570bcb4675f710bee708322a40ed3ef9280c0d652b4e7ef0e9eaf128c08534f59291917f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-815RJ.tmp\EULAAccepted.png

Filesize
2KB

MD5
461dfeb75927bdb39f9db5348612a611

SHA1
b7893b1fff6801e37ee7337d876962a09184941e

SHA256
0de278f5ca6d8570d9bda592268a14a28b87d3631fea2d25721947397aaab79c

SHA512
68528cf45c81c2c024a672f42c2cd6d4f72c015b443f103ca21deb8ee2bec4f4027490e7f33b5338a87537b5bf7f255f2828aed149f622155ec89cc81687651b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-815RJ.tmp\EULAShow.png

Filesize
1KB

MD5
c596bc9111edc702bbbb29b70984254f

SHA1
d4712c7b91ff4f8994e7907d31357c42eb47c738

SHA256
6112851daea2aaa7174e8cfac4a0f61c968bc090342503804c476eff47cc2462

SHA512
db50d0a39ec644873a03d64552fff1776cc94f016e8dfc8918e65aee94f7529a6de4637567b5e65c4ea988f3775785c4b52c2d96fe8dbc52b1e21ff59c737c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-815RJ.tmp\background.jpg

Filesize
318KB

MD5
09b3b9b9f7b0de8abdb9e1bb4fbe0ea6

SHA1
5edb42353d1be581108184ac607bc3f03295a95a

SHA256
48f12e400c9c51c7abad8a3387e129684b681868e05a7a5ddc60e1881b244d01

SHA512
513e330ca2859b1b1702f1b2a20e589793f855b1d0f18b2f1e7260096638183f249ec190d46fab0ce531e331d9277663b8b453594b4bcf96fa4bb76cc79917a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-815RJ.tmp\btn_md5.png

Filesize
8KB

MD5
3befe9739354ee24a0b1ea8df05ce274

SHA1
ab0bda986a8c46aa19f57b75a2b7b22445a3c625

SHA256
b0193ab375f604fa4a25cabdea8f713babde1c07ab562ffc5679352c8e01db47

SHA512
ac016a59e0bfc9b22c376ae5d498c5660893a983d932b2bd502dabe032883c69e79ea8d93c2db49f95415c3cdb068e9f7d1d85527a4f9e68e065a989852d09dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-815RJ.tmp\error.png

Filesize
726B

MD5
df10adc25b673e74e19971c17bee5a98

SHA1
ee16fb1cf9491f5e611282f0574b27d76fede412

SHA256
142b16dc6239421691fa6e619d1a61e61176d89fa018a88b46893c29a57aad8b

SHA512
dc3de10e0321966cbbfb2e57b3b41da6f26dff0c7233a47469da58775b5c471e6b5181e4d4ffc81ef8b83dbcad74ccc1aad7678518f99c9185a441d2a23e010f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-815RJ.tmp\error_icon.png

Filesize
1KB

MD5
263720c4b8bb111567a2a49989b8f467

SHA1
cf346fa3c70164648e0eaf72a37c6f4920ab4792

SHA256
acdf96ee4261fae138e6350a0ad50b367022ed5b908fa168baad92644f566ee8

SHA512
94f06a81dc735cf264abde86e6169e5fd78d873d2e926fd48287d2ac5208fc930c3c432186e3510add002bd1b4ae32ad8d35270b17c3ce5f18c43764a8e9de43

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-815RJ.tmp\ok.png

Filesize
1KB

MD5
103c1368e60806b1b7995a0894eacf87

SHA1
971392527f6e4b655044773132505c901a6b5469

SHA256
0d37d4421a39ca8852eb6760b8e914302bdc6cfcc7b170dc1b6c9bb9be148b7e

SHA512
652177e94438aff102f2ed873b26f0985ebed134763852b49b1ca2698463c1dbeb85152f19c8e18d397229ec5cb2cd1d17c61d454ab7c425a2cab540adc8228a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-815RJ.tmp\slideshow.ini

Filesize
270B

MD5
1c27a50900e7e0dc49c1b4880e7960b5

SHA1
41de5bb0d42a9fd80557dfda5adca3902246e600

SHA256
eb4a504d3f6898c820db0dceb7ac3506772ddb23e3e2f0625c8d99915bd627e8

SHA512
0c258d799c10714f993f0ea18e1d23015d2108bf6d5349d725617982af9a71b99d997d5163858447a851dd62d80ae5b41a5807cf43f20dd2d0aea344f377390a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QHB8E.tmp\setup_the_escapists_escape_team_1.37_jingle_cells_update_(37718).tmp

Filesize
1.3MB

MD5
4cb6105ee6d5c33b12d72e8860ade21f

SHA1
59029ff7b5cedcfd9a677add2798019b9310ef25

SHA256
57f6000c925e6781c936fc7f7276cc8b119c04f8c4df6d5b0c28a58b208acd21

SHA512
101126cf9c35efc84818c554e08f27f96a6cdd8c83562a8fcacca00ebf39a30182dd97f5152e55f8f967e06f05747c8eddfe4166c5e5d6e3d0352e01a571abd7

Download Submit
\Users\Admin\AppData\Local\Temp\is-815RJ.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
\Users\Admin\AppData\Local\Temp\is-815RJ.tmp\crcdll.dll

Filesize
69KB

MD5
1d51fac9e2384eeb674199cfd5281d7d

SHA1
861dfdc121357d605d0cc3793266713788109eb2

SHA256
23e90ce5a1f2d634a7bf5d5d0522fafeea6df9e536e16f5ce91035d5197128ec

SHA512
921b00adfe43b883200960e8d0958d4e6b97f6d5cfc096ee277766a3e44cc7805a20877a4edf8bd4d9102bb71a20ac218a9a512f4f76bd751d3ef14f4e0a6eda

Download Submit
\Users\Admin\AppData\Local\Temp\is-815RJ.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
\Users\Admin\AppData\Local\Temp\is-815RJ.tmp\uninstall.dll

Filesize
691KB

MD5
7db706c324cc9b6fda497d081eed6e26

SHA1
ca97392e573af0cf61bfa3301801a85f2beea44c

SHA256
cc685dbcf798549ad1a51c1dde45462e2a451ec59f48ee91219182a3871cd5b0

SHA512
8edf1494d57d5e708faaff4170f21f435658be897a6fe0acf243ced0701a7fd574b3c973c5bc5e8d92815e966c98977e69ac1e3083ab00c11b072115527ffa19

Download Submit
memory/2780-143-0x0000000001190000-0x00000000011C9000-memory.dmp

Filesize
228KB

Download
memory/2780-2-0x0000000001191000-0x00000000011A2000-memory.dmp

Filesize
68KB

Download
memory/2780-0-0x0000000001190000-0x00000000011C9000-memory.dmp

Filesize
228KB

Download
memory/4672-147-0x0000000003040000-0x000000000304E000-memory.dmp

Filesize
56KB

Download
memory/4672-6-0x0000000000FC0000-0x0000000000FC1000-memory.dmp

Filesize
4KB

Download
memory/4672-142-0x0000000003620000-0x0000000003621000-memory.dmp

Filesize
4KB

Download
memory/4672-60-0x0000000003040000-0x000000000304E000-memory.dmp

Filesize
56KB

Download
memory/4672-15-0x0000000005700000-0x00000000057B7000-memory.dmp

Filesize
732KB

Download
memory/4672-145-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4672-144-0x0000000001270000-0x00000000013C2000-memory.dmp

Filesize
1.3MB

Download
memory/4672-146-0x0000000005700000-0x00000000057B7000-memory.dmp

Filesize
732KB

Download
memory/4672-153-0x0000000000FC0000-0x0000000000FC1000-memory.dmp

Filesize
4KB

Download
memory/4672-158-0x0000000003040000-0x000000000304E000-memory.dmp

Filesize
56KB

Download
memory/4672-156-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads