553b3f3b413e2f29dc857f1cf4e4c67c8f0715e3530e260dd2ac26041d2c7807

Analysis

max time kernel
1791s
max time network
1588s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
27-05-2024 20:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

The.Escapists.v1.37/setup_the_escapists_fhurst_peak_correctional_facility_1.37_jingle_cells_update_(37718).exe
Size

5.9MB
MD5

edae66c2efc11b84ad821ebbb70f3cfc
SHA1

961d6377702d2bb748a2856ece7ac76971709689
SHA256

0aceb49b0bba5d19baec09e1d98bab5417ed5411407499f393b5d05ebefdc2bc
SHA512

cf2a3d5f8d8fc8f1091f414e04b00df2295d169e9baa987fdf4192388a58153dfd64bf286b90589a0ed4c99bdbf2fa55143bb447cfddb4e35890ec36bc79752e
SSDEEP

98304:ZP3Lo4OUNPR9RJkmJO/0hzwOHJsOyKnehwawbLGB8t47nmunVYyp5rVLc+5XdBRY:ZP3LbOwRm/0llhehwjbCB8t47nmIdtVk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2952	setup_the_escapists_fhurst_peak_correctional_facility_1.37_jingle_cells_update_(37718).tmp

Loads dropped DLL 7 IoCs

pid	Process
2952	setup_the_escapists_fhurst_peak_correctional_facility_1.37_jingle_cells_update_(37718).tmp
2952	setup_the_escapists_fhurst_peak_correctional_facility_1.37_jingle_cells_update_(37718).tmp
2952	setup_the_escapists_fhurst_peak_correctional_facility_1.37_jingle_cells_update_(37718).tmp
2952	setup_the_escapists_fhurst_peak_correctional_facility_1.37_jingle_cells_update_(37718).tmp
2952	setup_the_escapists_fhurst_peak_correctional_facility_1.37_jingle_cells_update_(37718).tmp
2952	setup_the_escapists_fhurst_peak_correctional_facility_1.37_jingle_cells_update_(37718).tmp
2952	setup_the_escapists_fhurst_peak_correctional_facility_1.37_jingle_cells_update_(37718).tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4628 wrote to memory of 2952	4628	setup_the_escapists_fhurst_peak_correctional_facility_1.37_jingle_cells_update_(37718).exe	73
PID 4628 wrote to memory of 2952	4628	setup_the_escapists_fhurst_peak_correctional_facility_1.37_jingle_cells_update_(37718).exe	73
PID 4628 wrote to memory of 2952	4628	setup_the_escapists_fhurst_peak_correctional_facility_1.37_jingle_cells_update_(37718).exe	73

C:\Users\Admin\AppData\Local\Temp\The.Escapists.v1.37\setup_the_escapists_fhurst_peak_correctional_facility_1.37_jingle_cells_update_(37718).exe
"C:\Users\Admin\AppData\Local\Temp\The.Escapists.v1.37\setup_the_escapists_fhurst_peak_correctional_facility_1.37_jingle_cells_update_(37718).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4628
- C:\Users\Admin\AppData\Local\Temp\is-9VL0M.tmp\setup_the_escapists_fhurst_peak_correctional_facility_1.37_jingle_cells_update_(37718).tmp
  "C:\Users\Admin\AppData\Local\Temp\is-9VL0M.tmp\setup_the_escapists_fhurst_peak_correctional_facility_1.37_jingle_cells_update_(37718).tmp" /SL5="$8011C,5640599,192512,C:\Users\Admin\AppData\Local\Temp\The.Escapists.v1.37\setup_the_escapists_fhurst_peak_correctional_facility_1.37_jingle_cells_update_(37718).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-9VL0M.tmp\setup_the_escapists_fhurst_peak_correctional_facility_1.37_jingle_cells_update_(37718).tmp

Filesize
1.3MB

MD5
b22f3ed5cb0b8cede398ecbd67f149f0

SHA1
61d2edfa7163d622e871ec99e2375bfe2cd6aa8f

SHA256
104086c9f7076d3741c72807be012fc36bf88e084912af75e433afc2c0ca2b24

SHA512
64e86c899cdd5afe57d18a6d59c797dfbe7951f8a372ee251561308d4f79356ad5389d9f027e71c79bf21954361598259f950581c0dd9811a6679e5d07f8e96f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HSBAO.tmp\1207658695_english.jpg

Filesize
192KB

MD5
e01534ea14b21519d0cf88dfeb2e2c00

SHA1
f905d68a693883ee812be63f528b8c6bf0c553e7

SHA256
c02a790879a387a79d55188b4dceba921e06767ac895e7c4c7c2229a05d4bb8b

SHA512
8f8a8b7d7951a89b8f50bc0b80209373ddbc6fac719e01d1eef45ffd6fa26da0e412df4a1dcde7fd8c343b0743e33dc91c78293f4bfe00554ee2dcd24d6ea16d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HSBAO.tmp\1428935726_english.jpg

Filesize
143KB

MD5
319b32ca3b40bbb8c68e4766ce6b9ffd

SHA1
8816a1ac65dbe676b3ada8cf69dd3ffde41fb8b5

SHA256
4d3bdc8e172a98578fc3b60c86f5c6309eb467bc69f58c5e0e59feb735c143e1

SHA512
b373c399e3a5557f7f31b2d2db8f4161ad8f7affb661ff8fb18902fff471e3f98d153bc7886d831b7106f95836e9f9841bfb9a74cc81a215e28d670bc4e355e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HSBAO.tmp\BigOK.png

Filesize
3KB

MD5
5b43a5d975a53f4fc1da67ce9f7784c1

SHA1
8543fa1e471030049942252b23cb22e0880c3af5

SHA256
59d8bb3e87a89ef523c0495addce38d69560af42aaa82f56dd41b12e6612c13a

SHA512
5dd5c4e9859a555a4a32da76f5231b44f7556274c6501da530b2cdd570bcb4675f710bee708322a40ed3ef9280c0d652b4e7ef0e9eaf128c08534f59291917f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HSBAO.tmp\EULAAccepted.png

Filesize
2KB

MD5
461dfeb75927bdb39f9db5348612a611

SHA1
b7893b1fff6801e37ee7337d876962a09184941e

SHA256
0de278f5ca6d8570d9bda592268a14a28b87d3631fea2d25721947397aaab79c

SHA512
68528cf45c81c2c024a672f42c2cd6d4f72c015b443f103ca21deb8ee2bec4f4027490e7f33b5338a87537b5bf7f255f2828aed149f622155ec89cc81687651b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HSBAO.tmp\EULAShow.png

Filesize
1KB

MD5
c596bc9111edc702bbbb29b70984254f

SHA1
d4712c7b91ff4f8994e7907d31357c42eb47c738

SHA256
6112851daea2aaa7174e8cfac4a0f61c968bc090342503804c476eff47cc2462

SHA512
db50d0a39ec644873a03d64552fff1776cc94f016e8dfc8918e65aee94f7529a6de4637567b5e65c4ea988f3775785c4b52c2d96fe8dbc52b1e21ff59c737c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HSBAO.tmp\background.jpg

Filesize
366KB

MD5
ba93f3c1aa26984aa6171134f8cecde5

SHA1
c162deb7e909a40628a80b6ccdd3d3a1ae218cde

SHA256
31ace9eb832505eb0a5859ce2f9ac2b5bedaef0a90d1261ebefb831d9d77bce6

SHA512
0134a0ce417d2de50b4f63b504dfaa0c64ec3f87d2ba7b1425abe4522fed628eadc1e3d70c784caae465174271e936cb5d111c81024573ef1f0e723d58ab47a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HSBAO.tmp\btn_md5.png

Filesize
8KB

MD5
3befe9739354ee24a0b1ea8df05ce274

SHA1
ab0bda986a8c46aa19f57b75a2b7b22445a3c625

SHA256
b0193ab375f604fa4a25cabdea8f713babde1c07ab562ffc5679352c8e01db47

SHA512
ac016a59e0bfc9b22c376ae5d498c5660893a983d932b2bd502dabe032883c69e79ea8d93c2db49f95415c3cdb068e9f7d1d85527a4f9e68e065a989852d09dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HSBAO.tmp\error.png

Filesize
726B

MD5
df10adc25b673e74e19971c17bee5a98

SHA1
ee16fb1cf9491f5e611282f0574b27d76fede412

SHA256
142b16dc6239421691fa6e619d1a61e61176d89fa018a88b46893c29a57aad8b

SHA512
dc3de10e0321966cbbfb2e57b3b41da6f26dff0c7233a47469da58775b5c471e6b5181e4d4ffc81ef8b83dbcad74ccc1aad7678518f99c9185a441d2a23e010f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HSBAO.tmp\error_icon.png

Filesize
1KB

MD5
263720c4b8bb111567a2a49989b8f467

SHA1
cf346fa3c70164648e0eaf72a37c6f4920ab4792

SHA256
acdf96ee4261fae138e6350a0ad50b367022ed5b908fa168baad92644f566ee8

SHA512
94f06a81dc735cf264abde86e6169e5fd78d873d2e926fd48287d2ac5208fc930c3c432186e3510add002bd1b4ae32ad8d35270b17c3ce5f18c43764a8e9de43

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HSBAO.tmp\ok.png

Filesize
1KB

MD5
103c1368e60806b1b7995a0894eacf87

SHA1
971392527f6e4b655044773132505c901a6b5469

SHA256
0d37d4421a39ca8852eb6760b8e914302bdc6cfcc7b170dc1b6c9bb9be148b7e

SHA512
652177e94438aff102f2ed873b26f0985ebed134763852b49b1ca2698463c1dbeb85152f19c8e18d397229ec5cb2cd1d17c61d454ab7c425a2cab540adc8228a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HSBAO.tmp\slideshow.ini

Filesize
294B

MD5
302f64fa9cae2e818f43f4c806d15a64

SHA1
759a6398c0e950360f4c85501ad2958ce840c041

SHA256
a578dcbe961fbcbbc1d2c0dade95e48efed03110b82db26c0a2d4f61284396b5

SHA512
9505658d34e0f23f29c3c20143dfce34058ccd7648fc249fe6b57bcc5eba4ef10d2cfc32b6eda17f66f37d2f26d374c34f558d5a66e9f5e755cb4a9955b2ee97

Download Submit
\Users\Admin\AppData\Local\Temp\is-HSBAO.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
\Users\Admin\AppData\Local\Temp\is-HSBAO.tmp\crcdll.dll

Filesize
69KB

MD5
1d51fac9e2384eeb674199cfd5281d7d

SHA1
861dfdc121357d605d0cc3793266713788109eb2

SHA256
23e90ce5a1f2d634a7bf5d5d0522fafeea6df9e536e16f5ce91035d5197128ec

SHA512
921b00adfe43b883200960e8d0958d4e6b97f6d5cfc096ee277766a3e44cc7805a20877a4edf8bd4d9102bb71a20ac218a9a512f4f76bd751d3ef14f4e0a6eda

Download Submit
\Users\Admin\AppData\Local\Temp\is-HSBAO.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
\Users\Admin\AppData\Local\Temp\is-HSBAO.tmp\uninstall.dll

Filesize
691KB

MD5
7db706c324cc9b6fda497d081eed6e26

SHA1
ca97392e573af0cf61bfa3301801a85f2beea44c

SHA256
cc685dbcf798549ad1a51c1dde45462e2a451ec59f48ee91219182a3871cd5b0

SHA512
8edf1494d57d5e708faaff4170f21f435658be897a6fe0acf243ced0701a7fd574b3c973c5bc5e8d92815e966c98977e69ac1e3083ab00c11b072115527ffa19

Download Submit
memory/2952-149-0x0000000004DF0000-0x0000000004EA7000-memory.dmp

Filesize
732KB

Download
memory/2952-156-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/2952-18-0x0000000004DF0000-0x0000000004EA7000-memory.dmp

Filesize
732KB

Download
memory/2952-6-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/2952-12-0x0000000002D30000-0x0000000002D45000-memory.dmp

Filesize
84KB

Download
memory/2952-159-0x0000000002D30000-0x0000000002D45000-memory.dmp

Filesize
84KB

Download
memory/2952-145-0x0000000002D50000-0x0000000002D51000-memory.dmp

Filesize
4KB

Download
memory/2952-161-0x0000000002CE0000-0x0000000002CEE000-memory.dmp

Filesize
56KB

Download
memory/2952-148-0x0000000002D30000-0x0000000002D45000-memory.dmp

Filesize
84KB

Download
memory/2952-63-0x0000000002CE0000-0x0000000002CEE000-memory.dmp

Filesize
56KB

Download
memory/2952-147-0x0000000000130000-0x0000000000282000-memory.dmp

Filesize
1.3MB

Download
memory/2952-150-0x0000000002CE0000-0x0000000002CEE000-memory.dmp

Filesize
56KB

Download
memory/4628-2-0x00000000013D1000-0x00000000013E2000-memory.dmp

Filesize
68KB

Download
memory/4628-146-0x00000000013D0000-0x0000000001409000-memory.dmp

Filesize
228KB

Download
memory/4628-0-0x00000000013D0000-0x0000000001409000-memory.dmp

Filesize
228KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads