Overview
overview
7Static
static
3CRUMB.Circ...PF.exe
windows7-x64
1CRUMB.Circ...PF.exe
windows10-2004-x64
7CRUMB.Circ...ly.dll
windows7-x64
1CRUMB.Circ...ly.dll
windows10-2004-x64
1CRUMB.Circ...it.dll
windows7-x64
1CRUMB.Circ...it.dll
windows10-2004-x64
1CRUMB.Circ...ET.dll
windows7-x64
1CRUMB.Circ...ET.dll
windows10-2004-x64
1CRUMB.Circ...64.exe
windows7-x64
1CRUMB.Circ...64.exe
windows10-2004-x64
1CRUMB.Circ...er.dll
windows7-x64
1CRUMB.Circ...er.dll
windows10-2004-x64
1CRUMB.Circ...rt.exe
windows7-x64
1CRUMB.Circ...rt.exe
windows10-2004-x64
1CRUMB.Circ...mp.dll
windows7-x64
1CRUMB.Circ...mp.dll
windows10-2004-x64
1CRUMB.Circ...or.dll
windows7-x64
1CRUMB.Circ...or.dll
windows10-2004-x64
1CRUMB.Circ...pi.dll
windows7-x64
1CRUMB.Circ...pi.dll
windows10-2004-x64
1CRUMB.Circ...pi.dll
windows7-x64
1CRUMB.Circ...pi.dll
windows10-2004-x64
1CRUMB.Circ...mp.dll
windows7-x64
1CRUMB.Circ...mp.dll
windows10-2004-x64
1CRUMB.Circ...or.dll
windows7-x64
1CRUMB.Circ...or.dll
windows10-2004-x64
1CRUMB.Circ...pe.dll
windows7-x64
1CRUMB.Circ...pe.dll
windows10-2004-x64
1CRUMB.Circ...ed.dll
windows7-x64
1CRUMB.Circ...ed.dll
windows10-2004-x64
1CRUMB.Circ...64.dll
windows7-x64
1CRUMB.Circ...64.dll
windows10-2004-x64
1Analysis
-
max time kernel
120s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
28/06/2024, 13:14
Static task
static1
Behavioral task
behavioral1
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/CRUMBWPF.exe
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral2
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/CRUMBWPF.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/GameAssembly.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral4
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/GameAssembly.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/ICSharpCode.AvalonEdit.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral6
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/ICSharpCode.AvalonEdit.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/Steamworks.NET.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral8
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/Steamworks.NET.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/UnityCrashHandler64.exe
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral10
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/UnityCrashHandler64.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/UnityPlayer.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral12
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/UnityPlayer.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/Viewport.exe
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral14
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/Viewport.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/Viewport_Data/Plugins/x86/CroutDecomp.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral16
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/Viewport_Data/Plugins/x86/CroutDecomp.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/Viewport_Data/Plugins/x86/LUFactor.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral18
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/Viewport_Data/Plugins/x86/LUFactor.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/Viewport_Data/Plugins/x86/steam_api.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral20
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/Viewport_Data/Plugins/x86/steam_api.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/Viewport_Data/Plugins/x86/steam_api.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/Viewport_Data/Plugins/x86/steam_api.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/Viewport_Data/Plugins/x86_64/CroutDecomp.dll
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral24
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/Viewport_Data/Plugins/x86_64/CroutDecomp.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/Viewport_Data/Plugins/x86_64/LUFactor.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral26
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/Viewport_Data/Plugins/x86_64/LUFactor.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/Viewport_Data/Plugins/x86_64/NativeNamedPipe.dll
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral28
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/Viewport_Data/Plugins/x86_64/NativeNamedPipe.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/Viewport_Data/Plugins/x86_64/lib_burst_generated.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral30
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/Viewport_Data/Plugins/x86_64/lib_burst_generated.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/Viewport_Data/Plugins/x86_64/steam_api64.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral32
Sample
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/Viewport_Data/Plugins/x86_64/steam_api64.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
General
-
Target
CRUMB.Circuit.Simulator/CRUMB.Circuit.Simulator/Viewport_Data/Plugins/x86_64/NativeNamedPipe.dll
-
Size
13KB
-
MD5
f2d62b3bf17c1bd524843aa6d2db1fad
-
SHA1
5a122cf6dedc3392382fbe9773298414a7b097e7
-
SHA256
441a50efc75d22adaa125b9da4b15cee1a441449c9b9a06eca2b4fc02ec6d14a
-
SHA512
183de68f8b1dccd12908bb3004ff8438203a7c7bf86ff7652fe5aa23556598680d9bcaa00de879675e4ad1f4ae61402d6e56f4dd5598fbb1e4b4b421a36f8561
-
SSDEEP
96:CivGNV/b9NtjC1qcyg7HaCbYBX6g/1AcqE27uJalqHlEgPAHPVSlFKwQgy3b+Q+x:3G/DtQCvBqg/3EqHlEDKQj3b+HxYRn
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1156 wrote to memory of 1680 1156 rundll32.exe 28 PID 1156 wrote to memory of 1680 1156 rundll32.exe 28 PID 1156 wrote to memory of 1680 1156 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\CRUMB.Circuit.Simulator\CRUMB.Circuit.Simulator\Viewport_Data\Plugins\x86_64\NativeNamedPipe.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1156 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1156 -s 802⤵PID:1680
-