21fbcab3c652d5af9efe57454d60d5a5057773e1c234ed16ae14233724502b44

Resubmissions

04-07-2024 06:50

240704-hlz9va1gld 7

26-09-2023 18:23

230926-w1zthsea33 10

Analysis

max time kernel
1191s
max time network
1147s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 06:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

undertalefree.exe
Size

126.7MB
MD5

69a1054bcf85084cc4bc33e332f1844d
SHA1

a3db1a7c5a07ea07c31d40ab4c7685215ac4f170
SHA256

21fbcab3c652d5af9efe57454d60d5a5057773e1c234ed16ae14233724502b44
SHA512

f57df05d2d5db04cb48a1d72070ac5d76ae29620cca314817fbfbb30d42c2150115ac510acb216095115c210fe2eee80575ffc78a36fd455e72e4de9492b4f81
SSDEEP

3145728:WSHIqNWvNc0rn+0fslfSob+5Framz9LQMj5jMgQN7:WytNAfcSob2NaoLQ+7c7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1620	undertalefree.tmp

Loads dropped DLL 5 IoCs

pid	Process
1620	undertalefree.tmp
1620	undertalefree.tmp
1620	undertalefree.tmp
1620	undertalefree.tmp
1620	undertalefree.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3852 wrote to memory of 1620	3852	undertalefree.exe	89
PID 3852 wrote to memory of 1620	3852	undertalefree.exe	89
PID 3852 wrote to memory of 1620	3852	undertalefree.exe	89

C:\Users\Admin\AppData\Local\Temp\undertalefree.exe
"C:\Users\Admin\AppData\Local\Temp\undertalefree.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3852
- C:\Users\Admin\AppData\Local\Temp\is-V0E3Q.tmp\undertalefree.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-V0E3Q.tmp\undertalefree.tmp" /SL5="$B004C,132362071,185856,C:\Users\Admin\AppData\Local\Temp\undertalefree.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-U44AR.tmp\1207658702_english.jpg

Filesize
195KB

MD5
ed224bf981e588b310321e3364cde5cd

SHA1
b3a7c43742304b6541bd83b04104ba0511103cd9

SHA256
988c25e3d92bbce791a012beabe67b70d0f708fe658a75304261f9699de0c063

SHA512
9c1ee058e5adeb765b435c4de9b1c9d211dbfec1d6d9b78abb5c38887d21a9920d35cb61b8139662b03acc5b74132c4bf267a91927587ab59b490cdf519e3902

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-U44AR.tmp\1449139823_english.jpg

Filesize
192KB

MD5
c86d1d0ecf523cbc44a0f3cff1f81586

SHA1
a906d195974ef3afd6d7da7d820dcc9a4efe3987

SHA256
5091f3f1bd82d677b364080052f9166a0b85ae179c6ab6bbd6b87f4203c14e1f

SHA512
fab06cea1446b58abeece64a7e4bcd5e9f8a6ca75aa2255ae65f3e5d88c81abd17be9946e3702a30d7978660ec363c73c4e9483678558e8a79ffdfcaafd24bba

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-U44AR.tmp\BigOK.png

Filesize
3KB

MD5
5b43a5d975a53f4fc1da67ce9f7784c1

SHA1
8543fa1e471030049942252b23cb22e0880c3af5

SHA256
59d8bb3e87a89ef523c0495addce38d69560af42aaa82f56dd41b12e6612c13a

SHA512
5dd5c4e9859a555a4a32da76f5231b44f7556274c6501da530b2cdd570bcb4675f710bee708322a40ed3ef9280c0d652b4e7ef0e9eaf128c08534f59291917f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-U44AR.tmp\EULAAccepted.png

Filesize
2KB

MD5
461dfeb75927bdb39f9db5348612a611

SHA1
b7893b1fff6801e37ee7337d876962a09184941e

SHA256
0de278f5ca6d8570d9bda592268a14a28b87d3631fea2d25721947397aaab79c

SHA512
68528cf45c81c2c024a672f42c2cd6d4f72c015b443f103ca21deb8ee2bec4f4027490e7f33b5338a87537b5bf7f255f2828aed149f622155ec89cc81687651b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-U44AR.tmp\EULAShow.png

Filesize
1KB

MD5
c596bc9111edc702bbbb29b70984254f

SHA1
d4712c7b91ff4f8994e7907d31357c42eb47c738

SHA256
6112851daea2aaa7174e8cfac4a0f61c968bc090342503804c476eff47cc2462

SHA512
db50d0a39ec644873a03d64552fff1776cc94f016e8dfc8918e65aee94f7529a6de4637567b5e65c4ea988f3775785c4b52c2d96fe8dbc52b1e21ff59c737c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-U44AR.tmp\background.jpg

Filesize
308KB

MD5
79dd8f2494aef70c997f7627449d7e9d

SHA1
6fc00daa1c26ee76a90a55e39e0c3a72cf4b36e7

SHA256
502d1b67b2a2b390753fdcafd9b5f33c97796b580eaff893ba7360931092989f

SHA512
3af7da0eb62a38a3a4445cd0bd563a8fc7c3010830228d2bc075ae7b5bf990ca20bef806116c60d4a367548a821587328ab0509ab8ba73e6fdfc0a7be30a6c78

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-U44AR.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-U44AR.tmp\btn_md5.png

Filesize
8KB

MD5
3befe9739354ee24a0b1ea8df05ce274

SHA1
ab0bda986a8c46aa19f57b75a2b7b22445a3c625

SHA256
b0193ab375f604fa4a25cabdea8f713babde1c07ab562ffc5679352c8e01db47

SHA512
ac016a59e0bfc9b22c376ae5d498c5660893a983d932b2bd502dabe032883c69e79ea8d93c2db49f95415c3cdb068e9f7d1d85527a4f9e68e065a989852d09dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-U44AR.tmp\crcdll.dll

Filesize
69KB

MD5
1d51fac9e2384eeb674199cfd5281d7d

SHA1
861dfdc121357d605d0cc3793266713788109eb2

SHA256
23e90ce5a1f2d634a7bf5d5d0522fafeea6df9e536e16f5ce91035d5197128ec

SHA512
921b00adfe43b883200960e8d0958d4e6b97f6d5cfc096ee277766a3e44cc7805a20877a4edf8bd4d9102bb71a20ac218a9a512f4f76bd751d3ef14f4e0a6eda

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-U44AR.tmp\error.png

Filesize
726B

MD5
df10adc25b673e74e19971c17bee5a98

SHA1
ee16fb1cf9491f5e611282f0574b27d76fede412

SHA256
142b16dc6239421691fa6e619d1a61e61176d89fa018a88b46893c29a57aad8b

SHA512
dc3de10e0321966cbbfb2e57b3b41da6f26dff0c7233a47469da58775b5c471e6b5181e4d4ffc81ef8b83dbcad74ccc1aad7678518f99c9185a441d2a23e010f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-U44AR.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-U44AR.tmp\ok.png

Filesize
1KB

MD5
103c1368e60806b1b7995a0894eacf87

SHA1
971392527f6e4b655044773132505c901a6b5469

SHA256
0d37d4421a39ca8852eb6760b8e914302bdc6cfcc7b170dc1b6c9bb9be148b7e

SHA512
652177e94438aff102f2ed873b26f0985ebed134763852b49b1ca2698463c1dbeb85152f19c8e18d397229ec5cb2cd1d17c61d454ab7c425a2cab540adc8228a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-U44AR.tmp\slideshow.ini

Filesize
298B

MD5
dd34f5881d26a40468f4eb1a01aeb892

SHA1
6065a141c70d7eff63a0e879dad4868e1868a3f8

SHA256
23ffd13e24c21c28893f350c1283c8faa856a45ef554ecff9e96442bc51bc214

SHA512
34c7652ff16ce6895c20b63e6d9b33626f14bbbf549fd3662bb17c464f501d08a4cff8dcdcbc153cd7b76da09060d7e42babc683e441f8dbe69438ab9b98bf02

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-V0E3Q.tmp\undertalefree.tmp

Filesize
1.2MB

MD5
3602e9114e7254a36fcd909cfa490c3a

SHA1
198af4c93cbcf2195df4cb4aa42096a799c7f374

SHA256
a153c8db6f20f9c54f4bd1607b2502d3914662caa9615e1c557cf0abd8777bab

SHA512
eb1caf37de29467977088952b782dd1cd97969083ef60a0307aa4dd1dde1a44227ef4a871da775b05665f5fec780294c15d6c0f2d9c275e519054eb4628d7fdf

Download Submit
memory/1620-136-0x0000000002AF0000-0x0000000002AFE000-memory.dmp

Filesize
56KB

Download
memory/1620-6-0x0000000000400000-0x000000000053D000-memory.dmp

Filesize
1.2MB

Download
memory/1620-12-0x00000000029C0000-0x00000000029D5000-memory.dmp

Filesize
84KB

Download
memory/1620-57-0x0000000002AF0000-0x0000000002AFE000-memory.dmp

Filesize
56KB

Download
memory/1620-135-0x00000000029C0000-0x00000000029D5000-memory.dmp

Filesize
84KB

Download
memory/1620-134-0x0000000000400000-0x000000000053D000-memory.dmp

Filesize
1.2MB

Download
memory/1620-144-0x0000000002AF0000-0x0000000002AFE000-memory.dmp

Filesize
56KB

Download
memory/1620-143-0x00000000029C0000-0x00000000029D5000-memory.dmp

Filesize
84KB

Download
memory/3852-0-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/3852-2-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/3852-133-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads