857553432565327af37d29eda84c78e2dcd1f25db5aeb195ea4b203613f12c10

General

Target

SimHubSetup_9.3.9.exe
Size

185.5MB
MD5

8a3b13b54de512db95ece51c5e703473
SHA1

564a08d2b33859d1a5921f0864c64d594bda64dd
SHA256

2887fd46873d646816714976f2edda4817b287fb9ef3676505e11e71cc1ac2da
SHA512

84ede4b02e729f0469b4b58cfd7427742d6f79068829bca40098b07641d99ada3fc279a999b66035df448972da128bd7e2c35ce83ade8542d9c2ab654a82c1b5
SSDEEP

3145728:FR1iRL+jjl/bFhgZJAr4TfzW4OPGoeIt52GwmvofGETxWVtDE9rXtKG+vJzXRZUz:FTiRSPXOZJtTrW4OP+qbweUWVtDwtKGF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

SimHubSetup_9.3.9.tmp

pid process

4716 SimHubSetup_9.3.9.tmp

pid	process
4716	SimHubSetup_9.3.9.tmp

Drops file in Program Files directory 64 IoCs

Processes:

SimHubSetup_9.3.9.tmp

description	ioc	process
File opened for modification	C:\Program Files (x86)\SimHub\MahApps.Metro.IconPacks.Material.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Microsoft.AspNetCore.Http.Abstractions.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Microsoft.AspNetCore.Mvc.Razor.Extensions.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\ArduinoUploader.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\_Addons\GamePlugins\TrainSimulator\TrainSimulatorBridge.exe	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\CircularGauge.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\LiteDB.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Microsoft.Extensions.Logging.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\MahApps.Metro.SimpleChildWindow.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\_Addons\Arduino\SimhubArduinoSetup.exe	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\CefSharp.BrowserSubprocess.exe	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\CefSharp.BrowserSubprocess.Core.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\libEGL.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Microsoft.AspNetCore.Mvc.TagHelpers.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Microsoft.Diagnostics.NETCore.Client.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Microsoft.AspNetCore.Http.Features.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Microsoft.AspNetCore.Mvc.Localization.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\GongSolutions.WPF.DragDrop.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\RREReader.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\System.ValueTuple.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\AvalonDock.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\chrome_elf.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\_Addons\GamePlugins\expansim\Plugins\SHIntegration.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\BA63Driver.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Esprima.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\SimHub.BitmapDisplay.AX206.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Microsoft.AspNetCore.Routing.Abstractions.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\SimHub.PackageManager.Standalone.exe	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\WebView2Loader.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Wpf.MatrixExtensions.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Microsoft.AspNetCore.Mvc.Formatters.Json.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Microsoft.AspNetCore.Mvc.Razor.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\TDU5.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Jint.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\CefSharp.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Microsoft.AspNetCore.Mvc.ViewFeatures.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Microsoft.AspNetCore.Authorization.Policy.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\log4net.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Microsoft.AspNetCore.Mvc.DataAnnotations.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Antlr3.Runtime.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\msvcr120.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\MapViewer.exe	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\NAudio.Midi.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\libcef.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\libGLESv2.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Microsoft.Extensions.FileProviders.Composite.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\AvalonDock.Themes.VS2013.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\System.Memory.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\CodemastersReader.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\DriverNET4.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Microsoft.Extensions.Configuration.Binder.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Melanchall.DryWetMidi.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\_Addons\GamePlugins\RFactor1\rFactorSharedMemoryMap.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Markdig.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Microsoft.AspNetCore.Authentication.Abstractions.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Microsoft.AspNetCore.Cors.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Microsoft.AspNetCore.DataProtection.Abstractions.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\WarThunder.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Microsoft.Extensions.Options.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\_Addons\GamePlugins\RFactor2\Bin64\Plugins\rFactor2SharedMemoryMapPlugin64.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\BouncyCastle.Crypto.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\ICSharpCode.SharpZipLib.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Microsoft.AspNetCore.Authentication.Core.dll	SimHubSetup_9.3.9.tmp
File opened for modification	C:\Program Files (x86)\SimHub\Microsoft.AspNetCore.Hosting.Abstractions.dll	SimHubSetup_9.3.9.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

SimHubSetup_9.3.9.exe

description	pid	process	target process
PID 4164 wrote to memory of 4716	4164	SimHubSetup_9.3.9.exe	SimHubSetup_9.3.9.tmp
PID 4164 wrote to memory of 4716	4164	SimHubSetup_9.3.9.exe	SimHubSetup_9.3.9.tmp
PID 4164 wrote to memory of 4716	4164	SimHubSetup_9.3.9.exe	SimHubSetup_9.3.9.tmp

C:\Users\Admin\AppData\Local\Temp\SimHubSetup_9.3.9.exe
"C:\Users\Admin\AppData\Local\Temp\SimHubSetup_9.3.9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4164

C:\Users\Admin\AppData\Local\Temp\is-VVTOJ.tmp\SimHubSetup_9.3.9.tmp
"C:\Users\Admin\AppData\Local\Temp\is-VVTOJ.tmp\SimHubSetup_9.3.9.tmp" /SL5="$A0114,193578101,950784,C:\Users\Admin\AppData\Local\Temp\SimHubSetup_9.3.9.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:4716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-VVTOJ.tmp\SimHubSetup_9.3.9.tmp
Filesize
3.1MB

MD5
b0f2e0af8ee652d116a778cd7da91f67

SHA1
3c7c79126d55fc52e83eb171b0d46be1e1e64310

SHA256
2ae68f7b6616c2878c3d6c4abc9adcab64a5545e3b1dff84a2e37c5c1dbc6b8f

SHA512
151e1b909bf30558436ce9604291b42694cfb137cd327bf7fb4ad7bf9d2258d62131d3b4cdd3c7406aab66fc566a3e09689994c4871e1a4f38b3649f42e54165

Download Submit
memory/4164-0-0x0000000000400000-0x00000000004F5000-memory.dmp

Filesize
980KB

Download
memory/4164-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/4164-8-0x0000000000400000-0x00000000004F5000-memory.dmp

Filesize
980KB

Download
memory/4716-6-0x0000000000400000-0x0000000000731000-memory.dmp

Filesize
3.2MB

Download
memory/4716-9-0x0000000000400000-0x0000000000731000-memory.dmp

Filesize
3.2MB

Download
memory/4716-198-0x0000000000400000-0x0000000000731000-memory.dmp

Filesize
3.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads