51f1653405f81a434b8bc2202a39ccd77e6a5d179cd4cb21902ec4db09578152

Analysis

max time kernel
145s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2022 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

51f1653405f81a434b8bc2202a39ccd77e6a5d179cd4cb21902ec4db09578152.exe
Size

809KB
MD5

3fbfda54492dcb753fc6ebf989417ca9
SHA1

6be998a78e4d4ca57d6766cdc0c87340474b448c
SHA256

51f1653405f81a434b8bc2202a39ccd77e6a5d179cd4cb21902ec4db09578152
SHA512

669592a6adee24ecd4e764264b9a612b190bb9a393876db6a493bce6b95be5b60e1854619f82fd5f2709020eb5b1d35e87e78972a04547e71e8fa91a4035cdbb
SSDEEP

12288:LKs6uLk0eYaXZRxj4qsf9btUsvSwaAE7YjfPsr/NILiTE9TpIKbOgjfiv:LBifYaXxKJUsTa/7YnsyLk+pDfM

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3412	update.exe

Loads dropped DLL 2 IoCs

pid	Process
3412	update.exe
3412	update.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\setupapi.log	update.exe
File opened for modification	\??\c:\windows\Wudf01000Inst.log	update.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3412	update.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 3412	1108	51f1653405f81a434b8bc2202a39ccd77e6a5d179cd4cb21902ec4db09578152.exe	83
PID 1108 wrote to memory of 3412	1108	51f1653405f81a434b8bc2202a39ccd77e6a5d179cd4cb21902ec4db09578152.exe	83
PID 1108 wrote to memory of 3412	1108	51f1653405f81a434b8bc2202a39ccd77e6a5d179cd4cb21902ec4db09578152.exe	83

C:\Users\Admin\AppData\Local\Temp\51f1653405f81a434b8bc2202a39ccd77e6a5d179cd4cb21902ec4db09578152.exe
"C:\Users\Admin\AppData\Local\Temp\51f1653405f81a434b8bc2202a39ccd77e6a5d179cd4cb21902ec4db09578152.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1108
- \??\c:\6278328b4a16dcfff924ab\update\update.exe
  c:\6278328b4a16dcfff924ab\update\update.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  PID:3412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\6278328b4a16dcfff924ab\update\update.exe

Filesize
699KB

MD5
0b630c8656b1ea82c82b929d51fa351b

SHA1
2be63bbb8e54a471bbc4bda98c9157903e821be2

SHA256
480bbbbd89d8275bacdd5cfce22d845785de61a1fbee787ebd2f67c54eaf3e21

SHA512
9d804dc534627abc3b7625fe505bfdc6bdb33a23ae46fe6263beb380d92b1dd35b2d1b3a272c87f709413c30f6cd4e6bc271c3ae3ccfb13081679acbe035ebda

Download Submit
C:\6278328b4a16dcfff924ab\update\updspapi.dll

Filesize
362KB

MD5
e58ab8bfffc584dba6f7ec2f83f32b68

SHA1
855d7c624feb67140dfbd7f07269eae98b15c23d

SHA256
6d91f37649df6a6f5b180198d495cff9ebfaf264f9867b5d409dfb75ee83587c

SHA512
7fd80646ea082ebe8017797d9ef2910d9e8ff0f7e0be50d708d2d0ea3edc8c4fa95b4f8f7f3c567fce2df586ffa5b0b76e3c5fd14d64f4dc135264d71ff0fa3f

Download Submit
C:\6278328b4a16dcfff924ab\update\updspapi.dll

Filesize
362KB

MD5
e58ab8bfffc584dba6f7ec2f83f32b68

SHA1
855d7c624feb67140dfbd7f07269eae98b15c23d

SHA256
6d91f37649df6a6f5b180198d495cff9ebfaf264f9867b5d409dfb75ee83587c

SHA512
7fd80646ea082ebe8017797d9ef2910d9e8ff0f7e0be50d708d2d0ea3edc8c4fa95b4f8f7f3c567fce2df586ffa5b0b76e3c5fd14d64f4dc135264d71ff0fa3f

Download Submit
\??\c:\6278328b4a16dcfff924ab\update\UPDSPAPI.dll

Filesize
362KB

MD5
e58ab8bfffc584dba6f7ec2f83f32b68

SHA1
855d7c624feb67140dfbd7f07269eae98b15c23d

SHA256
6d91f37649df6a6f5b180198d495cff9ebfaf264f9867b5d409dfb75ee83587c

SHA512
7fd80646ea082ebe8017797d9ef2910d9e8ff0f7e0be50d708d2d0ea3edc8c4fa95b4f8f7f3c567fce2df586ffa5b0b76e3c5fd14d64f4dc135264d71ff0fa3f

Download Submit
\??\c:\6278328b4a16dcfff924ab\update\update.exe

Filesize
699KB

MD5
0b630c8656b1ea82c82b929d51fa351b

SHA1
2be63bbb8e54a471bbc4bda98c9157903e821be2

SHA256
480bbbbd89d8275bacdd5cfce22d845785de61a1fbee787ebd2f67c54eaf3e21

SHA512
9d804dc534627abc3b7625fe505bfdc6bdb33a23ae46fe6263beb380d92b1dd35b2d1b3a272c87f709413c30f6cd4e6bc271c3ae3ccfb13081679acbe035ebda

Download Submit
\??\c:\6278328b4a16dcfff924ab\update\update.inf

Filesize
4KB

MD5
944ba2754dd495bf21814a12891e2f3f

SHA1
f42a844ea2e7487b507fab485e7635c40202372a

SHA256
7165c542613dab93761851d5b0f1a9d982ab68cf840d213139df0a0f7709021b

SHA512
093363953e5c438f638963e420c78f7aca87d1849c491f0de65bc10332637f1b1bf29259c99d9d635521b655452e4e2ef64b9ec59302257e0f39d00c4bbd7c57

Download Submit
memory/1108-132-0x0000000001000000-0x0000000001032000-memory.dmp

Filesize
200KB

Download
memory/1108-138-0x0000000001000000-0x0000000001032000-memory.dmp

Filesize
200KB

Download
memory/1108-136-0x0000000000573000-0x0000000000575000-memory.dmp

Filesize
8KB

Download
memory/1108-144-0x0000000000573000-0x0000000000575000-memory.dmp

Filesize
8KB

Download
memory/1108-145-0x0000000001000000-0x0000000001032000-memory.dmp

Filesize
200KB

Download
memory/1108-146-0x0000000001000000-0x0000000001032000-memory.dmp

Filesize
200KB

Download
memory/3412-133-0x0000000000000000-mapping.dmp

Download
memory/3412-141-0x0000000000520000-0x000000000057C000-memory.dmp

Filesize
368KB

Download
memory/3412-142-0x0000000000521000-0x0000000000541000-memory.dmp

Filesize
128KB

Download