e66137ab3b86abeb0dec368bbca035163b110bfcc452ee706149a6e0a948578a

Analysis

max time kernel
75s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
09-10-2022 06:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

update_6.exe
Size

6.1MB
MD5

bfbf6572787412ccb11f20b6a42127b5
SHA1

329cf6ac64afe94ed60e07ea6c55a0265b767e5c
SHA256

e66137ab3b86abeb0dec368bbca035163b110bfcc452ee706149a6e0a948578a
SHA512

67fe0a6ae043ef2a3d145d45eb31dddc9d637923d1001f4b6c93d80bfbe22abe0b33c3d20109b37f0a4f3fc3f887d9067527ae080236b8f84e717b6c1038227d
SSDEEP

196608:7q67uyqWd9e+q2WWmQqh+ZZRCnFGEkbtE4ZoXte:3uy1d9vqZQCn0+4c

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 14 IoCs

Processes:

update_6.exe

pid	process
2064	update_6.exe
2064	update_6.exe
2064	update_6.exe
2064	update_6.exe
2064	update_6.exe
2064	update_6.exe
2064	update_6.exe
2064	update_6.exe
2064	update_6.exe
2064	update_6.exe
2064	update_6.exe
2064	update_6.exe
2064	update_6.exe
2064	update_6.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

update_6.exe

description pid process

Token: 35 2064 update_6.exe

description	pid	process
Token: 35	2064	update_6.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

update_6.exe

description	pid	process	target process
PID 4800 wrote to memory of 2064	4800	update_6.exe	update_6.exe
PID 4800 wrote to memory of 2064	4800	update_6.exe	update_6.exe

C:\Users\Admin\AppData\Local\Temp\update_6.exe
"C:\Users\Admin\AppData\Local\Temp\update_6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4800

C:\Users\Admin\AppData\Local\Temp\update_6.exe
"C:\Users\Admin\AppData\Local\Temp\update_6.exe"
2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2064

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI48002\VCRUNTIME140.dll
Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\VCRUNTIME140.dll
Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\_bz2.pyd
Filesize
87KB

MD5
e5ba852cb53065389044fe34474a4699

SHA1
d14401c170be8f73de67cfc7ea414dfb1c878ae5

SHA256
690bfd170e038b7b369eb4e4e32621823b1050d895bae3ef538c6382cdc1b2b0

SHA512
c6db73a39c563ac8395214ba1fa9807542b228ebcf6daef9e5478ba99acfcd8dc3d4816c68c51128bb421e8ee2f4625ec24fbe1ef2d268eb01ce09c37ed27101

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\_bz2.pyd
Filesize
87KB

MD5
e5ba852cb53065389044fe34474a4699

SHA1
d14401c170be8f73de67cfc7ea414dfb1c878ae5

SHA256
690bfd170e038b7b369eb4e4e32621823b1050d895bae3ef538c6382cdc1b2b0

SHA512
c6db73a39c563ac8395214ba1fa9807542b228ebcf6daef9e5478ba99acfcd8dc3d4816c68c51128bb421e8ee2f4625ec24fbe1ef2d268eb01ce09c37ed27101

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\_ctypes.pyd
Filesize
130KB

MD5
9e18aca18e4ece1c187f8c0cd12a5c8f

SHA1
a8ba36a9eea969d722a9ae90139d4d59f643f951

SHA256
3351627469ea8965b08bafc9de18d1d890479357df6bc8917f7218535e02f211

SHA512
237b0ef23d0a91014581b94f5c7696da1ab3c1c3a51f6ffe10787c65dc4f5a90d1760e4088afc9acc27bae7f159a32fa3e7a9b15daba5950751932683e9373b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\_ctypes.pyd
Filesize
130KB

MD5
9e18aca18e4ece1c187f8c0cd12a5c8f

SHA1
a8ba36a9eea969d722a9ae90139d4d59f643f951

SHA256
3351627469ea8965b08bafc9de18d1d890479357df6bc8917f7218535e02f211

SHA512
237b0ef23d0a91014581b94f5c7696da1ab3c1c3a51f6ffe10787c65dc4f5a90d1760e4088afc9acc27bae7f159a32fa3e7a9b15daba5950751932683e9373b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\_hashlib.pyd
Filesize
38KB

MD5
e2f401c211fab8c5e1517764e9175616

SHA1
7497eb47b63435d60e7d1bf20b2c946335e6671e

SHA256
76fb36e23b8f6821caec61c49f90b194632e68c9c78c9eb1f2e668c1b6383a73

SHA512
1312eaa7cc46b774392ae9e588c41b104eda43703e48e5b13702e15da665c0e5cc8e21b4011141c63811cd366a0d5773ff26c40c27159b80486bc491eef450a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\_hashlib.pyd
Filesize
38KB

MD5
e2f401c211fab8c5e1517764e9175616

SHA1
7497eb47b63435d60e7d1bf20b2c946335e6671e

SHA256
76fb36e23b8f6821caec61c49f90b194632e68c9c78c9eb1f2e668c1b6383a73

SHA512
1312eaa7cc46b774392ae9e588c41b104eda43703e48e5b13702e15da665c0e5cc8e21b4011141c63811cd366a0d5773ff26c40c27159b80486bc491eef450a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\_lzma.pyd
Filesize
251KB

MD5
c7bbbab8b4764c1c2bfd480dc649653c

SHA1
a5226b44fd42f39948174fab8b6ba5999104d831

SHA256
96205c0efbfbc282d3f4b76f8f2f189a409f365dbe9a9a088351a2906b18cd36

SHA512
aad92eb554af4a99647c770f8a0e988da78542df348e89b740f5f777b5acd992a896c9790598c2c9df35a4167347653e7b337ac98258b9c878c710582e7c21da

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\_lzma.pyd
Filesize
251KB

MD5
c7bbbab8b4764c1c2bfd480dc649653c

SHA1
a5226b44fd42f39948174fab8b6ba5999104d831

SHA256
96205c0efbfbc282d3f4b76f8f2f189a409f365dbe9a9a088351a2906b18cd36

SHA512
aad92eb554af4a99647c770f8a0e988da78542df348e89b740f5f777b5acd992a896c9790598c2c9df35a4167347653e7b337ac98258b9c878c710582e7c21da

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\_socket.pyd
Filesize
74KB

MD5
9f0683eb56d79d33ee3820f1d3504cc2

SHA1
0bf7a74e9040bb7ffda943ffef531520a9f419af

SHA256
39612c28eef633eef7e2e2c83a779fdda178d043d7aec0a07890e5d2a11cf4f8

SHA512
f086cc899b517ace259d27c048db5846552a7a8e57ddad4d6ea0b25b45e52282979309cea56bb56312aa83273b61f78b25b1ad6a61b6b3de33f5980c81ae6f32

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\_socket.pyd
Filesize
74KB

MD5
9f0683eb56d79d33ee3820f1d3504cc2

SHA1
0bf7a74e9040bb7ffda943ffef531520a9f419af

SHA256
39612c28eef633eef7e2e2c83a779fdda178d043d7aec0a07890e5d2a11cf4f8

SHA512
f086cc899b517ace259d27c048db5846552a7a8e57ddad4d6ea0b25b45e52282979309cea56bb56312aa83273b61f78b25b1ad6a61b6b3de33f5980c81ae6f32

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\_ssl.pyd
Filesize
120KB

MD5
a7fadacb8f4ff72a26f1ccbcfcdc33c1

SHA1
e73311cce41f1de6e01e13ef5745febf37fb3193

SHA256
b8232c839e99a3701657fe16f245e0afca2f269562682eb1a3468c47d07ac5cf

SHA512
a486a2c9fa2cf8a8b8c609a9f4d132c55c39dabcc1ea20455a27e23395515881c9cd396416796762777079aae6c6673dc9905bdcc92ff13d93e7e6c2a06403fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\_ssl.pyd
Filesize
120KB

MD5
a7fadacb8f4ff72a26f1ccbcfcdc33c1

SHA1
e73311cce41f1de6e01e13ef5745febf37fb3193

SHA256
b8232c839e99a3701657fe16f245e0afca2f269562682eb1a3468c47d07ac5cf

SHA512
a486a2c9fa2cf8a8b8c609a9f4d132c55c39dabcc1ea20455a27e23395515881c9cd396416796762777079aae6c6673dc9905bdcc92ff13d93e7e6c2a06403fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\base_library.zip
Filesize
775KB

MD5
9365718c1c11d87d0eb661abb5de5afb

SHA1
40e93f5882de0041ed9038b0c463ebc05d9e85ca

SHA256
4bc0009925cc5648746b8d8faeb365f90163a32e6d7318d9c30e135a0d524f38

SHA512
b235bbb1b521942647366c04f223c61f9b299ee7c2e1b4114372e5d2d474699c83926978845d84eaa3fa5c6bd317f870ff6a615dfa23224e10e3e47c8fa82023

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\libcrypto-1_1-x64.dll
Filesize
2.4MB

MD5
8c75bca5ea3bea4d63f52369e3694d01

SHA1
a0c0fd3d9e5688d75386094979171dbde2ce583a

SHA256
8513e629cd85a984e4a30dfe4b3b7502ab87c8bc920825c11035718cb0211ea0

SHA512
6d80d26d91b704d50ff3ad74f76d6b1afe98af3d7a18e43011dbe3809adc305b0e382c10868328eb82c9f8b4c77bca1522bdc023c7c8712057b65f6579c9dff5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\libcrypto-1_1-x64.dll
Filesize
2.4MB

MD5
8c75bca5ea3bea4d63f52369e3694d01

SHA1
a0c0fd3d9e5688d75386094979171dbde2ce583a

SHA256
8513e629cd85a984e4a30dfe4b3b7502ab87c8bc920825c11035718cb0211ea0

SHA512
6d80d26d91b704d50ff3ad74f76d6b1afe98af3d7a18e43011dbe3809adc305b0e382c10868328eb82c9f8b4c77bca1522bdc023c7c8712057b65f6579c9dff5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\libssl-1_1-x64.dll
Filesize
511KB

MD5
0205c08024bf4bb892b9f31d751531a0

SHA1
60875676bc6f2494f052769aa7d644ef4a28c5e5

SHA256
ebe7ffc7eb0b79e29bfc4e408ea27e9b633584dd7bc8e0b5ffc46af19263844b

SHA512
45da0c128bfb706cb0340ad40fbc691696f3483a0235faaac864dea4580b57e36aa5b4b55a60322081d2d2e2df788c550fd43c317582a9b6a2d66712df215bd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\libssl-1_1-x64.dll
Filesize
511KB

MD5
0205c08024bf4bb892b9f31d751531a0

SHA1
60875676bc6f2494f052769aa7d644ef4a28c5e5

SHA256
ebe7ffc7eb0b79e29bfc4e408ea27e9b633584dd7bc8e0b5ffc46af19263844b

SHA512
45da0c128bfb706cb0340ad40fbc691696f3483a0235faaac864dea4580b57e36aa5b4b55a60322081d2d2e2df788c550fd43c317582a9b6a2d66712df215bd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\python37.dll
Filesize
3.6MB

MD5
d558d4db5a6bd29a8b60b8aa46e5329a

SHA1
a5036009de7165b1b4721263eae4b240ee689095

SHA256
1cfdd40a9107d89310e4e3b6df5f25f26944b312e61638d014f1b1a8050ccc07

SHA512
5590fbd6c9c81293b21e9da9d35d5177f03ba3d247771e4abef3420420d9024f3a775796d73becd5aeb469df648d3105a016693c6b8f68e8c61399212439eebf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\python37.dll
Filesize
3.6MB

MD5
d558d4db5a6bd29a8b60b8aa46e5329a

SHA1
a5036009de7165b1b4721263eae4b240ee689095

SHA256
1cfdd40a9107d89310e4e3b6df5f25f26944b312e61638d014f1b1a8050ccc07

SHA512
5590fbd6c9c81293b21e9da9d35d5177f03ba3d247771e4abef3420420d9024f3a775796d73becd5aeb469df648d3105a016693c6b8f68e8c61399212439eebf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\pywintypes37.dll
Filesize
142KB

MD5
8e2376c8100ed084769b415369403f5f

SHA1
3d885cd0d38de5f8ce8e960dd8289ac1ab71615d

SHA256
bfd1e3397268cc52cf526644529a427e901eec703cf8bf28946ff3b0704e90f7

SHA512
3530e94ebe458cc9e5c024dc1bdbfd9ee77eb2924a37efae6f56cb0fb670ee090f0dc4903fc92f91588a0d4cb8d1c8c56e76bb09ee06862dbcb35c072d37cd49

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\pywintypes37.dll
Filesize
142KB

MD5
8e2376c8100ed084769b415369403f5f

SHA1
3d885cd0d38de5f8ce8e960dd8289ac1ab71615d

SHA256
bfd1e3397268cc52cf526644529a427e901eec703cf8bf28946ff3b0704e90f7

SHA512
3530e94ebe458cc9e5c024dc1bdbfd9ee77eb2924a37efae6f56cb0fb670ee090f0dc4903fc92f91588a0d4cb8d1c8c56e76bb09ee06862dbcb35c072d37cd49

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\select.pyd
Filesize
26KB

MD5
cf7bd630db53356c3dfd51ca8822b696

SHA1
202837642baa0d161d462039ab2441d491c6fe5f

SHA256
5ed33afc7f63de065457e0ef0852de0cc182a7111bd852e855eb9f48451b0e58

SHA512
4c32e03b670fa42f57e5e265e56e9845b719286ffecd8afcd583649fee11b803776f15ea28730925dc0c0b5510c18047ceda951fca1a716a1acc54f0dbc9e91a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\select.pyd
Filesize
26KB

MD5
cf7bd630db53356c3dfd51ca8822b696

SHA1
202837642baa0d161d462039ab2441d491c6fe5f

SHA256
5ed33afc7f63de065457e0ef0852de0cc182a7111bd852e855eb9f48451b0e58

SHA512
4c32e03b670fa42f57e5e265e56e9845b719286ffecd8afcd583649fee11b803776f15ea28730925dc0c0b5510c18047ceda951fca1a716a1acc54f0dbc9e91a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\ucrtbase.dll
Filesize
993KB

MD5
9679f79d724bcdbd3338824ffe8b00c7

SHA1
5ded91cc6e3346f689d079594cf3a9bf1200bd61

SHA256
962c50afcb9fbfd0b833e0d2d7c2ba5cb35cd339ecf1c33ddfb349253ff95f36

SHA512
74ac8deb4a30f623af1e90e594d66fe28a1f86a11519c542c2bad44e556b2c5e03d41842f34f127f8f7f7cb217a6f357604cb2dc6aa5edc5cba8b83673d8b8bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\ucrtbase.dll
Filesize
993KB

MD5
9679f79d724bcdbd3338824ffe8b00c7

SHA1
5ded91cc6e3346f689d079594cf3a9bf1200bd61

SHA256
962c50afcb9fbfd0b833e0d2d7c2ba5cb35cd339ecf1c33ddfb349253ff95f36

SHA512
74ac8deb4a30f623af1e90e594d66fe28a1f86a11519c542c2bad44e556b2c5e03d41842f34f127f8f7f7cb217a6f357604cb2dc6aa5edc5cba8b83673d8b8bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\unicodedata.pyd
Filesize
1.0MB

MD5
d009552163b6a795e0816ea5ce4928ce

SHA1
f3640f46037735667b6eba057f89a978a3901430

SHA256
5938061557e920e925a4e9b31f950b6d25c5ff10e143fe8e1f773466810ce2a2

SHA512
5ed7513a843d2e239aae8a4ce9cbb42366d9f2a0ea5adaedd8dd8c53493594ee3b5b118f766cc04d47d3eb31ec03eeb77b0dc05851de5a585f6970830b6e8580

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48002\unicodedata.pyd
Filesize
1.0MB

MD5
d009552163b6a795e0816ea5ce4928ce

SHA1
f3640f46037735667b6eba057f89a978a3901430

SHA256
5938061557e920e925a4e9b31f950b6d25c5ff10e143fe8e1f773466810ce2a2

SHA512
5ed7513a843d2e239aae8a4ce9cbb42366d9f2a0ea5adaedd8dd8c53493594ee3b5b118f766cc04d47d3eb31ec03eeb77b0dc05851de5a585f6970830b6e8580

Download Submit
memory/2064-132-0x0000000000000000-mapping.dmp

Download