4e343c4c9f47cda07fda93b6e8e6af5b203959223127f160760651d78c5c2e61

Analysis

max time kernel
125s
max time network
56s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
12/05/2023, 15:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e343c4c9f47cda07fda93b6e8e6af5b203959223127f160760651d78c5c2e61.exe
Size

2.0MB
MD5

69c7fac638f64d539b865a5317c40374
SHA1

812c79f614f2a8ecdd752308f8ee987518461c46
SHA256

4e343c4c9f47cda07fda93b6e8e6af5b203959223127f160760651d78c5c2e61
SHA512

86605c6dfaf2d85bab756161b6a02da162e96545f5ce026797bf4be3840073f0fc84b1b9ace50b116b439cd907468645b1d1bada0270570e2cda53fc215a19f8
SSDEEP

24576:d7FUDowAyrTVE3U5FIVAPJn2sECgR721unTeddf7vmwp77Tq14lD2hlFoE9:dBuZrEUVPJn2s5QbnTOdf73Tq1seF

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\UpdateService.exe	4e343c4c9f47cda07fda93b6e8e6af5b203959223127f160760651d78c5c2e61.tmp
File created	C:\Windows\system32\UpdateService.exe	4e343c4c9f47cda07fda93b6e8e6af5b203959223127f160760651d78c5c2e61.tmp

Executes dropped EXE 3 IoCs

pid	Process
2004	4e343c4c9f47cda07fda93b6e8e6af5b203959223127f160760651d78c5c2e61.tmp
2588	UpdateService.exe
2936	UpdateService.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 2004	2540	4e343c4c9f47cda07fda93b6e8e6af5b203959223127f160760651d78c5c2e61.exe	66
PID 2540 wrote to memory of 2004	2540	4e343c4c9f47cda07fda93b6e8e6af5b203959223127f160760651d78c5c2e61.exe	66
PID 2540 wrote to memory of 2004	2540	4e343c4c9f47cda07fda93b6e8e6af5b203959223127f160760651d78c5c2e61.exe	66
PID 2004 wrote to memory of 2588	2004	4e343c4c9f47cda07fda93b6e8e6af5b203959223127f160760651d78c5c2e61.tmp	67
PID 2004 wrote to memory of 2588	2004	4e343c4c9f47cda07fda93b6e8e6af5b203959223127f160760651d78c5c2e61.tmp	67
PID 2004 wrote to memory of 2588	2004	4e343c4c9f47cda07fda93b6e8e6af5b203959223127f160760651d78c5c2e61.tmp	67

C:\Users\Admin\AppData\Local\Temp\4e343c4c9f47cda07fda93b6e8e6af5b203959223127f160760651d78c5c2e61.exe
"C:\Users\Admin\AppData\Local\Temp\4e343c4c9f47cda07fda93b6e8e6af5b203959223127f160760651d78c5c2e61.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Users\Admin\AppData\Local\Temp\is-8G72E.tmp\4e343c4c9f47cda07fda93b6e8e6af5b203959223127f160760651d78c5c2e61.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-8G72E.tmp\4e343c4c9f47cda07fda93b6e8e6af5b203959223127f160760651d78c5c2e61.tmp" /SL5="$C01E8,1236423,1047040,C:\Users\Admin\AppData\Local\Temp\4e343c4c9f47cda07fda93b6e8e6af5b203959223127f160760651d78c5c2e61.exe"
  2⤵
  - Drops file in System32 directory
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2004
- - C:\Windows\system32\UpdateService.exe
    "C:\Windows\system32\UpdateService.exe"
    3⤵
    - Executes dropped EXE
    PID:2588

C:\Windows\system32\UpdateService.exe
"C:\Windows\system32\UpdateService.exe" serve
1⤵
- Executes dropped EXE
PID:2936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-8G72E.tmp\4e343c4c9f47cda07fda93b6e8e6af5b203959223127f160760651d78c5c2e61.tmp

Filesize
3.2MB

MD5
e7f39cc22a7d792e9858a39416db4083

SHA1
7a1edd5492e13b42ac00e0b620bcd48954b861f4

SHA256
da80856c3289b18db440c66240c8ad3cd9d2e75fb2356fd50aaab6efe598bdba

SHA512
4fcfab4c650133ea57a21fec19ba9035b983f6b5491af131fe6069e0b9a4af37f5a83527e1796f275309adc7bd07da89cd7498bc7d2d780e8b6b46054f5139fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J0IH2.tmp\UpdateService.exe

Filesize
497KB

MD5
315d7505ae889a72e4b829602cebae72

SHA1
25b9c84a9e4879cb53e77723b99382fe6e568f11

SHA256
491f8423aa74f1658e49c785522f3c104922af717b437573aef8ff3a97b5d0c6

SHA512
51ac60c2d318b59ae32b383859531e0315d21ed0302ef1f75695ac17897efec154b757bb440819318b97d1a5fb3d3da0d7956d8c11ec7845215ea5b939c9d034

Download Submit
C:\Windows\System32\UpdateService.exe

Filesize
497KB

MD5
315d7505ae889a72e4b829602cebae72

SHA1
25b9c84a9e4879cb53e77723b99382fe6e568f11

SHA256
491f8423aa74f1658e49c785522f3c104922af717b437573aef8ff3a97b5d0c6

SHA512
51ac60c2d318b59ae32b383859531e0315d21ed0302ef1f75695ac17897efec154b757bb440819318b97d1a5fb3d3da0d7956d8c11ec7845215ea5b939c9d034

Download Submit
C:\Windows\System32\UpdateService.exe

Filesize
497KB

MD5
315d7505ae889a72e4b829602cebae72

SHA1
25b9c84a9e4879cb53e77723b99382fe6e568f11

SHA256
491f8423aa74f1658e49c785522f3c104922af717b437573aef8ff3a97b5d0c6

SHA512
51ac60c2d318b59ae32b383859531e0315d21ed0302ef1f75695ac17897efec154b757bb440819318b97d1a5fb3d3da0d7956d8c11ec7845215ea5b939c9d034

Download Submit
memory/2004-127-0x00000000027A0000-0x00000000027A1000-memory.dmp

Filesize
4KB

Download
memory/2004-137-0x0000000000400000-0x0000000000748000-memory.dmp

Filesize
3.3MB

Download
memory/2004-138-0x00000000027A0000-0x00000000027A1000-memory.dmp

Filesize
4KB

Download
memory/2004-140-0x0000000000400000-0x0000000000748000-memory.dmp

Filesize
3.3MB

Download
memory/2004-141-0x0000000000400000-0x0000000000748000-memory.dmp

Filesize
3.3MB

Download
memory/2540-121-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/2540-136-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/2540-143-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads