4d7dacb39442fe8ed178ad10f6226ed10b7c34257356aa0b63558021029cb48d

Analysis

max time kernel
23s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2023, 21:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MedalSetup.exe
Size

135.9MB
MD5

4beaac0bad4f9cc9cb5f5fd51884fa07
SHA1

15ded1ce1fc456961c87c43f8ff5598554d0b922
SHA256

4d7dacb39442fe8ed178ad10f6226ed10b7c34257356aa0b63558021029cb48d
SHA512

a10cc7c95964ab1482d25fee80dbc472e58aab652ed074832d50685d7afdb0e813d5e79af2d74578b282ad75b95388e81849dbb3c49deafed28512ef090b7c12
SSDEEP

3145728:BvMV2fRioNjRuX5SK0jrRtrkZNb/YMh6KRaIaS7PWYzRUWDe:Bvc2fRnRt4ZNbgrGPa0RUf

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4024	Update.exe

Runs regedit.exe 1 IoCs

pid	Process
4980	regedit.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4980	regedit.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4024	Update.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3336 wrote to memory of 4024	3336	MedalSetup.exe	90
PID 3336 wrote to memory of 4024	3336	MedalSetup.exe	90

C:\Users\Admin\AppData\Local\Temp\MedalSetup.exe
"C:\Users\Admin\AppData\Local\Temp\MedalSetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3336
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  PID:4024
- - C:\Users\Admin\AppData\Local\Medal\app-4.2091.0\Squirrel.exe
    "C:\Users\Admin\AppData\Local\Medal\app-4.2091.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    3⤵
    PID:2436
- - C:\Users\Admin\AppData\Local\Medal\app-4.2091.0\Medal.exe
    "C:\Users\Admin\AppData\Local\Medal\app-4.2091.0\Medal.exe" --squirrel-install 4.2091.0
    3⤵
    PID:1944

C:\Windows\regedit.exe
"C:\Windows\regedit.exe"
1⤵
- Runs regedit.exe
- Suspicious behavior: GetForegroundWindowSpam
PID:4980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Medal\app-4.2091.0\Medal.exe

Filesize
76.9MB

MD5
21b2629ceb0a4d80a501c4d9a93b30d1

SHA1
6c1bb9e3cec90bf99aeec42c8ac71c6f3467a7d2

SHA256
862f2ff062f6c2692845c5ecb98288115a2c6021ea5532dae96fc6236f759789

SHA512
008ecdb0925ec7d4480c0e6dafeb97aa498c4425c61c282a5fbfff33f32f70cd3dcaf31170bcd4c406cf23c1343db5c44e6b2befc3f2833fc82d78fb94ed8d30

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2091.0\Medal.exe

Filesize
76.7MB

MD5
b9c89f1bdb0c84b175b4ca40b5949f1b

SHA1
2f64a28cd14b248c93f9b4787436616318e807a0

SHA256
29066e24dbe3672b2aec3c726e4d8e022bbc65c7a27f93a92d21aae959f71153

SHA512
5d42b7b2ad8035fa079353cd415ca324dd16b2d50413cda3b50a4082655f3a29a664ac69d1221f2ee995aa96bb4f9e5d6d6c6e1ab9e2de683aca91b56dbbccc2

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2091.0\Squirrel.exe

Filesize
2.0MB

MD5
71058f0dcf53e693faf877602495ba61

SHA1
e814b72d8beb3602675e2c587e1b44d9f7e2dc76

SHA256
b6fc3cd13c9d9523a3733d1c3fc7697a6f4940a7c1e4a39978cd0cd818d786bb

SHA512
395ec2faaa0975e66ff791ceb0be9b74b699b2e8ee2111dae5009c9f29adee48393a08b0bdc6d6e33c2d4b3c6943d6167cd03c01998be6d2192d5f4792e4f4d6

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2091.0\ffmpeg.dll

Filesize
2.7MB

MD5
e20d1181829dd40b8577edc6a90b7c2a

SHA1
655771b62f01ffc815d885ae34466e1fc965f1a1

SHA256
4fd894d327d5e23d1d675da604a8fb3fc74870e63abe83997e0647fbb5de561d

SHA512
674af4e7fc2a674ff92b3b755137f1c2d7a2e52cbc6c63686ed209fe3ec250ab2faa69727396cd92c90e2e382f56b5977381fc7a7ec2c77caa7246642e211374

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2091.0\ffmpeg.dll

Filesize
2.7MB

MD5
e20d1181829dd40b8577edc6a90b7c2a

SHA1
655771b62f01ffc815d885ae34466e1fc965f1a1

SHA256
4fd894d327d5e23d1d675da604a8fb3fc74870e63abe83997e0647fbb5de561d

SHA512
674af4e7fc2a674ff92b3b755137f1c2d7a2e52cbc6c63686ed209fe3ec250ab2faa69727396cd92c90e2e382f56b5977381fc7a7ec2c77caa7246642e211374

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2091.0\resources\app\node_modules\ffi-napi\deps\libffi\config\mac\ia32\ffitarget.h

Filesize
4KB

MD5
4ef9928ec21c398681ed3357aa400c48

SHA1
5bafcdf7c4ff860ce7f94c5260159e7bf063243b

SHA256
ce9a87677a9b9af9dcc6f8f632b62948214824174b65fe4361d3b662cc72aec0

SHA512
c0f5f26b249cf3ca72b2d334008a7ab8b7332f286e57edf7c700b5c4a80960dbce14e3db940829134a3bc593a087f56b41afb757daf3f03e32611ab1172c1f6d

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2091.0\resources\app\node_modules\ffi-napi\deps\libffi\config\openbsd\x64\ffi.h

Filesize
13KB

MD5
4c8fce7c4f0bee30b8f03d94fba5b66c

SHA1
4eb6b34a1547e2da9b1a0daa9c9f7a32569a03e5

SHA256
bdd54f5f8517f32767d864921edb878224068a75eff7e0386a55105d61e44466

SHA512
0f077d7c2a9801eab3134d4c56793f64fc1c8434e8eabe9c749d0f7d0d875b1750ad0f32873b49778bbb7b5864c280c4546fd72775ad0ec49eb091ec26ee3848

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2091.0\squirrel.exe

Filesize
2.0MB

MD5
71058f0dcf53e693faf877602495ba61

SHA1
e814b72d8beb3602675e2c587e1b44d9f7e2dc76

SHA256
b6fc3cd13c9d9523a3733d1c3fc7697a6f4940a7c1e4a39978cd0cd818d786bb

SHA512
395ec2faaa0975e66ff791ceb0be9b74b699b2e8ee2111dae5009c9f29adee48393a08b0bdc6d6e33c2d4b3c6943d6167cd03c01998be6d2192d5f4792e4f4d6

Download Submit
C:\Users\Admin\AppData\Local\Medal\app-4.2091.0\squirrel.exe

Filesize
2.0MB

MD5
71058f0dcf53e693faf877602495ba61

SHA1
e814b72d8beb3602675e2c587e1b44d9f7e2dc76

SHA256
b6fc3cd13c9d9523a3733d1c3fc7697a6f4940a7c1e4a39978cd0cd818d786bb

SHA512
395ec2faaa0975e66ff791ceb0be9b74b699b2e8ee2111dae5009c9f29adee48393a08b0bdc6d6e33c2d4b3c6943d6167cd03c01998be6d2192d5f4792e4f4d6

Download Submit
C:\Users\Admin\AppData\Local\Medal\packages\Medal-4.2091.0-full.nupkg

Filesize
109.5MB

MD5
f79a33f89ec9a6e1097c4fa3abfddf20

SHA1
beceee1b88969e83d02426c59fba2dd0783708b6

SHA256
ed2ad21024b2861f6dad5a73e1cc283bf5612e68381f2fdbbd9c22229cf54c24

SHA512
456004889ff70e240c88e9ecae39784cacebd46bdd138ddfa0d12b3083452fce7382595d407ac3664fcbd8d3dedc2ba32789571784d5ede3c2ecc16b8c4784e3

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Medal-4.2091.0-full.nupkg

Filesize
134.9MB

MD5
5f87ff7d8ad9fb71c3ccf588201b97a3

SHA1
c7f38b08e04e6cee0971dd5d44b7ac48a7ee124a

SHA256
d55c58144be73351215db35ffce7e913442c7313e31ad38b58e1ec1335113b08

SHA512
4b6ec8773998582c6614f7d576a39981d484362b21694c0ec8b3755ea16bf93f5bb835f9854341d0d6415ae30eb8f2a838bff388339d8397a689cdac01bd99ae

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
79B

MD5
a55e38e54b84fde6bec259acb169f69f

SHA1
67d81fd3569fc63612331ba5f63d58373523cd2b

SHA256
6e59e4be5d4ade5c2ee11c5b5b83f5f42dbcc15540df3664e828dca7d15bcda3

SHA512
272ea68e92543c4feb1bfb745ef355bd603a1b011712ebf2423a93ce8b3252e0579888a9d7c3c12ce7dbdcad9803bc216fc137cf11eda03b82e7686968f12990

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
d77383d8115f8aafc4e49f3fd77d88fd

SHA1
de4fe818e1929e105ba38c670b4551557e882a4a

SHA256
dc9776e615d54b08c1c0097e9e13daad0c30e13beb4a915d9f420b0e2ea65c70

SHA512
d27a60735f40153dfe38b87ac6ab9bb6eb51f9e7560a15bbca1d48da782e2e4cb224bb82dc8f4e82db5720aec65962feaf9bf1af26db55b7ddd60fc12847ca84

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
d77383d8115f8aafc4e49f3fd77d88fd

SHA1
de4fe818e1929e105ba38c670b4551557e882a4a

SHA256
dc9776e615d54b08c1c0097e9e13daad0c30e13beb4a915d9f420b0e2ea65c70

SHA512
d27a60735f40153dfe38b87ac6ab9bb6eb51f9e7560a15bbca1d48da782e2e4cb224bb82dc8f4e82db5720aec65962feaf9bf1af26db55b7ddd60fc12847ca84

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

Filesize
1.1MB

MD5
614c451436d08f584b631455ae01932b

SHA1
f343b42ad4729d575daac5af1344313959428454

SHA256
551f8f156eb712054202701c980958fb533fa9cba9df9b22e6644c9f5189f244

SHA512
8365bf161791e1dc4b24f9fe27871bb0396c39c333befe591c5a723971bb15ef140be2af8469d92d1037e79f50ae4a6a255c7c6559b35fb140d751c07bd1a51c

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\setupIcon.ico

Filesize
132KB

MD5
4fe78278c727ca838a6b0a8b5d2fc924

SHA1
7eba94ab9295e387f43fba20fcb79bc3db1dde64

SHA256
af8a663dc9f9407b1a0582c835317f62c0f3fc1fbe542e1df0f9ef39e913ba45

SHA512
ce381dbbd80e0ccbd0e9a5b1d7c070f0bf3bd52d71ae9cd87254cad2c41b61871392595f7bffb23f215f8fabdc2fba64758eb5d1e6b97da99fe4149db54123c2

Download Submit
memory/2436-3359-0x0000000000610000-0x0000000000806000-memory.dmp

Filesize
2.0MB

Download
memory/2436-3363-0x0000000001010000-0x0000000001020000-memory.dmp

Filesize
64KB

Download
memory/4024-214-0x000000001F780000-0x000000001F78E000-memory.dmp

Filesize
56KB

Download
memory/4024-213-0x000000001F7B0000-0x000000001F7E8000-memory.dmp

Filesize
224KB

Download
memory/4024-142-0x000000001AE00000-0x000000001AE10000-memory.dmp

Filesize
64KB

Download
memory/4024-141-0x0000000000010000-0x00000000001E6000-memory.dmp

Filesize
1.8MB

Download