7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38

Analysis

max time kernel
30s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 08:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
Size

770KB
MD5

2c696ff7f567346ccfdb4864af58e3d3
SHA1

ba21ad2559e3c5349856e156c4689480a288767d
SHA256

7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38
SHA512

1ebcfcc02d2a151a600e373f53ecefe5db63d58d5b0ccb7701fba7f68a091da43f731aea23209be711f426ff82f82787608c30627743b7e2987ebc6361677619
SSDEEP

24576:O7eit0t9EsyC1XS64DbvYwdzv1n4WwwS6u3sK:O7eimfEsr1X/4wwbn4Wpi

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3240	DropboxUpdate.exe

Drops file in Program Files directory 34 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\npDropboxUpdate3.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdateres_en.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdateres_fr.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdateres_uk.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\DropboxCleanup.exe	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File opened for modification	C:\Program Files (x86)\Dropbox\Temp\GUT6FB3.tmp	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdateres_id.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdateres_zh-TW.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\DropboxCrashHandler.exe	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdateres_es-419.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdateres_nl.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\@PaxHeader	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\DropboxUpdate.exe	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdate.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdateres_ja.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdateres_ms.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdateres_pt-BR.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\DropboxUpdateOnDemand.exe	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\psuser.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdateres_de.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdateres_es.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdateres_it.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdateres_zh-CN.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File opened for modification	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\@PaxHeader	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\DropboxUpdateBroker.exe	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdateres_da.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdateres_ko.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\DropboxUpdateHelper.msi	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\psmachine.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdateres_no.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdateres_pl.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdateres_ru.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdateres_sv.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
File created	C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdateres_th.dll	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 3240	2260	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe	87
PID 2260 wrote to memory of 3240	2260	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe	87
PID 2260 wrote to memory of 3240	2260	7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe	87

C:\Users\Admin\AppData\Local\Temp\7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe
"C:\Users\Admin\AppData\Local\Temp\7f7136b9d84886e5e53577a095474de3a8088ed57e77f9f32701c11cd48a9d38.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\DropboxUpdate.exe
  "C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\DropboxUpdate.exe" /installsource taggedmi /install "appguid={CC46080E-4C33-4981-859A-BBA2F780F31E}&appname=Dropbox&needsadmin=Prefers&experiments=buildid%3Dmain%7CThu%2C%2031%20Dec%202099%2023%3A59%3A59%20GMT&dropbox_data=eyJUQUdTIjoiREJQUkVBVVRIOjpjaHJvbWU6OmVKeXJWa29zTGNtSUw4blBUczFUc2xKUWNpNEpEay1QTk1ndExDZ3dDakR4ZFVuek5Ndks4Q3cwemdsM0xzdk5Lc19YTXpTek5MVTBORFl3TVZYU1VWQXFUaTB1enN6UGk4OU1BV28yTkRBeU5BTkNFd3N6TTNOTFV5TURBeE1URTBOVEExTlRZNkNnbWFtQmhibUpnWGt0QUJCVklFTX5ATUVUQSJ9"
  2⤵
  - Executes dropped EXE
  PID:3240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\@PaxHeader

Filesize
28B

MD5
103279cb461931b096ad625a126df723

SHA1
9f3b7adb206fada29fb0af4936ca90e849b79813

SHA256
b02df8506caa78d4ed01ea2cbc47d19943fb8423e04cda0566b61371cef77210

SHA512
177b8087bb06982ed6c0e7d6ea671909850e4155f794327436d20deaf5cfde81891f4bd6523bd704094468748d05fecaec22d11d0d0bbc4ae4ec933279580426

Download Submit
C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\@PaxHeader

Filesize
27B

MD5
7fe5c85c5f0e31d60d9749a468b2f204

SHA1
fdb09bd875a9d6d89611b04426f36c29350e42c7

SHA256
f33361ef3ac57406873827af4cacc88b0e784fc1a2f8643ada4e7675eb2ba182

SHA512
bf6d903152c8f107292f659560d22e35e69c877476cbfbf8f366638b2ab69274fd924376c20722dc3a8bf2fc9395d2a56f9c5591e4d9000d39ae686fd8a9f446

Download Submit
C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\DropboxUpdate.exe

Filesize
127KB

MD5
8ad76e0b347bb690697535ce95b1c656

SHA1
10d2622a3965d21215a953ed924d01788a9805ed

SHA256
7655221b493047c61285e1de78807d0584920b0d14d150e2487da9728b1926f3

SHA512
35fbda7f05865b3a50454dba5ba3738eb8a5fd6d2eea5e9415d8d517811d51c50cca6c7b47a5b19f1ff1f4101567137fe18805f4f740289456da1ff2af682504

Download Submit
C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdate.dll

Filesize
1.1MB

MD5
8cef863dae49754afb4e31853341aa4f

SHA1
379825bd7d7305eaac49c61fbb553b515cd79f6b

SHA256
cc4e06440aaa7d81abb2b8935343f6f3c0b5736c1a20bfb53b0af0b41c49b7bf

SHA512
4ba532692cfa675791e329fe665dcbb078a6df7002a8b4a5e2940028ec004e594b25e387a55f0b372a7a939d4c558faceb2e9d7c79e264f2b1609bccf1626bf7

Download Submit
C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdate.dll

Filesize
1.1MB

MD5
8cef863dae49754afb4e31853341aa4f

SHA1
379825bd7d7305eaac49c61fbb553b515cd79f6b

SHA256
cc4e06440aaa7d81abb2b8935343f6f3c0b5736c1a20bfb53b0af0b41c49b7bf

SHA512
4ba532692cfa675791e329fe665dcbb078a6df7002a8b4a5e2940028ec004e594b25e387a55f0b372a7a939d4c558faceb2e9d7c79e264f2b1609bccf1626bf7

Download Submit
C:\Program Files (x86)\Dropbox\Temp\GUM6FB2.tmp\goopdateres_en.dll

Filesize
31KB

MD5
fb58b2bcb59b4bcdc4b2142738bebec6

SHA1
c6f7bd3777bb869ea02ce83775a3b5565e76f99e

SHA256
73fe9b8c32d0545908852ac342b20bdbdeccc11450ec43361027470f5e398c11

SHA512
2798f2d7b832ba3f1ef18ef11315401cdcb9d1e519bb56dc836a7519c0f9ca75a68e3491500a0a43dcf595ce3877efec13992a381004b5816ee9c9403159518d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads