Resubmissions

25-11-2023 19:05

231125-xr1vwscb46 7

25-11-2023 18:58

231125-xmvhbaca92 7

Analysis

  • max time kernel
    15s
  • max time network
    20s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2023 19:05

General

  • Target

    genshin_update_mods_41_26_be4c0.exe

  • Size

    6.2MB

  • MD5

    ce5415c477a478f1b60dd1267770030a

  • SHA1

    4fff0863e9ab65d44c91803d43702ab44dee6e3d

  • SHA256

    aa126abde8bf474ff9d0c8b3c589848d1a352b944ded4828970267d2a0c038bf

  • SHA512

    59eb7f2eb43dd25f3cfab1d4a5d5c451623c9c8621b16bf09a4d095630c27c6ef6ac4db3fd32a9113830412c9853ce24d73a97eb45ec081b4501a8f556a56269

  • SSDEEP

    196608:NasQbxbAQnwejuJDUX47dwdW0LBwnCOD:yxnaUX47d4SR

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\genshin_update_mods_41_26_be4c0.exe
    "C:\Users\Admin\AppData\Local\Temp\genshin_update_mods_41_26_be4c0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4524
    • C:\Users\Admin\AppData\Local\Temp\genshin_update_mods_41_26_be4c0.exe
      "C:\Users\Admin\AppData\Local\Temp\genshin_update_mods_41_26_be4c0.exe"
      2⤵
      • Loads dropped DLL
      PID:3704

Network

  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    64.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    64.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    208.194.73.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    208.194.73.20.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    158.240.127.40.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    158.240.127.40.in-addr.arpa

  • 8.8.8.8:53
    64.159.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    64.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    208.194.73.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    208.194.73.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI45242\VCRUNTIME140.dll

    Filesize

    106KB

    MD5

    870fea4e961e2fbd00110d3783e529be

    SHA1

    a948e65c6f73d7da4ffde4e8533c098a00cc7311

    SHA256

    76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

    SHA512

    0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

  • C:\Users\Admin\AppData\Local\Temp\_MEI45242\VCRUNTIME140.dll

    Filesize

    106KB

    MD5

    870fea4e961e2fbd00110d3783e529be

    SHA1

    a948e65c6f73d7da4ffde4e8533c098a00cc7311

    SHA256

    76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

    SHA512

    0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

  • C:\Users\Admin\AppData\Local\Temp\_MEI45242\_bz2.pyd

    Filesize

    82KB

    MD5

    a8a37ba5e81d967433809bf14d34e81d

    SHA1

    e4d9265449950b5c5a665e8163f7dda2badd5c41

    SHA256

    50e21ce62f8d9bab92f6a7e9b39a86406c32d2df18408bb52ffb3d245c644c7b

    SHA512

    b50f4334acb54a6fba776fc77ca07de4940810da4378468b3ca6f35d69c45121ff17e1f9c236752686d2e269bd0b7bce31d16506d3896b9328671049857ed979

  • C:\Users\Admin\AppData\Local\Temp\_MEI45242\_decimal.pyd

    Filesize

    247KB

    MD5

    5e8aa9cd4742a51acc5b2155770241d5

    SHA1

    af030327ea6702a081de422168d812263f581470

    SHA256

    59fee7a8d0a85ed98bbf5dfb7a0ad64b60cbe88427efd98b3c9faad3e4421a87

    SHA512

    e751621902897db7274b481386a811d2aabb63aa67759107c2f61bf29afc5437e7f5892158c83810dd5b5b498d160e308e6ed6453102d9bb58fc8f7dabf58697

  • C:\Users\Admin\AppData\Local\Temp\_MEI45242\_hashlib.pyd

    Filesize

    63KB

    MD5

    1c88b53c50b5f2bb687b554a2fc7685d

    SHA1

    bfe6fdb8377498bbefcaad1e6b8805473a4ccbf3

    SHA256

    19dd3b5ebb840885543974a4cb6c8ea4539d76e3672be0f390a3a82443391778

    SHA512

    a312b11c85aaa325ab801c728397d5c7049b55fa00f24d30f32bf5cc0ad160678b40f354d9d5ec34384634950b5d6eda601e21934c929b4bc7f6ef50f16e3f59

  • C:\Users\Admin\AppData\Local\Temp\_MEI45242\_lzma.pyd

    Filesize

    155KB

    MD5

    bc07d7ac5fdc92db1e23395fde3420f2

    SHA1

    e89479381beeba40992d8eb306850977d3b95806

    SHA256

    ab822f7e846d4388b6f435d788a028942096ba1344297e0b7005c9d50814981b

    SHA512

    b6105333bb15e65afea3cf976b3c2a8a4c0ebb09ce9a7898a94c41669e666ccfa7dc14106992502abf62f1deb057e926e1fd3368f2a2817bbf6845eada80803d

  • C:\Users\Admin\AppData\Local\Temp\_MEI45242\_socket.pyd

    Filesize

    77KB

    MD5

    290dbf92268aebde8b9507b157bef602

    SHA1

    bea7221d7abbbc48840b46a19049217b27d3d13a

    SHA256

    e05c5342d55cb452e88e041061faba492d6dd9268a7f67614a8143540aca2bfe

    SHA512

    9ae02b75e722a736b2d76cec9c456d20f341327f55245fa6c5f78200be47cc5885cb73dc3e42e302c6f251922ba7b997c6d032b12a4a988f39bc03719f21d1a5

  • C:\Users\Admin\AppData\Local\Temp\_MEI45242\base_library.zip

    Filesize

    1.4MB

    MD5

    2efeab81308c47666dfffc980b9fe559

    SHA1

    8fbb7bbdb97e888220df45cc5732595961dbe067

    SHA256

    a20eeb4ba2069863d40e4feab2136ca5be183887b6368e32f1a12c780a5af1ad

    SHA512

    39b030931a7a5940edc40607dcc9da7ca1bf479e34ebf45a1623a67d38b98eb4337b047cc8261038d27ed9e9d6f2b120abbf140c6c90d866cdba0a4c810ac32c

  • C:\Users\Admin\AppData\Local\Temp\_MEI45242\libcrypto-1_1.dll

    Filesize

    3.3MB

    MD5

    80b72c24c74d59ae32ba2b0ea5e7dad2

    SHA1

    75f892e361619e51578b312605201571bfb67ff8

    SHA256

    eb975c94e5f4292edd9a8207e356fe4ea0c66e802c1e9305323d37185f85ad6d

    SHA512

    08014ee480b5646362c433b82393160edf9602e4654e12cd9b6d3c24e98c56b46add9bf447c2301a2b2e782f49c444cb8e37ee544f38330c944c87397bdd152a

  • C:\Users\Admin\AppData\Local\Temp\_MEI45242\python311.dll

    Filesize

    5.5MB

    MD5

    1fe47c83669491bf38a949253d7d960f

    SHA1

    de5cc181c0e26cbcb31309fe00d9f2f5264d2b25

    SHA256

    0a9f2c98f36ba8974a944127b5b7e90e638010e472f2eb6598fc55b1bda9e7ae

    SHA512

    05cc6f00db128fbca02a14f60f86c049855f429013f65d91e14ea292d468bf9bfdeebc00ec2d54a9fb5715743a57ae3ab48a95037016240c02aabe4bfa1a2ff4

  • C:\Users\Admin\AppData\Local\Temp\_MEI45242\python311.dll

    Filesize

    5.5MB

    MD5

    1fe47c83669491bf38a949253d7d960f

    SHA1

    de5cc181c0e26cbcb31309fe00d9f2f5264d2b25

    SHA256

    0a9f2c98f36ba8974a944127b5b7e90e638010e472f2eb6598fc55b1bda9e7ae

    SHA512

    05cc6f00db128fbca02a14f60f86c049855f429013f65d91e14ea292d468bf9bfdeebc00ec2d54a9fb5715743a57ae3ab48a95037016240c02aabe4bfa1a2ff4

  • C:\Users\Admin\AppData\Local\Temp\_MEI45242\select.pyd

    Filesize

    29KB

    MD5

    4ac28414a1d101e94198ae0ac3bd1eb8

    SHA1

    718fbf58ab92a2be2efdb84d26e4d37eb50ef825

    SHA256

    b5d4d5b6da675376bd3b2824d9cda957b55fe3d8596d5675381922ef0e64a0f5

    SHA512

    2ac15e6a178c69115065be9d52c60f8ad63c2a8749af0b43634fc56c20220afb9d2e71ebed76305d7b0dcf86895ed5cdfb7d744c3be49122286b63b5ebce20c2

  • C:\Users\Admin\AppData\Local\Temp\_MEI45242\unicodedata.pyd

    Filesize

    1.1MB

    MD5

    2ab7e66dff1893fea6f124971221a2a9

    SHA1

    3be5864bc4176c552282f9da5fbd70cc1593eb02

    SHA256

    a5db7900ecd5ea5ab1c06a8f94b2885f00dd2e1adf34bcb50c8a71691a97804f

    SHA512

    985480fffcc7e1a25c0070f44492744c3820334a35b9a72b9147898395ab60c7a73ea8bbc761de5cc3b6f8799d07a96c2880a7b56953249230b05dd59a1390ad

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.