Overview

overview

6

Static

static

1

Update/1.3...er.exe

windows7-x64

1

Update/1.3...er.exe

windows10-2004-x64

1

Update/1.3...64.exe

windows7-x64

1

Update/1.3...64.exe

windows10-2004-x64

1

Update/1.3...te.exe

windows7-x64

6

Update/1.3...te.exe

windows10-2004-x64

6

Update/1.3...er.exe

windows7-x64

1

Update/1.3...er.exe

windows10-2004-x64

1

Update/1.3...64.exe

windows7-x64

4

Update/1.3...64.exe

windows10-2004-x64

4

Update/1.3...re.exe

windows7-x64

1

Update/1.3...re.exe

windows10-2004-x64

1

Update/1.3...nd.exe

windows7-x64

1

Update/1.3...nd.exe

windows10-2004-x64

1

Update/1.3...up.exe

windows7-x64

4

Update/1.3...up.exe

windows10-2004-x64

4

Update/1.3...te.dll

windows7-x64

6

Update/1.3...te.dll

windows10-2004-x64

6

Update/1.3...am.dll

windows7-x64

1

Update/1.3...am.dll

windows10-2004-x64

1

Update/1.3...ar.dll

windows7-x64

1

Update/1.3...ar.dll

windows10-2004-x64

1

Update/1.3...bg.dll

windows7-x64

1

Update/1.3...bg.dll

windows10-2004-x64

1

Update/1.3...bn.dll

windows7-x64

1

Update/1.3...bn.dll

windows10-2004-x64

1

Update/1.3...ca.dll

windows7-x64

1

Update/1.3...ca.dll

windows10-2004-x64

1

Update/1.3...cs.dll

windows7-x64

1

Update/1.3...cs.dll

windows10-2004-x64

1

Update/1.3...da.dll

windows7-x64

1

Update/1.3...da.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-12-2023 17:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Update/1.3.36.152/GoogleUpdateComRegisterShell64.exe

  • Size

    190KB

  • MD5

    067c069e3a48184c32333ebbd152eb01

  • SHA1

    e13808892bb9679a81d0ebdf5f51a6df42400149

  • SHA256

    55f4339688f1e72f5da0819abaa1d1f0630f39c496ec1ea0ad8e3458c8df6b02

  • SHA512

    74b3aecbf11f94948264b29481839bdf48d7b37f966cb5e2aa3062e66cf3587ecf247563e3bcc1837e1fb89602d327fdb4f22fa98c695b4d5768bc3f1903a2b4

  • SSDEEP

    3072:HVS38yXLiGySAcz4hp9wuzkHUYqWEybmoY46+pW8UJHqDMC0JGB:HVS31GGySAcz4hUmA0ohnqTm

Score
4/10
persistence

Malware Config

Signatures

  • Registers COM server for autorun 1 TTPs 9 IoCs
    persistence
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Update\1.3.36.152\GoogleUpdateComRegisterShell64.exe
    "C:\Users\Admin\AppData\Local\Temp\Update\1.3.36.152\GoogleUpdateComRegisterShell64.exe"
    1⤵
    • Registers COM server for autorun
    • Modifies registry class
    PID:4048
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:4072
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:976

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
      Filesize

      16KB

      MD5

      f9eb260ae9f4998dc85bec6e899a134f

      SHA1

      d6a92242e2b0023cceeffac72bf8ca097ca9113f

      SHA256

      1f06bc9344150d05dd5466199ab53680f165c8c0e402679ebccbc89fab91dd1e

      SHA512

      660336d1f4441d3a1eb248921abe0c1d3899a7322d2d6fd527e74e540376ab0b90cd63c1acf82c99e400442437341e5e12ff8be5a8f093f51f3757a862482581

      Download Submit

    • memory/976-40-0x00000173F7D70000-0x00000173F7D71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/976-33-0x00000173F7D70000-0x00000173F7D71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/976-42-0x00000173F7D70000-0x00000173F7D71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/976-34-0x00000173F7D70000-0x00000173F7D71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/976-35-0x00000173F7D70000-0x00000173F7D71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/976-36-0x00000173F7D70000-0x00000173F7D71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/976-37-0x00000173F7D70000-0x00000173F7D71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/976-38-0x00000173F7D70000-0x00000173F7D71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/976-43-0x00000173F7990000-0x00000173F7991000-memory.dmp

      Filesize

      4KB

      Download

    • memory/976-0-0x00000173EF650000-0x00000173EF660000-memory.dmp

      Filesize

      64KB

      Download

    • memory/976-68-0x00000173F7BE0000-0x00000173F7BE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/976-32-0x00000173F7D40000-0x00000173F7D41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/976-39-0x00000173F7D70000-0x00000173F7D71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/976-44-0x00000173F7980000-0x00000173F7981000-memory.dmp

      Filesize

      4KB

      Download

    • memory/976-46-0x00000173F7990000-0x00000173F7991000-memory.dmp

      Filesize

      4KB

      Download

    • memory/976-49-0x00000173F7980000-0x00000173F7981000-memory.dmp

      Filesize

      4KB

      Download

    • memory/976-52-0x00000173F78C0000-0x00000173F78C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/976-16-0x00000173EF750000-0x00000173EF760000-memory.dmp

      Filesize

      64KB

      Download

    • memory/976-64-0x00000173F7AC0000-0x00000173F7AC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/976-66-0x00000173F7AD0000-0x00000173F7AD1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/976-67-0x00000173F7AD0000-0x00000173F7AD1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/976-41-0x00000173F7D70000-0x00000173F7D71000-memory.dmp

      Filesize

      4KB

      Download