8e1dfd0fe2f4be63343c311ece0c39c357bb7341978375661707d1a3bec39046

Analysis

max time kernel
144s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
08-12-2023 17:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Update/1.3.36.152/goopdateres_bn.dll
Size

53KB
MD5

c7ce022c59bc281c99877ecf7137b4ec
SHA1

f53341a06bbbeb25948a0178ea5e45c94ce6cc76
SHA256

f80738a1b58eb05d5fde4d45aa1dacabf85f6ce3e1baa278cea33821992a0595
SHA512

834094a639b9e3fb48ff891e957f016583d0c0abeedf9b64f6bc51462b960ee72fc315f5cafa315d5a36b9e3829b733d9b8194d8ac437af434999e43ff433b08
SSDEEP

384:F8bvUx7tVF7qTFoFrTFgRj+mBwHtN8hNyH1Mn8E9VFK4iy/IYi6ypIh4i/8E9VF7:2bu0FoFXFWBwNCaM8EANYi6y+heE9

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

svchost.exe

description pid process

Token: SeManageVolumePrivilege 2872 svchost.exe

description	pid	process
Token: SeManageVolumePrivilege	2872	svchost.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2392 wrote to memory of 2456	2392	rundll32.exe	rundll32.exe
PID 2392 wrote to memory of 2456	2392	rundll32.exe	rundll32.exe
PID 2392 wrote to memory of 2456	2392	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Update\1.3.36.152\goopdateres_bn.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2392

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Update\1.3.36.152\goopdateres_bn.dll,#1
2⤵
PID:2456

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:404

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2872-0-0x000001DB2E4A0000-0x000001DB2E4B0000-memory.dmp

Filesize
64KB

Download
memory/2872-16-0x000001DB2E5A0000-0x000001DB2E5B0000-memory.dmp

Filesize
64KB

Download
memory/2872-32-0x000001DB36B90000-0x000001DB36B91000-memory.dmp

Filesize
4KB

Download
memory/2872-33-0x000001DB36BC0000-0x000001DB36BC1000-memory.dmp

Filesize
4KB

Download
memory/2872-34-0x000001DB36BC0000-0x000001DB36BC1000-memory.dmp

Filesize
4KB

Download
memory/2872-35-0x000001DB36BC0000-0x000001DB36BC1000-memory.dmp

Filesize
4KB

Download
memory/2872-36-0x000001DB36BC0000-0x000001DB36BC1000-memory.dmp

Filesize
4KB

Download
memory/2872-37-0x000001DB36BC0000-0x000001DB36BC1000-memory.dmp

Filesize
4KB

Download
memory/2872-38-0x000001DB36BC0000-0x000001DB36BC1000-memory.dmp

Filesize
4KB

Download
memory/2872-39-0x000001DB36BC0000-0x000001DB36BC1000-memory.dmp

Filesize
4KB

Download
memory/2872-40-0x000001DB36BC0000-0x000001DB36BC1000-memory.dmp

Filesize
4KB

Download
memory/2872-41-0x000001DB36BC0000-0x000001DB36BC1000-memory.dmp

Filesize
4KB

Download
memory/2872-42-0x000001DB36BC0000-0x000001DB36BC1000-memory.dmp

Filesize
4KB

Download
memory/2872-43-0x000001DB367E0000-0x000001DB367E1000-memory.dmp

Filesize
4KB

Download
memory/2872-44-0x000001DB367D0000-0x000001DB367D1000-memory.dmp

Filesize
4KB

Download
memory/2872-46-0x000001DB367E0000-0x000001DB367E1000-memory.dmp

Filesize
4KB

Download
memory/2872-49-0x000001DB367D0000-0x000001DB367D1000-memory.dmp

Filesize
4KB

Download
memory/2872-52-0x000001DB36710000-0x000001DB36711000-memory.dmp

Filesize
4KB

Download
memory/2872-64-0x000001DB36910000-0x000001DB36911000-memory.dmp

Filesize
4KB

Download
memory/2872-66-0x000001DB36920000-0x000001DB36921000-memory.dmp

Filesize
4KB

Download
memory/2872-67-0x000001DB36920000-0x000001DB36921000-memory.dmp

Filesize
4KB

Download
memory/2872-68-0x000001DB36A30000-0x000001DB36A31000-memory.dmp

Filesize
4KB

Download