Overview
overview
6Static
static
1Update/1.3...er.exe
windows7-x64
1Update/1.3...er.exe
windows10-2004-x64
1Update/1.3...64.exe
windows7-x64
1Update/1.3...64.exe
windows10-2004-x64
1Update/1.3...te.exe
windows7-x64
6Update/1.3...te.exe
windows10-2004-x64
6Update/1.3...er.exe
windows7-x64
1Update/1.3...er.exe
windows10-2004-x64
1Update/1.3...64.exe
windows7-x64
4Update/1.3...64.exe
windows10-2004-x64
4Update/1.3...re.exe
windows7-x64
1Update/1.3...re.exe
windows10-2004-x64
1Update/1.3...nd.exe
windows7-x64
1Update/1.3...nd.exe
windows10-2004-x64
1Update/1.3...up.exe
windows7-x64
4Update/1.3...up.exe
windows10-2004-x64
4Update/1.3...te.dll
windows7-x64
6Update/1.3...te.dll
windows10-2004-x64
6Update/1.3...am.dll
windows7-x64
1Update/1.3...am.dll
windows10-2004-x64
1Update/1.3...ar.dll
windows7-x64
1Update/1.3...ar.dll
windows10-2004-x64
1Update/1.3...bg.dll
windows7-x64
1Update/1.3...bg.dll
windows10-2004-x64
1Update/1.3...bn.dll
windows7-x64
1Update/1.3...bn.dll
windows10-2004-x64
1Update/1.3...ca.dll
windows7-x64
1Update/1.3...ca.dll
windows10-2004-x64
1Update/1.3...cs.dll
windows7-x64
1Update/1.3...cs.dll
windows10-2004-x64
1Update/1.3...da.dll
windows7-x64
1Update/1.3...da.dll
windows10-2004-x64
1Analysis
-
max time kernel
144s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231127-en -
resource tags
arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system -
submitted
08-12-2023 17:51
Static task
static1
Behavioral task
behavioral1
Sample
Update/1.3.36.152/GoogleCrashHandler.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Update/1.3.36.152/GoogleCrashHandler.exe
Resource
win10v2004-20231130-en
Behavioral task
behavioral3
Sample
Update/1.3.36.152/GoogleCrashHandler64.exe
Resource
win7-20231201-en
Behavioral task
behavioral4
Sample
Update/1.3.36.152/GoogleCrashHandler64.exe
Resource
win10v2004-20231201-en
Behavioral task
behavioral5
Sample
Update/1.3.36.152/GoogleUpdate.exe
Resource
win7-20231130-en
Behavioral task
behavioral6
Sample
Update/1.3.36.152/GoogleUpdate.exe
Resource
win10v2004-20231130-en
Behavioral task
behavioral7
Sample
Update/1.3.36.152/GoogleUpdateBroker.exe
Resource
win7-20231023-en
Behavioral task
behavioral8
Sample
Update/1.3.36.152/GoogleUpdateBroker.exe
Resource
win10v2004-20231127-en
Behavioral task
behavioral9
Sample
Update/1.3.36.152/GoogleUpdateComRegisterShell64.exe
Resource
win7-20231020-en
Behavioral task
behavioral10
Sample
Update/1.3.36.152/GoogleUpdateComRegisterShell64.exe
Resource
win10v2004-20231127-en
Behavioral task
behavioral11
Sample
Update/1.3.36.152/GoogleUpdateCore.exe
Resource
win7-20231023-en
Behavioral task
behavioral12
Sample
Update/1.3.36.152/GoogleUpdateCore.exe
Resource
win10v2004-20231127-en
Behavioral task
behavioral13
Sample
Update/1.3.36.152/GoogleUpdateOnDemand.exe
Resource
win7-20231020-en
Behavioral task
behavioral14
Sample
Update/1.3.36.152/GoogleUpdateOnDemand.exe
Resource
win10v2004-20231127-en
Behavioral task
behavioral15
Sample
Update/1.3.36.152/GoogleUpdateSetup.exe
Resource
win7-20231129-en
Behavioral task
behavioral16
Sample
Update/1.3.36.152/GoogleUpdateSetup.exe
Resource
win10v2004-20231130-en
Behavioral task
behavioral17
Sample
Update/1.3.36.152/goopdate.dll
Resource
win7-20231201-en
Behavioral task
behavioral18
Sample
Update/1.3.36.152/goopdate.dll
Resource
win10v2004-20231130-en
Behavioral task
behavioral19
Sample
Update/1.3.36.152/goopdateres_am.dll
Resource
win7-20231201-en
Behavioral task
behavioral20
Sample
Update/1.3.36.152/goopdateres_am.dll
Resource
win10v2004-20231130-en
Behavioral task
behavioral21
Sample
Update/1.3.36.152/goopdateres_ar.dll
Resource
win7-20231023-en
Behavioral task
behavioral22
Sample
Update/1.3.36.152/goopdateres_ar.dll
Resource
win10v2004-20231127-en
Behavioral task
behavioral23
Sample
Update/1.3.36.152/goopdateres_bg.dll
Resource
win7-20231130-en
Behavioral task
behavioral24
Sample
Update/1.3.36.152/goopdateres_bg.dll
Resource
win10v2004-20231127-en
Behavioral task
behavioral25
Sample
Update/1.3.36.152/goopdateres_bn.dll
Resource
win7-20231129-en
Behavioral task
behavioral26
Sample
Update/1.3.36.152/goopdateres_bn.dll
Resource
win10v2004-20231127-en
Behavioral task
behavioral27
Sample
Update/1.3.36.152/goopdateres_ca.dll
Resource
win7-20231020-en
Behavioral task
behavioral28
Sample
Update/1.3.36.152/goopdateres_ca.dll
Resource
win10v2004-20231130-en
Behavioral task
behavioral29
Sample
Update/1.3.36.152/goopdateres_cs.dll
Resource
win7-20231025-en
Behavioral task
behavioral30
Sample
Update/1.3.36.152/goopdateres_cs.dll
Resource
win10v2004-20231127-en
Behavioral task
behavioral31
Sample
Update/1.3.36.152/goopdateres_da.dll
Resource
win7-20231130-en
Behavioral task
behavioral32
Sample
Update/1.3.36.152/goopdateres_da.dll
Resource
win10v2004-20231201-en
General
-
Target
Update/1.3.36.152/goopdateres_bn.dll
-
Size
53KB
-
MD5
c7ce022c59bc281c99877ecf7137b4ec
-
SHA1
f53341a06bbbeb25948a0178ea5e45c94ce6cc76
-
SHA256
f80738a1b58eb05d5fde4d45aa1dacabf85f6ce3e1baa278cea33821992a0595
-
SHA512
834094a639b9e3fb48ff891e957f016583d0c0abeedf9b64f6bc51462b960ee72fc315f5cafa315d5a36b9e3829b733d9b8194d8ac437af434999e43ff433b08
-
SSDEEP
384:F8bvUx7tVF7qTFoFrTFgRj+mBwHtN8hNyH1Mn8E9VFK4iy/IYi6ypIh4i/8E9VF7:2bu0FoFXFWBwNCaM8EANYi6y+heE9
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
svchost.exedescription pid process Token: SeManageVolumePrivilege 2872 svchost.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2392 wrote to memory of 2456 2392 rundll32.exe rundll32.exe PID 2392 wrote to memory of 2456 2392 rundll32.exe rundll32.exe PID 2392 wrote to memory of 2456 2392 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Update\1.3.36.152\goopdateres_bn.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2392 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Update\1.3.36.152\goopdateres_bn.dll,#12⤵PID:2456
-
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:404
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2872