1af1b3672709b15ee55825e776d168744713f05ef9234b6f6df22333bb3a1641

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 13:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

updater.exe
Size

5.3MB
MD5

87e7a86bb2fc61d2173612a1864a3ec5
SHA1

1d39ccb14dcd0fc18ac65968245fcc14272d34e9
SHA256

370edc395d598608e1b486d3ac83563fb783c93f542ff71468ceed5cfad716df
SHA512

e5725a1204e352f45b373d049cc755fee6436fe3537ea41f69b8dfe37a8e0c9c767f7618bff2131603256b90f9a1989cfbb89229ad9c394cdfc27e691ee419db
SSDEEP

98304:YQ8if6fwoPllMWHu8PfLTXhJ1htrCayZYfDvDX5GkQi0uVx+UPbmyN2U8zVIqHqP:9Vy4oP1HbfLTRJNvyZYfDvj59zVxHTep

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
1356	updater.exe
1356	updater.exe
1356	updater.exe
1356	updater.exe
1356	updater.exe
1356	updater.exe
1356	updater.exe
1356	updater.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 1356	2496	updater.exe	29
PID 2496 wrote to memory of 1356	2496	updater.exe	29
PID 2496 wrote to memory of 1356	2496	updater.exe	29
PID 2496 wrote to memory of 1356	2496	updater.exe	29
PID 2496 wrote to memory of 1356	2496	updater.exe	29
PID 2496 wrote to memory of 1356	2496	updater.exe	29
PID 2496 wrote to memory of 1356	2496	updater.exe	29

C:\Users\Admin\AppData\Local\Temp\updater.exe
"C:\Users\Admin\AppData\Local\Temp\updater.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Users\Admin\AppData\Local\Temp\updater.exe
  "C:\Users\Admin\AppData\Local\Temp\updater.exe"
  2⤵
  - Loads dropped DLL
  PID:1356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI24962\VCRUNTIME140.dll

Filesize
81KB

MD5
2ebf45da71bd8ef910a7ece7e4647173

SHA1
4ecc9c2d4abe2180d345f72c65758ef4791d6f06

SHA256
cf39e1e81f57f42f4d60abc1d30ecf7d773e576157aa88bbc1d672bf5ad9bb8b

SHA512
a5d3626553731f7dc70f63d086bd9367ea2c06ad8671e2578e1340af4c44189ecb46a51c88d64a4b082ce68160390c3f8d580dde3984cd254a408f1ef5b28457

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24962\base_library.zip

Filesize
220KB

MD5
b6b3d7c4b456a25ed9afef8a16cfb2f7

SHA1
fcd4ab6bd021ed213af7988e6c43a899ea44cf89

SHA256
9873101a7b44f56c4d4d80bc9c2172e67bdf88a69cafd75c89b5f2b0ca39ab6f

SHA512
8ef474ca71094ee3c727a16f01523810167f21c8a08f0db9bee1e68190eda3926b8d9782620a5c67e3be2f820d4e6459783ed795205f687446eef3e39d315e9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24962\python38.dll

Filesize
1.2MB

MD5
70a0d559d20dd066faa6339c2a4544b3

SHA1
d00022a73bc16b948a44a60287ee653a19970974

SHA256
cc54e2d79836f762f66a6d6cac1b9fbf2f388771909a21790af4d0f6dfc177f2

SHA512
8df04b9d57bcfd50414303b6b5dba40903d20cba3d2f3f9a9d97a482d21b9a843ffdf20f720329e1794b7216c98fd9529a5db83d6cfbee75d4e39de8fdc0a09c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24962\sqlite3.dll

Filesize
381KB

MD5
caafbdaf09db8e70de85008c8b95ed71

SHA1
67c39e26dd53c72fa855ed11bbd73714580d1a05

SHA256
bd0da5c8a851c5248e6be1e72eb58fa513f1cbf34300cf51b01304015c63a89b

SHA512
e7f1c0119170bdfedd5fa81bd9a5c7562c139f6dd78cc5d2182862f4e289025e174399316ae0c1b16f0037a03d296ca012c4fa53162ac7e21e47bd2d42dbe12a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24962\win32\win32crypt.pyd

Filesize
92KB

MD5
b3bdc47d1e54d0cc7d8066524d908f55

SHA1
3916fabddc791ded4bbc3db988e5b516940dd910

SHA256
08f65167601af3ce4411c2c774e50c6d0b5c213f5b95cd1fcfb68dc135625447

SHA512
0c2fd0f662c96d32e5121b5f318eceefaf87ae28509f7eddb9cf584b33db6f957954ff91667a2b20706dfebd610aaec3fddc6b0da3bbc2ff656b4756fe1d0fad

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI24962\_sqlite3.pyd

Filesize
67KB

MD5
e6856fbc1fe0692776a097e7a3830fb0

SHA1
c541d7841472bbebc1d122cd2d2b58e3d3911f09

SHA256
49fde230b57085b1b1e04702464b725d7eecaba9b50c95f0ff30f7764cd341e0

SHA512
3dee9e94d793475c131a8e009ac42eb1857bf568641e0fc52136dfa1361f66c72fb8762b9b1196cc5593502c4507b1d0fcae08be4f5b3c5c354a051c63d09dd5

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI24962\python38.dll

Filesize
1024KB

MD5
479bfb0709a2ec1a550fa6c01280857b

SHA1
b62a527993a6c7cb231d9f34bc71c75304526180

SHA256
d9b82c01938edc28bb28a79547e9e1c328820c18e9e4b225deb6a0b1a2d143f0

SHA512
543f3ea96689af512683c4f8e57980667f49cd5aba5ae7f658f422f7fb17e99041c58e389449d862bd6e8d0f8d36c9bfa5de255b79876fad4c2a9d8ea86b9b09

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI24962\sqlite3.dll

Filesize
382KB

MD5
850b7ca80c3690ffa842876940d9a916

SHA1
84b854f412f03164eecb0c6375978fcfeafae12d

SHA256
2f630e6c7c2dfedda05a0887fa7eb94675430cedf38122542626ead9b2433388

SHA512
f85ac8493ff38cdcf5e885f184387aa87d6e85bfbc0dcf83d6ecdbc9889a6d955566b3943e5b9a6c1af5d5dc9dda295365e5d9e8528e2b964e10ccf3f04fe67f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI24962\win32\win32crypt.pyd

Filesize
111KB

MD5
63a2be934ed293be34170713c65bf0b3

SHA1
493254f122d4757269d96d95f8eeec26b65e2408

SHA256
b7353aa33e234c2ea58575dbf1b787bbbed35a9802d6451e742e5a52b5f7e601

SHA512
f1b434f2bedc5eebd2ae3bb42ef82ffa662189b7fcd0963b2bb3f6a5c486b2e8ca25c810585a803f7d6928d375c0590a4e20702a8ccbb09a4f6c0f4f8c590c4b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads