1af1b3672709b15ee55825e776d168744713f05ef9234b6f6df22333bb3a1641

Analysis

max time kernel
151s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 13:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

updater.exe
Size

5.3MB
MD5

87e7a86bb2fc61d2173612a1864a3ec5
SHA1

1d39ccb14dcd0fc18ac65968245fcc14272d34e9
SHA256

370edc395d598608e1b486d3ac83563fb783c93f542ff71468ceed5cfad716df
SHA512

e5725a1204e352f45b373d049cc755fee6436fe3537ea41f69b8dfe37a8e0c9c767f7618bff2131603256b90f9a1989cfbb89229ad9c394cdfc27e691ee419db
SSDEEP

98304:YQ8if6fwoPllMWHu8PfLTXhJ1htrCayZYfDvDX5GkQi0uVx+UPbmyN2U8zVIqHqP:9Vy4oP1HbfLTRJNvyZYfDvj59zVxHTep

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
1880	updater.exe
1880	updater.exe
1880	updater.exe
1880	updater.exe
1880	updater.exe
1880	updater.exe
1880	updater.exe
1880	updater.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3636 wrote to memory of 1880	3636	updater.exe	90
PID 3636 wrote to memory of 1880	3636	updater.exe	90
PID 3636 wrote to memory of 1880	3636	updater.exe	90

C:\Users\Admin\AppData\Local\Temp\updater.exe
"C:\Users\Admin\AppData\Local\Temp\updater.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3636
- C:\Users\Admin\AppData\Local\Temp\updater.exe
  "C:\Users\Admin\AppData\Local\Temp\updater.exe"
  2⤵
  - Loads dropped DLL
  PID:1880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI36362\VCRUNTIME140.dll

Filesize
3KB

MD5
033b19a2fa834814552bb75e9aa7e9ba

SHA1
20b469f974f9696df11fb8ea2b23514e952e923d

SHA256
e7ea2283671054741b385e6bd8cd2df382bffc9fb4dd42f607cbe4543d267b98

SHA512
f7bb2979b992dcafabea123b0c86f679d5a65a5c92af3687023ce22c42b4e344734068d432699d5a4b0471ef2d1f3d6ce576929c29019f475bab16f32cf26e9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36362\_sqlite3.pyd

Filesize
67KB

MD5
e6856fbc1fe0692776a097e7a3830fb0

SHA1
c541d7841472bbebc1d122cd2d2b58e3d3911f09

SHA256
49fde230b57085b1b1e04702464b725d7eecaba9b50c95f0ff30f7764cd341e0

SHA512
3dee9e94d793475c131a8e009ac42eb1857bf568641e0fc52136dfa1361f66c72fb8762b9b1196cc5593502c4507b1d0fcae08be4f5b3c5c354a051c63d09dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36362\base_library.zip

Filesize
93KB

MD5
4f37e57907bfaee642cc80c51c84a4c7

SHA1
3f9a6a88861336a6b159cff2da9ef65aaa793061

SHA256
1bffd1d9a3adcecca121583c35db2a8232f361cfb90258f08739fe757ff81405

SHA512
f57e2095808994a97a818d05735e7f20fd816d9b5fdc9261764e067b4d95e3acdcfd5692dbeac2e3b6f4859d5dc142f214f4f62a08623ddf4f1e542b4a46d3c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI36362\python38.dll

Filesize
91KB

MD5
067801b8b2593852cd1a5193a8acf841

SHA1
57641e0590ebc2b94da72eca9a5f4b7af73310fc

SHA256
fc61d5214c257e423a682f2bb153eb30d6547b19efd33022ed14b2bbca1f57b6

SHA512
63aff5885f0e73cd70e74a3c1432bd3fc678cdd78f3f41a9a63237064f9b3d9dad1918355a937e55f5e49561dceff88a8429dbe8241c33eee921296937c89c62

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads