93a7a21da1e33d1bd3e5d0da982ed3b6107ea6bfac40f43b3a9442ab5de9efe4

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 21:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

93a7a21da1e33d1bd3e5d0da982ed3b6107ea6bfac40f43b3a9442ab5de9efe4.exe
Size

93.2MB
MD5

c1a9c81765de8ba0b68508abc7761364
SHA1

e2643f6bb4ea990461f6ed42dff8c68a2358fff4
SHA256

93a7a21da1e33d1bd3e5d0da982ed3b6107ea6bfac40f43b3a9442ab5de9efe4
SHA512

f9f3c7db1af001165349a2350ccdf61d4864f7b4daa661dd906e22ebc34f61f3fc73f717c118ab936900e0e8ed157cff98973f831b3b040094662ab19e85b9a7
SSDEEP

1572864:lt87M9ixs5oDdkssoxrwbxs5oDlUushA4eMzJoFgnJX5wkKG0gMoCw6UrKmd/:SUoDK7opRoDlUushReyqFgJ+wX6Cd

Score

7^/10

vmprotect

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2072	UpdateWizard.exe

Loads dropped DLL 10 IoCs

pid	Process
2072	UpdateWizard.exe
2072	UpdateWizard.exe
2072	UpdateWizard.exe
2072	UpdateWizard.exe
2072	UpdateWizard.exe
2072	UpdateWizard.exe
2072	UpdateWizard.exe
2072	UpdateWizard.exe
2072	UpdateWizard.exe
2072	UpdateWizard.exe

VMProtect packed file 8 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral2/files/0x0007000000023250-152.dat	vmprotect
behavioral2/files/0x0007000000023250-151.dat	vmprotect
behavioral2/memory/2072-158-0x00000000738A0000-0x00000000743BE000-memory.dmp	vmprotect
behavioral2/memory/2072-159-0x00000000738A0000-0x00000000743BE000-memory.dmp	vmprotect
behavioral2/files/0x0007000000023255-162.dat	vmprotect
behavioral2/memory/2072-166-0x0000000072710000-0x0000000073393000-memory.dmp	vmprotect
behavioral2/memory/2072-177-0x00000000738A0000-0x00000000743BE000-memory.dmp	vmprotect
behavioral2/memory/2072-178-0x0000000072710000-0x0000000073393000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2072	UpdateWizard.exe
2072	UpdateWizard.exe
2072	UpdateWizard.exe
2072	UpdateWizard.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1124	93a7a21da1e33d1bd3e5d0da982ed3b6107ea6bfac40f43b3a9442ab5de9efe4.exe
2072	UpdateWizard.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1124 wrote to memory of 2072	1124	93a7a21da1e33d1bd3e5d0da982ed3b6107ea6bfac40f43b3a9442ab5de9efe4.exe	92
PID 1124 wrote to memory of 2072	1124	93a7a21da1e33d1bd3e5d0da982ed3b6107ea6bfac40f43b3a9442ab5de9efe4.exe	92
PID 1124 wrote to memory of 2072	1124	93a7a21da1e33d1bd3e5d0da982ed3b6107ea6bfac40f43b3a9442ab5de9efe4.exe	92

C:\Users\Admin\AppData\Local\Temp\93a7a21da1e33d1bd3e5d0da982ed3b6107ea6bfac40f43b3a9442ab5de9efe4.exe
"C:\Users\Admin\AppData\Local\Temp\93a7a21da1e33d1bd3e5d0da982ed3b6107ea6bfac40f43b3a9442ab5de9efe4.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Users\Admin\AppData\Local\Temp\4D55.tmp\UpdateWizard.exe
  "C:\Users\Admin\AppData\Local\Temp\93a7a21da1e33d1bd3e5d0da982ed3b6107ea6bfac40f43b3a9442ab5de9efe4.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4D55.tmp\QtCore4.dll

Filesize
2.4MB

MD5
26c8600a427882bbd4f4edc393ff0c2c

SHA1
ba5a668eaa92ebdbc0efa6adb0abc3a1dbdec6bc

SHA256
45717e86a8f63e4783f2a429bcfa123864d44851f2ef56ce5ebd51c4d236b426

SHA512
5468455b889550a0539ed0215515326de3a1b33dfbead3e6b52836f017244d9c8feb23671ba21a47deab70563f90c1cbb2f1c9ead9d2c09ed382cd6741ee8136

Download Submit
C:\Users\Admin\AppData\Local\Temp\4D55.tmp\QtGui4.dll

Filesize
6.3MB

MD5
713c12cd14f2965135d98537e0c443d6

SHA1
42893c97f5cbb064c7e8d7770b5970134422cfb8

SHA256
42d3dd5831b88dda86c9b4a12a6ef74b532797241df2678325394886007e3f87

SHA512
c6bdacd31ff724b950af6cd9e3b3cf71b82b3c5ca3ed22392d83fff2960156cf1244e5915301cca558e989764200a6c4e14830ecfc456a347aa448fe72387de3

Download Submit
C:\Users\Admin\AppData\Local\Temp\4D55.tmp\QtGui4.dll

Filesize
3.2MB

MD5
55b2a0e5e2ebf759502bb0ae39013beb

SHA1
1c5a37f6cf52fd7b5d659b819e69ca25f4ecc669

SHA256
7b17d2423835cbc0438c87ff0340768ac2a0c3ad22724de18c2920ed58746f58

SHA512
3a94dd5f9218ce286f950b74ac3d31c1d88c515caace518e9fdda7c5577aa15a7301530b6f1740fa8701b6fe09e039b7aa1e0233338b9dcf84d67d6310fb4c32

Download Submit
C:\Users\Admin\AppData\Local\Temp\4D55.tmp\SafePublicDllHelper.dll

Filesize
16KB

MD5
0f8db4d1282a3c85e9daec94c8983182

SHA1
322c740df489539acd350eabd8163a9e329aea5f

SHA256
52009dbb180b303286630a860bc41613262a4881bbe7428dcdf00795f80cc522

SHA512
ea3f863488af13be3fb452fc3b922a42cd375316a1e21c54b13520aab683a05a56b04222835ed063d3439bdcd5f0a3443762a8341b13259b0d87df09fa532954

Download Submit
C:\Users\Admin\AppData\Local\Temp\4D55.tmp\TempFolder\50A3.tmp

Filesize
2KB

MD5
1963c2edc7914f51d5c75e1322f5bc85

SHA1
daf367ad6e7f659e4339f5d76540607659254570

SHA256
aa24870503fc212cfa126d19f7d4262ade6cfbe4d4b80542b5f33399f5f0ad2d

SHA512
742ab07a439ea652fcc406499ce672044ef97b2b0a9a9b08722c37d6a71791c906f5431011a8154ed96f4db58a234e8f5122fa4d2fd5399762809f9afb39da70

Download Submit
C:\Users\Admin\AppData\Local\Temp\4D55.tmp\TempFolder\lang\Arabic.lang

Filesize
19KB

MD5
86206722044aab282397bb4822521a65

SHA1
575ab356d3022555715ed92a1da6aa1d9f312477

SHA256
9f94c4bbc1c2c72d98b15f1ac59678a4457cb8f411b5b6a0ac4daf4a7c0e21fe

SHA512
8d2e99c262309d4339715869bb4e7574454d2f4967162c89571f2327da4984284cf7026f6a966bfd293472afc41ea99c70ce594ad55438f07329125828870cab

Download Submit
C:\Users\Admin\AppData\Local\Temp\4D55.tmp\TempFolder\lang\Bulgarian.lang

Filesize
22KB

MD5
c545f1b23be0fa82189ad870bd06827e

SHA1
70f3b7c6dd5f32c9364c3a448184c355cad02fd0

SHA256
de10496f9f96890698009c92e776775f20cbcd970b5d8986eeead3e2a8088b4a

SHA512
6c299f452fc31b15ba15122bf651d42fc27a44c3a46cbb70508c0985ba9f653a88d84042999d3ec0829a61e6d386a1d94cd5d624db04fad74d092c1b6c867000

Download Submit
C:\Users\Admin\AppData\Local\Temp\4D55.tmp\TempFolder\lang\ChineseHK.lang

Filesize
11KB

MD5
84d1910a2c157dc715b45f88c6fc7830

SHA1
4acbe3eab8a28c3cd761af2caf0296fddb03ce81

SHA256
066e55d7e76bc6f4e16673677c60376ebb081909aca2bba63d8aced8b2955eb0

SHA512
411f1b17e0908196c7f443daed92545ec5f8df39980f01bec259878efee708307efe5dcb42d1fbea16ee640b09ec49a89254ec35588af93e8b3a6874f75af3f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\4D55.tmp\TempFolder\lang\Croatian.lang

Filesize
14KB

MD5
338070f09327beb14cc5f1c08017066c

SHA1
cbdf7ab2acbfab78ecc0bcd9f4defbeed390243e

SHA256
cff9a39aabc48a9017a97df8b61ebf793586fdbccfcbdc0ea1170467f064e78e

SHA512
9ba99e42fbaff9122bd9238210a467642e304420455c7de27eb24b018bac70305368761694cf43d2f7cc6bbc3b4fef1b0f501834ca74ad06a384cb7e6ac59b35

Download Submit
C:\Users\Admin\AppData\Local\Temp\4D55.tmp\TempFolder\lang\Czech.lang

Filesize
14KB

MD5
48cba015c5b6f485c5c1f412f74c94f8

SHA1
ec65cbb0725113eb10cd352f255e3bbe6cfb17a1

SHA256
282b4b4c4b1e09310845888869a061dc5a3e6b52a3cc9f74ae77b6def2e7060d

SHA512
bf02425f9ac2c3a6fed371aee3166b46696c84e07c0fd1ee1c2d8ad841533b6052296730b1985c359c5c07c0bb32606302efeda198dd2d0d736e0ef683726707

Download Submit
C:\Users\Admin\AppData\Local\Temp\4D55.tmp\TempFolder\lang\Danish.lang

Filesize
14KB

MD5
00f15d21e84b8bbf913825a0e8edec06

SHA1
7fe0a845b7fff00c72df92722336e730d8056afc

SHA256
f4180c7cb1e11f1ea39acf30a5622658cdbc524fbb26b0e69c650a53353720a4

SHA512
699692871bc3295b2b670084d9b3baa4646e47e0f827eead214f8f5e1d5ab9a62165e7355c9e42d840dae0ba69c27b4a09f992574b9cdbe8435cdf854eeb6c6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\4D55.tmp\TempFolder\lang\Dutch.lang

Filesize
15KB

MD5
38ad2ca026c314d2748275ab27e0002b

SHA1
0c854b18849916a45d811f9284f3abe3d8a56eb6

SHA256
500ffe9d1e6d60194394f525342fc49cf1f719bcdae0519c84c22e2bdf6c5c2b

SHA512
e6795bc51963ec49ff22bcf288a9779f474e5c71f18a889471816d010d2a6b041e492a726a4bb2e3263ccd9b6ef8a38e99f8b8d21bb237cd420af240f0aad2af

Download Submit
C:\Users\Admin\AppData\Local\Temp\4D55.tmp\UpdateWizard.exe

Filesize
3.6MB

MD5
b16e80e57e1bae5ca1346cb6a5dffea1

SHA1
9f156890a5495c9c6d5284ae7b8d9e1e9437a0d2

SHA256
f04afb84560fb599a4742dd454c66c55992be1c2063dd3ec4d49b46b4ae1e6b3

SHA512
f7e6c51d55502fc5f15c07e5646de152b4ed3ce250c5cb9391c8142a4b6f64fdd062fe1cee02da9d22f4c196a2ce5bb63b669e4b9d7f32dc2e24db03ede4b9b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\4D55.tmp\UpdateWizard.exe

Filesize
2.7MB

MD5
fd3598a7a20851c5ae652f698991cd66

SHA1
7168ac30aff47f579ab49cc0b634dd9edcbc4315

SHA256
7e9cf6255a5f7d4047ed377be2ea8157612a4eefa1009a56de4ee05307f268a7

SHA512
d682675c65d23df307909cecf8ca7e0e854538cc396300c518fc1ca431d2cf6645e60d08b4d80ea72b2e680e3bc959081f4155e450af7d5419c7525c9122a836

Download Submit
C:\Users\Admin\AppData\Local\Temp\4D55.tmp\botan.dll

Filesize
1.5MB

MD5
420c340ba0033e5d6ceadfaaf3f581e8

SHA1
9b2bc60e478bd8dfc558f76fd7a563929d82a032

SHA256
65b741839b4910da84d1b9ba135943b3911c0f427c1b402cfbf919fda9d50c34

SHA512
02303ae5d79fc750636f80e80b6acffba556a14d4eb74cd2b08406aa5b45a4286dadfdb0421c9d13aa419fd6b76fb18908bb6e033445123dc7eb833e67c28ee5

Download Submit
C:\Users\Admin\AppData\Local\Temp\4D55.tmp\libSafePublic.dll

Filesize
3.6MB

MD5
76f38abbff60be6ea47f58d7c2d9f00c

SHA1
f48b51be43bde956e17b9d68c3471397d94040f8

SHA256
b8f542ed8a1ab69b73598fe555b6eaa3e509bd7ed094b5335ea5f5adc4faea43

SHA512
07d0532b552ddde56543d22cedcb5111c0b7bddd82fee01353e3437daf876be145d4a99a5b78e20f96ffc6cd21d74ec38a8685007503be1c9676dcde68ec7415

Download Submit
C:\Users\Admin\AppData\Local\Temp\4D55.tmp\libSafePublic.dll

Filesize
3.9MB

MD5
4e41c1ccfef31b8e6a94b295af2e8801

SHA1
e67250cd14d28752232299c14e5f0f519fdb001d

SHA256
815d2c0aaf9bc1e16750f3062ad48b7009f515c04d51ef695d073bad9a2e7631

SHA512
648bbeda86a606debd0fda662cc95da8cf6577e8367ee75dc65c356677d344396e868f84168b704c538e72751114facb07de726c7e60b0fce5bc97a80889a067

Download Submit
C:\Users\Admin\AppData\Local\Temp\4D55.tmp\mfc140.dll

Filesize
2.9MB

MD5
86097790db8fea317e60c1cab8c269fb

SHA1
8f9c5d8c0e9c822dc311f2871e81260fa3e9747d

SHA256
db9a3caa5274d9647e4cb5db1bd8bc106d0fc86b6df02933da8c41ed95eca488

SHA512
18bf334ee8197c85b0ef8d9d0c063565d91cd2336d0a5250dd00a872f9857a5772a916ec7c751944c9fc4176d46fe70622ccc970abb643598c5255803e0492dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\4D55.tmp\mfc140.dll

Filesize
2.8MB

MD5
0c5f811663ac6e811468348f356f84e4

SHA1
a3c7bbcd02368cb7e3132dcb5f5289a1e472ee47

SHA256
e5427d17a4afad4d81348b7c364ac17ffc93a0d74dbacafd446a0662a18216b9

SHA512
9267d3684f69b60d0fcf6c59455336b77012081d682e629fe740b7ca5e8571563070867bf2b3e9a31e575fe100c1a006fe778c6f0ff5d686738069d4760a1ab9

Download Submit
C:\Users\Admin\AppData\Local\Temp\4D55.tmp\net7ssh.dll

Filesize
147KB

MD5
9c5a8a2c30d00ec0f52c872f0381a0ab

SHA1
5ff2e6f71dae9150a3a3b019796f16ad3a34ae19

SHA256
85c66c3d402d45e2755de67c292efbaea247e154657fc3b44b48111b6a115dd8

SHA512
04a80fd085bed768b711275a0a5094a64dc7ba85d0acf34c6f31508fdf1bc61e6a7a211114137f0ba0f0d1374676687437cbab0b64d56a96483433cf01d8692b

Download Submit
C:\Users\Admin\AppData\Local\Temp\4D55.tmp\sec2.dll

Filesize
7.0MB

MD5
7ddd1be49664fbcdeffc3f602e866eca

SHA1
809c2330550edc1da61091b98cdb71a4970bbcbf

SHA256
aea1c93752c135f334ab6a6e9637cd97031008aea7d4ac9cf7566183d21a09bd

SHA512
1c92a942ee12f593e07a2bd0ad28f135cf9a64a853ad6b61c2e6dcc319204dc0399cc9770a8ed3202aba0b61806a1fae2af6d2ae723e3f71d3bb2a91d5c3dd37

Download Submit
C:\Users\Admin\AppData\Local\Temp\4D55.tmp\securec.dll

Filesize
11KB

MD5
edd7b75bb59b1ced010e971a4b195ac6

SHA1
2762793de6e37020586d0d403af489b4779faa5d

SHA256
ad04bcefa77294ae149237310ca043444f8df2a38ed8c02e775211717dfe0da8

SHA512
3906f9dd786699539ee0cd4a6d82c7d436f4a584d3922ec2a956518d74e8ab049b25b9437e8cbfa613ee4ac121e9ef76824b40f6f29488c1ee604f662e0d4112

Download Submit
memory/2072-158-0x00000000738A0000-0x00000000743BE000-memory.dmp

Filesize
11.1MB

Download
memory/2072-159-0x00000000738A0000-0x00000000743BE000-memory.dmp

Filesize
11.1MB

Download
memory/2072-157-0x0000000005010000-0x0000000005011000-memory.dmp

Filesize
4KB

Download
memory/2072-164-0x00000000053C0000-0x00000000053C1000-memory.dmp

Filesize
4KB

Download
memory/2072-166-0x0000000072710000-0x0000000073393000-memory.dmp

Filesize
12.5MB

Download
memory/2072-52-0x00000000034C0000-0x000000000363E000-memory.dmp

Filesize
1.5MB

Download
memory/2072-177-0x00000000738A0000-0x00000000743BE000-memory.dmp

Filesize
11.1MB

Download
memory/2072-178-0x0000000072710000-0x0000000073393000-memory.dmp

Filesize
12.5MB

Download