Analysis Overview
SHA256
6049e75c85f7877fbb16ba00a3b17e1b5af58ccf25599f6692eb6bc7839807fe
Threat Level: Shows suspicious behavior
The file Resource.Pack.Updater.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Detects Pyinstaller
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-04 19:35
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 19:35
Reported
2024-06-04 19:38
Platform
win11-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Resource.Pack.Updater.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Resource.Pack.Updater.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Resource.Pack.Updater.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Resource.Pack.Updater.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Resource.Pack.Updater.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 35 | N/A | C:\Users\Admin\AppData\Local\Temp\Resource.Pack.Updater.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4076 wrote to memory of 3212 | N/A | C:\Users\Admin\AppData\Local\Temp\Resource.Pack.Updater.exe | C:\Users\Admin\AppData\Local\Temp\Resource.Pack.Updater.exe |
| PID 4076 wrote to memory of 3212 | N/A | C:\Users\Admin\AppData\Local\Temp\Resource.Pack.Updater.exe | C:\Users\Admin\AppData\Local\Temp\Resource.Pack.Updater.exe |
| PID 4076 wrote to memory of 3212 | N/A | C:\Users\Admin\AppData\Local\Temp\Resource.Pack.Updater.exe | C:\Users\Admin\AppData\Local\Temp\Resource.Pack.Updater.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Resource.Pack.Updater.exe
"C:\Users\Admin\AppData\Local\Temp\Resource.Pack.Updater.exe"
C:\Users\Admin\AppData\Local\Temp\Resource.Pack.Updater.exe
"C:\Users\Admin\AppData\Local\Temp\Resource.Pack.Updater.exe"
Network
Files
C:\Users\Admin\AppData\Local\Temp\_MEI40762\Resource Pack Updater.exe.manifest
| MD5 | 670d4912fc75861ea8a3b2d381c6f113 |
| SHA1 | 516ec789f8e151a903e92ab70062551dbf3aa288 |
| SHA256 | 0b4f1687f669ae7e696ec710a8744053fb31e897f8a49e650db040c02f36a039 |
| SHA512 | a7366bb1874f1a618f5231d755c9d297ec6cb023fe1d040ee5d8e8df70ea5d78a11439553681ac49be4ea24fc5c63fd66c05f95daa58c40dcc92437e5737fac5 |
C:\Users\Admin\AppData\Local\Temp\_MEI40762\python37.dll
| MD5 | 7c472749f1480afd7caf8ed94ee5e9c8 |
| SHA1 | ee37ebf5dcfebbfc55ba155152a96ef86ed06fd2 |
| SHA256 | f4c1615cd001d583e7e0f60693b73f16e5e60766f4da2262d9cdc557136f6d3e |
| SHA512 | 47a923c00fa99e0761ca35abe127f26567ad2cdb5afc1f02adfb771fe1999cd620e07023edca2966b6b709b43027909f16f618f8bb1d239bcf2fc07638662a91 |
C:\Users\Admin\AppData\Local\Temp\_MEI40762\VCRUNTIME140.dll
| MD5 | ae96651cfbd18991d186a029cbecb30c |
| SHA1 | 18df8af1022b5cb188e3ee98ac5b4da24ac9c526 |
| SHA256 | 1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1 |
| SHA512 | 42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7 |
C:\Users\Admin\AppData\Local\Temp\_MEI40762\base_library.zip
| MD5 | ce09e347b1868554e44563e822fc593b |
| SHA1 | cbb0c32dfe6a250ba0b38519262d960524b2335a |
| SHA256 | 7dafb9ce147cbb5cbe0f7293fe190db877850fdb85589f5817f071f16a25b1da |
| SHA512 | 383e7e062b911ea47e1186a9abc7239371db1da2f505e6dfadd55642891645c8477cb7d31c7f9bdaa63840c5929a5f05b15abff395524368b01b6d2af7daf86e |
C:\Users\Admin\AppData\Local\Temp\_MEI40762\_ctypes.pyd
| MD5 | 3d63bfe259a091dee1ff2b5a375fae6b |
| SHA1 | fa950251970da0dce14ef983b2c59eac567cc173 |
| SHA256 | e740232c68e08db0cfd3fe615817117caa80bdef5276c536d3cd22e9c18987c1 |
| SHA512 | 925800248614bfc5e2242452a62bd474a0447f56dd28453865d7ae3f3296f0425dd61c6a3a62f8ca838c07f679724e0adbc7ac883400dfe8277eb7b7b542bb07 |
C:\Users\Admin\AppData\Local\Temp\_MEI40762\PIL\_imaging.cp37-win32.pyd
| MD5 | a327421bac0f643f347ab0fd95abac82 |
| SHA1 | 35714d6f887117334939b32cb1e1d1c6e49fc4c6 |
| SHA256 | 908b2770664852717ea290192045c5efdbfc7430f757315e3747009f1fd18e19 |
| SHA512 | 89e7a192d3d417600db641f997fe5ad29ebe197cb4f22c132bc22b6020c6c603d672c9d081e213a8e93d299612acad5b6b3b26c6127624a79a6531fe010f82cd |
C:\Users\Admin\AppData\Local\Temp\_MEI40762\resources\particles_base.png
| MD5 | cfa07fc8c8870338077d8f2220bc735a |
| SHA1 | eee57395da1a6b19c6b2df51d9aedcf2b735671c |
| SHA256 | 275ae8266db750932b43078ea664cd8822961fdcf65312a964e3c042e5f9699f |
| SHA512 | c2ff7cf8c169a5d0a2402eae8b8876f6b19e36c3ae7eacb018a6d37a06b7eab40dfa8e0625373fa3f6f78c970cb2748a6f67c8085856942fb995d6ebc9ba4370 |
C:\Users\Admin\AppData\Local\Temp\_MEI40762\_decimal.pyd
| MD5 | 04472f6127f4e5eb1593835bb4d96f2f |
| SHA1 | 5adcaaae5f033120ef3423f5d13b06625f53b465 |
| SHA256 | 5215873d5aac127711356366399507b6e0d12f3427b6b162557527c560fa9920 |
| SHA512 | 4df65cdb2c5b31408421fb56ca1eaa106a3826b3306e930aac56794dadc1bbfc19e65e27b9961d25e96a3cd085ee79d1ca3b1b30142920ace22e412e3fcef147 |