Malware Analysis Report

2024-11-30 13:32

Sample ID 240604-yaxycahh37
Target Resource.Pack.Updater.exe
SHA256 6049e75c85f7877fbb16ba00a3b17e1b5af58ccf25599f6692eb6bc7839807fe
Tags
pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

6049e75c85f7877fbb16ba00a3b17e1b5af58ccf25599f6692eb6bc7839807fe

Threat Level: Shows suspicious behavior

The file Resource.Pack.Updater.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller

Loads dropped DLL

Detects Pyinstaller

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-04 19:35

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 19:35

Reported

2024-06-04 19:38

Platform

win11-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Resource.Pack.Updater.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\Resource.Pack.Updater.exe

"C:\Users\Admin\AppData\Local\Temp\Resource.Pack.Updater.exe"

C:\Users\Admin\AppData\Local\Temp\Resource.Pack.Updater.exe

"C:\Users\Admin\AppData\Local\Temp\Resource.Pack.Updater.exe"

Network

Files

C:\Users\Admin\AppData\Local\Temp\_MEI40762\Resource Pack Updater.exe.manifest

MD5 670d4912fc75861ea8a3b2d381c6f113
SHA1 516ec789f8e151a903e92ab70062551dbf3aa288
SHA256 0b4f1687f669ae7e696ec710a8744053fb31e897f8a49e650db040c02f36a039
SHA512 a7366bb1874f1a618f5231d755c9d297ec6cb023fe1d040ee5d8e8df70ea5d78a11439553681ac49be4ea24fc5c63fd66c05f95daa58c40dcc92437e5737fac5

C:\Users\Admin\AppData\Local\Temp\_MEI40762\python37.dll

MD5 7c472749f1480afd7caf8ed94ee5e9c8
SHA1 ee37ebf5dcfebbfc55ba155152a96ef86ed06fd2
SHA256 f4c1615cd001d583e7e0f60693b73f16e5e60766f4da2262d9cdc557136f6d3e
SHA512 47a923c00fa99e0761ca35abe127f26567ad2cdb5afc1f02adfb771fe1999cd620e07023edca2966b6b709b43027909f16f618f8bb1d239bcf2fc07638662a91

C:\Users\Admin\AppData\Local\Temp\_MEI40762\VCRUNTIME140.dll

MD5 ae96651cfbd18991d186a029cbecb30c
SHA1 18df8af1022b5cb188e3ee98ac5b4da24ac9c526
SHA256 1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1
SHA512 42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7

C:\Users\Admin\AppData\Local\Temp\_MEI40762\base_library.zip

MD5 ce09e347b1868554e44563e822fc593b
SHA1 cbb0c32dfe6a250ba0b38519262d960524b2335a
SHA256 7dafb9ce147cbb5cbe0f7293fe190db877850fdb85589f5817f071f16a25b1da
SHA512 383e7e062b911ea47e1186a9abc7239371db1da2f505e6dfadd55642891645c8477cb7d31c7f9bdaa63840c5929a5f05b15abff395524368b01b6d2af7daf86e

C:\Users\Admin\AppData\Local\Temp\_MEI40762\_ctypes.pyd

MD5 3d63bfe259a091dee1ff2b5a375fae6b
SHA1 fa950251970da0dce14ef983b2c59eac567cc173
SHA256 e740232c68e08db0cfd3fe615817117caa80bdef5276c536d3cd22e9c18987c1
SHA512 925800248614bfc5e2242452a62bd474a0447f56dd28453865d7ae3f3296f0425dd61c6a3a62f8ca838c07f679724e0adbc7ac883400dfe8277eb7b7b542bb07

C:\Users\Admin\AppData\Local\Temp\_MEI40762\PIL\_imaging.cp37-win32.pyd

MD5 a327421bac0f643f347ab0fd95abac82
SHA1 35714d6f887117334939b32cb1e1d1c6e49fc4c6
SHA256 908b2770664852717ea290192045c5efdbfc7430f757315e3747009f1fd18e19
SHA512 89e7a192d3d417600db641f997fe5ad29ebe197cb4f22c132bc22b6020c6c603d672c9d081e213a8e93d299612acad5b6b3b26c6127624a79a6531fe010f82cd

C:\Users\Admin\AppData\Local\Temp\_MEI40762\resources\particles_base.png

MD5 cfa07fc8c8870338077d8f2220bc735a
SHA1 eee57395da1a6b19c6b2df51d9aedcf2b735671c
SHA256 275ae8266db750932b43078ea664cd8822961fdcf65312a964e3c042e5f9699f
SHA512 c2ff7cf8c169a5d0a2402eae8b8876f6b19e36c3ae7eacb018a6d37a06b7eab40dfa8e0625373fa3f6f78c970cb2748a6f67c8085856942fb995d6ebc9ba4370

C:\Users\Admin\AppData\Local\Temp\_MEI40762\_decimal.pyd

MD5 04472f6127f4e5eb1593835bb4d96f2f
SHA1 5adcaaae5f033120ef3423f5d13b06625f53b465
SHA256 5215873d5aac127711356366399507b6e0d12f3427b6b162557527c560fa9920
SHA512 4df65cdb2c5b31408421fb56ca1eaa106a3826b3306e930aac56794dadc1bbfc19e65e27b9961d25e96a3cd085ee79d1ca3b1b30142920ace22e412e3fcef147