7d30ba7852e9047e93c2488cb0305ad71551692ff42a295225bc8efbe7e8053c

General

Target

sims-4-updater-v1.3.4.exe
Size

18.1MB
MD5

d34ce38d2811b4014dc5576d7671a780
SHA1

fb0948bda56d6ab2d70e490a5cd9e77ea3f06d17
SHA256

7d30ba7852e9047e93c2488cb0305ad71551692ff42a295225bc8efbe7e8053c
SHA512

83deb98a29e2f32e3b7e68005ba5f7882d45ab386c4caf0dd07126c71487ee6816e1d1997f1805544acb5dceb331710d5a4a90b65790f8a0638f4058327e0969
SSDEEP

393216:1DfDg8Q9c6Gq3+d9S14UsdJEISHFsdW8C3nG:1b08QmEOd9SSUsdJEISlsdW8C3G

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 21 IoCs

pid	Process
852	sims-4-updater-v1.3.4.exe
852	sims-4-updater-v1.3.4.exe
852	sims-4-updater-v1.3.4.exe
852	sims-4-updater-v1.3.4.exe
852	sims-4-updater-v1.3.4.exe
852	sims-4-updater-v1.3.4.exe
852	sims-4-updater-v1.3.4.exe
2668	sims-4-updater-v1.3.4.exe
2668	sims-4-updater-v1.3.4.exe
2668	sims-4-updater-v1.3.4.exe
2668	sims-4-updater-v1.3.4.exe
2668	sims-4-updater-v1.3.4.exe
2668	sims-4-updater-v1.3.4.exe
2668	sims-4-updater-v1.3.4.exe
1740	sims-4-updater-v1.3.4.exe
1740	sims-4-updater-v1.3.4.exe
1740	sims-4-updater-v1.3.4.exe
1740	sims-4-updater-v1.3.4.exe
1740	sims-4-updater-v1.3.4.exe
1740	sims-4-updater-v1.3.4.exe
1740	sims-4-updater-v1.3.4.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2668	sims-4-updater-v1.3.4.exe
1740	sims-4-updater-v1.3.4.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 852	1940	sims-4-updater-v1.3.4.exe	30
PID 1940 wrote to memory of 852	1940	sims-4-updater-v1.3.4.exe	30
PID 1940 wrote to memory of 852	1940	sims-4-updater-v1.3.4.exe	30
PID 1124 wrote to memory of 2668	1124	sims-4-updater-v1.3.4.exe	37
PID 1124 wrote to memory of 2668	1124	sims-4-updater-v1.3.4.exe	37
PID 1124 wrote to memory of 2668	1124	sims-4-updater-v1.3.4.exe	37
PID 1984 wrote to memory of 1740	1984	sims-4-updater-v1.3.4.exe	39
PID 1984 wrote to memory of 1740	1984	sims-4-updater-v1.3.4.exe	39
PID 1984 wrote to memory of 1740	1984	sims-4-updater-v1.3.4.exe	39

C:\Users\Admin\AppData\Local\Temp\sims-4-updater-v1.3.4.exe
"C:\Users\Admin\AppData\Local\Temp\sims-4-updater-v1.3.4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Users\Admin\AppData\Local\Temp\sims-4-updater-v1.3.4.exe
  "C:\Users\Admin\AppData\Local\Temp\sims-4-updater-v1.3.4.exe"
  2⤵
  - Loads dropped DLL
  PID:852

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\sims-4-updater-v1.3.4.exe
"C:\Users\Admin\AppData\Local\Temp\sims-4-updater-v1.3.4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Users\Admin\AppData\Local\Temp\sims-4-updater-v1.3.4.exe
  "C:\Users\Admin\AppData\Local\Temp\sims-4-updater-v1.3.4.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2668

C:\Users\Admin\AppData\Local\Temp\sims-4-updater-v1.3.4.exe
"C:\Users\Admin\AppData\Local\Temp\sims-4-updater-v1.3.4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Users\Admin\AppData\Local\Temp\sims-4-updater-v1.3.4.exe
  "C:\Users\Admin\AppData\Local\Temp\sims-4-updater-v1.3.4.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI19842\tcl\encoding\euc-cn.enc

Filesize
84KB

MD5
c5aa0d11439e0f7682dae39445f5dab4

SHA1
73a6d55b894e89a7d4cb1cd3ccff82665c303d5c

SHA256
1700af47dc012a48cec89cf1dfae6d1d0d2f40ed731eff6ca55296a055a11c00

SHA512
eee6058bd214c59bcc11e6de7265da2721c119cc9261cfd755a98e270ff74d2d73e3e711aa01a0e3414c46d82e291ef0df2ad6c65ca477c888426d5a1d2a3bc5

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19402\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
fa6953700659b11c2d82fb521d2e8664

SHA1
07c7d14fdfd1686a424820f77733d1d4f3c75e31

SHA256
4dcc72554ffaa121decaf6e5bd3081198f017d735a07cc6d23d8a56b1383a61e

SHA512
1300c6ab6377e717dfac9e2f78c1218dee91e8fde25454f65ab32095a949c1be5b67aa3ed1c1d9f78d0c8bc9830f5c1dc0e6e01e91effec20ead6cdd9a3f639f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19402\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
621a34a36c202e4c4e59a6077c22cb5e

SHA1
ec696fd4e8e5935a722e88a551593593a12e882e

SHA256
746cde47f460ab4ef45a3158cbc038b166c86b03114c259ea5c759001692c079

SHA512
04e94784a70a576235d5bec58c57b8b3cfc01d7b292287f299deaf52523cef51c2790874116e666e5bc672453beafe173cf1afbe49a5f3076b83344298643ae0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19402\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
2395f675152f25bdc501c1b698b3f70a

SHA1
829eb4dee9604330072c124b9bddf4a4e96a7c98

SHA256
4173e50962540ec0708930d7c456164d4e0fa96d49efb034621eb06e67ac0563

SHA512
7c0125e248387d268a337fa2a0090e6b8713e6205d22fb23a4ce9635fb0f5b79a0e3d28aab3050cc0445ef065632052c23341b1ac22dbd947ac4262fd63a1b51

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19402\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
81a255549e9b3467276810f94a67512d

SHA1
c3bf694f5d030d5a29ebb9ae70010be4571cec17

SHA256
8447c3c56f83e5a9407bf446cfc037d149b945611f03798f731e49145fca81c2

SHA512
05e6d83baa20b38d8710ed06c62ef8603c37d70fd0f6036f54a50ad041575d52f23c56bcebb12df8bf7cd9327c46522e59bcda47e2fcabfb0e5c11247708afa4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19402\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
59f3aeb2eda80ffc000b99f27ec99d14

SHA1
2961c514b480424b3512d424dcd7d295477b243a

SHA256
e1c41c6525ed510aa75ec671f86d22a005ffd9a856a74dcf09bf3256e301a8ab

SHA512
ff1980c859c7a23ded484a51e596fd591df855e0266961c4620373d42190152f92df83683779a79561d46bd5d238d7d178cfa2952dee316a742a72835be44992

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19402\python310.dll

Filesize
4.3MB

MD5
63a1fa9259a35eaeac04174cecb90048

SHA1
0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

SHA256
14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

SHA512
896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI19402\ucrtbase.dll

Filesize
987KB

MD5
637c17ad8bccc838b0cf83ffb8e2c7fd

SHA1
b2dd2890668e589badb2ba61a27c1da503d73c39

SHA256
be7368df484688493fb49fb0c4ad641485070190db62a2c071c9c50612e43fed

SHA512
f6b727c319ca2e85a9b5c5e0b9d8b9023f0cf4193fab983cfa26060923374c6abd6d11db1da2e524a8b04622a4e13beb4c48dc23f98886d4abb33eb09f3a0776

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads