d7e0caa0ebadfc20afe49134b4a45f9a9d3bb911a20ed03070dc7aab9edb2118

Resubmissions

12/09/2024, 21:58

240912-1vryyaxfnh 7

11/09/2024, 03:47

240911-ecl43ssale 7

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/09/2024, 21:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

REPENTOGONUpdater.exe
Size

9.8MB
MD5

2c31104af8d9a3d5fb6ae71288f4f028
SHA1

8ed8c6cac63dac28bc9fb166c70d69ba55fbed81
SHA256

d7e0caa0ebadfc20afe49134b4a45f9a9d3bb911a20ed03070dc7aab9edb2118
SHA512

d221fd70090b0ffbf8db771384168f8c4798c8ad2186ce8605044771603bdb7e5e75112f57e4b55075e0992d2ff99c15e8ea90553759f439253bc781f1c71ed9
SSDEEP

196608:6DJ+o2+VL2V76+DXLZy7YM30Lzajk/1k0W8/L13+dgScaTpaGD8:+J72GL2V76m70GzajaDW8B3+d9tT0G

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2528	REPENTOGONUpdater.exe
2528	REPENTOGONUpdater.exe
2528	REPENTOGONUpdater.exe
2528	REPENTOGONUpdater.exe
2528	REPENTOGONUpdater.exe
2528	REPENTOGONUpdater.exe
2528	REPENTOGONUpdater.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2528	2212	REPENTOGONUpdater.exe	30
PID 2212 wrote to memory of 2528	2212	REPENTOGONUpdater.exe	30
PID 2212 wrote to memory of 2528	2212	REPENTOGONUpdater.exe	30

C:\Users\Admin\AppData\Local\Temp\REPENTOGONUpdater.exe
"C:\Users\Admin\AppData\Local\Temp\REPENTOGONUpdater.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Users\Admin\AppData\Local\Temp\REPENTOGONUpdater.exe
  "C:\Users\Admin\AppData\Local\Temp\REPENTOGONUpdater.exe"
  2⤵
  - Loads dropped DLL
  PID:2528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI22122\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
b5233e03bde877536db16308f3664cda

SHA1
15ff9d07de90f4a13943b36c30ce2cfaccc67451

SHA256
fb9b51ab73cb5fecc491a3a2624d54cc327370c6ac5efc9dfada2411acf766ed

SHA512
ad005e39dcd889e8a6c127038b7c25eb2e100c889b16a6b12063bf76087b3d245df2768d3f032963dcbb33d320be56ec3a2822a718d17b34503ee0ddccef7486

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22122\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
da0e628d704f10be357148f2131108b1

SHA1
a9a8c5e002a65d1b43fb990a86c59d290d480464

SHA256
5747de24ef2014b50f49d541621a328a02a4ef5f20eeb94423a3d7f7954e49f6

SHA512
30b2b3fd92b73dc387b6beff63c4d9e16123f9abbde0cc3f33b1b00c013885f980d12d793e32aaf7c430121df3d337dd09a9a8a5ea874696d3cf37ee51a50a81

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22122\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
e142049a08327db53b0289cd25bbb70f

SHA1
3289a7c010a613b07b235d13ec96af31b683834a

SHA256
dd36f8e544be435ffd7c96ddb077dc76b4cebd6fbef14319f7d21f47fe794a87

SHA512
f6fd8865f9df1bd382b246041ad90a3e87e42a99b7dc8167d0d4513e7bec6901b80120ff98e1283ca754dcc726b4ddc000f41c428f4f45dfd4489e94075352cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22122\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
8ce9f911908bc20529ce03b7836397f5

SHA1
b8554a420c1372474e15d931f2f50e433d3b634e

SHA256
257d25b17680639ef9175e272c2cec4239a395651a69115441ba234c4b30ec0b

SHA512
980af4b0b3749d5e5842be388734b6385f0181eb5319b3e7802fcb33aada78b6bcf753a4eed29584e988b2708798e3da2ebd286c09fc5c518f8a1e2c5754fb11

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22122\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
8a7fbe2425592dd419f6cf665613b967

SHA1
af2170a7e5f27111e32fa27ecfdddaa41edc8156

SHA256
a6cbce99976a8fdd8d9cc278c7d8aebbc4a6ae6404684021d73c8f4e520b98dc

SHA512
57d41d57721f9e37c6ea8a55ac156f9275d2373beead9f5c836ff7379c49c6676b9168bf278206fe2e60b576e066d8706ec1ed0a96b3db82b197d724f4a2279f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22122\python39.dll

Filesize
4.3MB

MD5
2135da9f78a8ef80850fa582df2c7239

SHA1
aac6ad3054de6566851cae75215bdeda607821c4

SHA256
324963a39b8fd045ff634bb3271508dab5098b4d99e85e7648d0b47c32dc85c3

SHA512
423b03990d6aa9375ce10e6b62ffdb7e1e2f20a62d248aac822eb9d973ae2bf35deddd2550a4a0e17c51ad9f1e4f86443ca8f94050e0986daa345d30181a2369

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22122\ucrtbase.dll

Filesize
987KB

MD5
6b9880ec69f2988d1035fa11969fa894

SHA1
add955b1826c79aa43afb268682aad5614d5f1e6

SHA256
c446df8432ff2679961763de876432fcf13f272269c17417e7eccbda0b000448

SHA512
747d074dbc9bd020feb04c009ad8bd975a4c9a37e0ead8093908237ab00f08e46beb73bfc3a7b41bedb99130877343206a0a2568b611161d17ece5597e3416d9

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads