3a794867b593dc70111214a0e2e3f684b8a01f25b82dad14573df000b243b628

Analysis

max time kernel
36s
max time network
34s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30-09-2024 08:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

update.exe
Size

6.0MB
MD5

40104fe031ddbbaa7846752b6e7e06d4
SHA1

6484ef4c986f79cda4b9497e95e552098bd3c120
SHA256

3a794867b593dc70111214a0e2e3f684b8a01f25b82dad14573df000b243b628
SHA512

18dc694e0f95debf445e85db9258eb51b85e63ff11d6bb8ffb9303d60e0db30ebba652368b2eedb051f9998c0707f41023d891458856055b87437faabfe4b1a2
SSDEEP

196608:17p6uWJysVYvsO55kRMPdXVJECGVQ2e3TgbbYE50d:xhWJO5kRCXVmrVYUbbYI0

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 35 IoCs

pid	Process
4192	update.exe
4192	update.exe
4192	update.exe
4192	update.exe
4192	update.exe
4192	update.exe
4192	update.exe
4192	update.exe
4192	update.exe
4192	update.exe
4192	update.exe
4192	update.exe
4192	update.exe
4192	update.exe
4192	update.exe
4192	update.exe
4192	update.exe
4192	update.exe
400	update.exe
400	update.exe
400	update.exe
400	update.exe
400	update.exe
400	update.exe
400	update.exe
400	update.exe
400	update.exe
400	update.exe
400	update.exe
400	update.exe
400	update.exe
400	update.exe
400	update.exe
400	update.exe
400	update.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4700 wrote to memory of 4192	4700	update.exe	82
PID 4700 wrote to memory of 4192	4700	update.exe	82
PID 3336 wrote to memory of 400	3336	update.exe	97
PID 3336 wrote to memory of 400	3336	update.exe	97

C:\Users\Admin\AppData\Local\Temp\update.exe
"C:\Users\Admin\AppData\Local\Temp\update.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4700
- C:\Users\Admin\AppData\Local\Temp\update.exe
  "C:\Users\Admin\AppData\Local\Temp\update.exe"
  2⤵
  - Loads dropped DLL
  PID:4192

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\update.exe
"C:\Users\Admin\AppData\Local\Temp\update.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3336
- C:\Users\Admin\AppData\Local\Temp\update.exe
  "C:\Users\Admin\AppData\Local\Temp\update.exe"
  2⤵
  - Loads dropped DLL
  PID:400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI47002\VCRUNTIME140.dll

Filesize
87KB

MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47002\VCRUNTIME140_1.dll

Filesize
43KB

MD5
21ae0d0cfe9ab13f266ad7cd683296be

SHA1
f13878738f2932c56e07aa3c6325e4e19d64ae9f

SHA256
7b8f70dd3bdae110e61823d1ca6fd8955a5617119f5405cdd6b14cad3656dfc7

SHA512
6b2c7ce0fe32faffb68510bf8ae1b61af79b2d8a2d1b633ceba3a8e6a668a4f5179bb836c550ecac495b0fc413df5fe706cd6f42e93eb082a6c68e770339a77c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47002\_asyncio.pyd

Filesize
62KB

MD5
8c28ec788e715e3ca5dc2dd42cf9d250

SHA1
16e1b4c324f6f2fa7a206b5fbdd652477756825a

SHA256
91a6cb5ff61c48cdfff369341aa7ad85cca7a3cd32e714f6e80187f7ee399d3b

SHA512
be67d56fc6c7b672467626a30ae56943e6a9f1fbcc66c9edef5a67935bf314c7f745e6029eade27c4acd525e38ffcda77e3f229a7a5f4ada35547d39f2955a00

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47002\_bz2.pyd

Filesize
82KB

MD5
70a3a9e6d086a965bd164eb171f3f537

SHA1
a85dea115761d8a85ea08004fa65d975bbf37fdc

SHA256
5294b29c8130bad79b0a4ba9007f076843ebd35df6317b90ec9822f0ba3d8b57

SHA512
447937793cbbe64025db3f3a51cc2124fc73a418aa690db1ff5290edd4deac6a34d894653a33356e1d7ea3fdfcde801c9daa00873c0409d2223217d403c954a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47002\_ctypes.pyd

Filesize
121KB

MD5
9082abcff2c89a406e7eddc1a1d4afd9

SHA1
b114950c87dd1c544cf02704f5164a315993a716

SHA256
591392e5c488defdcfb179bc0db96504577e2122370ae480e840a90d53ce3f44

SHA512
3176d9898c77bb766679242c9667516868b25eadf59d7b92fe751d3bb81a9f4b68472df0d6234b159f27ca1503de29f574bd09b072cd38f503c8d5348d9dd4f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47002\_decimal.pyd

Filesize
262KB

MD5
a67ef9b6b7fd9016c6610fea79f16404

SHA1
749495d817d879006f3ba3305fd739f9900b5311

SHA256
1122a9129b05ebfe9cc29964144260a9787e81867869c261a59579f797015b7e

SHA512
e6a8931ac5c736d8a7fcdd2963b946a57661284a785215e501d0fb62ff7ab24b8f36aafb2c6d27c69a614e106dc4fe5a83fc816a434d1ad629ed3505bfd0f009

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47002\_hashlib.pyd

Filesize
44KB

MD5
c5a8b85ea3d0e8a04aac2df10796db2b

SHA1
3a9bf3024bacd0fff0e8c31d1d713ea1434cfd98

SHA256
fe504d5ac91f335300654dc978dbf85be18843be6f834359cd768618650f2dc7

SHA512
6f23eab6b26f034dcf92346afd7ab7108f81b90f10a3da3d7fd92116ff066ed42bdcf6bb8430c4b5f9ef2d53d25ea8c7d678cc5c8acd61ecaf79b911d54e07ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47002\_lzma.pyd

Filesize
246KB

MD5
24919c42c43d9ef08d4e372c339d9e47

SHA1
4ed83cdab8830605a7bb75cb03a5764b8ee5c886

SHA256
d8e4150517435b30913f4016df052dc7409d0e2b69b5f24333c274d504c4633f

SHA512
d2b8a9eed20e27390b47b23140feac340cf448c5c4b5deefe3e42f91e1b3482be1cffa5499b0c062e36ecea8990bea2523dbbef58acc816d3a0f89eddbab5ff1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47002\_multiprocessing.pyd

Filesize
28KB

MD5
202009ce26e8a89646022e1252ad54f4

SHA1
b59b6b62b82431db4527556880a19e4562cce999

SHA256
59411c03efca2978bd51abd47ab496ec94ba6e82ed3e9043b04d78d240e36004

SHA512
e1480f08ff19c73caff9f251143f137607dc638de18aa93d0c60b25dbe775c78dc32165093ba668044adcacf0fcdf1d04f8562032909d3f818d326861e85a40f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47002\_overlapped.pyd

Filesize
44KB

MD5
3306d52d49aa0107495e138bf5f64694

SHA1
ddf8a31cde3e34fe2ba4f8ba57ab1f47a379046f

SHA256
3f3032201cc0e94e73d227f905a99cbf5c117b16fdd29eea210fe6cfdeed38d5

SHA512
6fe3d3ced390572cdc874752b095c7adb0b2c1a5251d614da47c8bfd20dce1fc1a32c7b775dceaca5633cbdf33b4e47941c95a8a3c80a1341debdd6882275f0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47002\_queue.pyd

Filesize
27KB

MD5
bf3fa2b64a6926e1591165e8cafa3070

SHA1
7692b3d4ef92e5ddd950c1c9ff58ed17d41f5365

SHA256
2f7dc8e53748c028a8ac129ff2b5b14d9cd231cafcf26167965a60839e46a070

SHA512
40e8849f3d9bbcf9b3f0d2ecde22e5a117a12358c3097c652a6cae3fe0e346b6eb997df2c304a6fabc82594ddcc4cc15288f59a8a4688cff67b592811e06f1ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47002\_socket.pyd

Filesize
77KB

MD5
458f0f0ed8d16019d7c2d157bddea94b

SHA1
d21848e4ebafac0b9e9ca8d71e4f8cd2b5aaca57

SHA256
e6bdbe5d5d66c9790e490f6dbb695ca87a9acffa51c4a37d2948b7f1ba2c8b42

SHA512
00eb3c535a0074765f146523b0bb6f16360609a13a38579b19a2635590c2d947c5eaa7e78e7a9324b3670c505d6310e75e78f7e6fdadc23aa12ad165bdfccc69

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47002\_ssl.pyd

Filesize
116KB

MD5
486431c1032139d202565800a0729a3b

SHA1
0c43a02f1ba3162033410926fe4b22fe79ed81f1

SHA256
3dce8bd61cc46761033cd1457c64fe66ff306ea77aadf5543834a9be3b50c074

SHA512
4906d70e76ee1dc308027662613b29872f1c97f3e6390c913f1bb456c7be172989f6d1c5671500c23e7d5d054281e10de8d822350aa5606b73d7518b7c4beabe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47002\base_library.zip

Filesize
822KB

MD5
436d9ab35b07606625878d562a47bc15

SHA1
c43fa487810d198eda91e92a5c27e7c8694c66aa

SHA256
b77d9277d41b2f65284c487d4d381a9f1ff4bca358588988a41e997a51cd0467

SHA512
0fbad1d6cf7aca148055ebd39718d8f717900a95e7855f383d97e81e3e5bc8cd123624d86cf59cc924d9b891e4cdff198bae08911ea6d43fdfeac8d3b6c531c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47002\libcrypto-1_1.dll

Filesize
3.2MB

MD5
bf83f8ad60cb9db462ce62c73208a30d

SHA1
f1bc7dbc1e5b00426a51878719196d78981674c4

SHA256
012866b68f458ec204b9bce067af8f4a488860774e7e17973c49e583b52b828d

SHA512
ae1bdda1c174ddf4205ab19a25737fe523dca6a9a339030cd8a95674c243d0011121067c007be56def4eaeffc40cbdadfdcbd1e61df3404d6a3921d196dcd81e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47002\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47002\libssl-1_1.dll

Filesize
670KB

MD5
fe1f3632af98e7b7a2799e3973ba03cf

SHA1
353c7382e2de3ccdd2a4911e9e158e7c78648496

SHA256
1ce7ba99e817c1c2d71bc88a1bdd6fcad82aa5c3e519b91ebd56c96f22e3543b

SHA512
a0123dfe324d3ebf68a44afafca7c6f33d918716f29b063c72c4a8bd2006b81faea6848f4f2423778d57296d7bf4f99a3638fc87b37520f0dcbeefa3a2343de0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47002\pyexpat.pyd

Filesize
185KB

MD5
b9927b95ff204d9149b6ef7430e70220

SHA1
502e0311a32bd5ce2dea87ffce21ddbaf255b07f

SHA256
e383225fd8917977fe16f628f9bc9c9cfaf346feb3a90f1f0615dbfb64cc1496

SHA512
fc5e879dbce1585cf2726c7db480e81b7180276c8c537b43e33b74e47a0c6d7a292b9843cd60b45046d3dabc9b165891e3ac57b7bd39a391bfea1b9aae51fb30

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47002\python38.dll

Filesize
4.0MB

MD5
9e3ded73b6263b671a1d6c98256b721a

SHA1
814045f7a2be0ab7a8d34dc8156ba9ca06253ab9

SHA256
215e4f42658a1ba952197a3973ebafd2cd1d40a41c335ae376feacbcf5b04e87

SHA512
8323ffb40bbaee89b1a3f1a160a24776394591ed21dc63ccb82bece7b9a1fdc2c10404eb9f3f94bae730c57bdfd99210f67a532f789f5e5c5ea14fe76b3ad05b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47002\pywin32_system32\pywintypes38.dll

Filesize
139KB

MD5
f60da44a33910eda70d838d7635d8fb1

SHA1
c35b4cf47349888384729386c74c374edb6f6ff3

SHA256
13934599ff931f97e8eac6106dc67d54609befd0b0e653b46f6c25b18830c572

SHA512
3c57ed384c23c89f99708bdf688ebd28629e84df8756e7b64dfa8b6e0b52beefb0c62de820f2c72e5679b7632279dcb414a781cfd2c5c9654d09d9da24fa17b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47002\select.pyd

Filesize
26KB

MD5
ac8caceeaa28137a14784563d126ed7e

SHA1
4dcbe48eaa53d5c7d91c420df823dbff54f4da5f

SHA256
8e6d1a33b16dcc3922f7159a30ff596194a59b4a8fb5f9864517f03fd19f2c78

SHA512
b67bff989af102f5087d95993e9bd57c6808e401979707bc2d33b386326b964abb71f497d82747725fb040a1d337ee453a1d57c37b72fdc06f7ea7687dda8f12

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47002\unicodedata.pyd

Filesize
1.0MB

MD5
94d7826c152c26ffeeeb6fa2ffd43566

SHA1
fcd70b4df1a297412cee08960212c7ba844a05c5

SHA256
0ce881904f6a16919d4c4aab1dbf13c0c5491fcb592f71836cecb5b3b5099bba

SHA512
d6c759495f2b8701b92e95d557aedf0a9079860536b3f54d54826ed8dfd6f4e84fb96ce39e6eb2a771ce85632dd09e63e760031f81617a07d3bb30e9ccf09dba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI47002\win32\win32clipboard.pyd

Filesize
28KB

MD5
1828bbf61bd699019244c49d7dd0509a

SHA1
911ec6a253e2e9e38d68ceecb0e16f9f46921ccf

SHA256
99e20dd4b8ca195aa4eafce43489b0f003fc504fce1ddb64906d78d89a32619b

SHA512
0a847778c099447a52b58707c51c75c6bc22ab385bb2d30c058ed62f118a03984be8328b235e7aecdc50e1cc3dbb2a6e1fdf8a891d946983bccd1b7646456368

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads