Overview
overview
5Static
static
3EzExtractSetup.exe
windows10-2004-x64
4EzExtractSetup.exe
windows11-21h2-x64
4$PLUGINSDIR/INetC.dll
windows10-2004-x64
3$PLUGINSDIR/INetC.dll
windows11-21h2-x64
3$PLUGINSDI...in.dll
windows10-2004-x64
3$PLUGINSDI...in.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDI...st.exe
windows10-2004-x64
4$PLUGINSDI...st.exe
windows11-21h2-x64
4$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3GoogleUpdateSetup.exe
windows10-2004-x64
4GoogleUpdateSetup.exe
windows11-21h2-x64
4$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows11-21h2-x64
3EzExtractP...ll.dll
windows10-2004-x64
1EzExtractP...ll.dll
windows11-21h2-x64
1EzExtractProShell.dll
windows10-2004-x64
5EzExtractProShell.dll
windows11-21h2-x64
5EzExtractP...32.dll
windows10-2004-x64
3EzExtractP...32.dll
windows11-21h2-x64
3Analysis
-
max time kernel
95s -
max time network
99s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
01-10-2024 11:59
Static task
static1
Behavioral task
behavioral1
Sample
EzExtractSetup.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
EzExtractSetup.exe
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/INetC.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/INetC.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/NsisPlugin.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/NsisPlugin.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/gcinst.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
$PLUGINSDIR/gcinst.exe
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
GoogleUpdateSetup.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
GoogleUpdateSetup.exe
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
EzExtractProCoreDll.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
EzExtractProCoreDll.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral19
Sample
EzExtractProShell.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
EzExtractProShell.dll
Resource
win11-20240802-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
EzExtractProShell32.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
EzExtractProShell32.dll
Resource
win11-20240802-en
windows11-21h2-x64
General
-
Target
GoogleUpdateSetup.exe
-
Size
1.3MB
-
MD5
88a857cb7ca6702ab812666b4c88dfe9
-
SHA1
6f97409352d52db138f3637bb5d5a6478e7de4d6
-
SHA256
027299ea8dfa96e0e59794c59abfd562e2f675e8b8b9a84028da8c58c58d243f
-
SHA512
6f3fc98f11286823db68d45709b845f14679fad1f64cdc0f0c3ef029c486fa551e57ca22d60ad902a865fbc0b246751b4d97edeffd1ef04a0ad190e71da2b6c1
-
SSDEEP
24576:+xCKHNv19YcQuyfycSQhTQ3WIssBXd3YcmELjQDgHKoaOHdh2Y:vKH1zYcQXPSQhTQ3NRjQDaKoacdh1
Malware Config
Signatures
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_hu.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_uk.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_fil.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\psuser.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_fr.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_hi.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_is.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_ja.dll GoogleUpdateSetup.exe File opened for modification C:\Program Files (x86)\Google\Temp\GUM6746.tmp\GoogleUpdateSetup.exe GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\GoogleUpdateComRegisterShell64.exe GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_es.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_ur.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_da.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_no.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_ta.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_te.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_vi.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_el.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_es-419.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_gu.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_ko.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_sk.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_sr.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_sw.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_zh-TW.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_cs.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_sl.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_fi.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\psuser_64.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\GoogleCrashHandler64.exe GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_ar.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_ml.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\GoogleUpdateOnDemand.exe GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_pl.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_ms.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_am.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_fa.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_id.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_mr.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_ru.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_sv.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_th.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\GoogleUpdateCore.exe GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_en-GB.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_et.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_tr.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_ca.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\GoogleUpdateBroker.exe GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_it.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_lt.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_pt-BR.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_zh-CN.dll GoogleUpdateSetup.exe File opened for modification C:\Program Files (x86)\Google\Temp\GUT6747.tmp GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\GoogleCrashHandler.exe GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_bn.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_hr.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\GoogleUpdate.exe GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_de.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_pt-PT.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\psmachine_64.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\psmachine.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_bg.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdate.dll GoogleUpdateSetup.exe File created C:\Program Files (x86)\Google\Temp\GUM6746.tmp\goopdateres_iw.dll GoogleUpdateSetup.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language GoogleUpdateSetup.exe