cb2f0f8bcf393e7c40aaaf09dc6387e3e801d2d07e6f6f7051a1cbf5b06d93e4

Analysis

max time kernel
114s
max time network
125s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
01-07-2024 03:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ProgressSheetUpdater.exe
Size

13.0MB
MD5

b256b924484d5686ea9a0050382b18ad
SHA1

5a44737403a65723990db84596801d86da19b7c2
SHA256

cb2f0f8bcf393e7c40aaaf09dc6387e3e801d2d07e6f6f7051a1cbf5b06d93e4
SHA512

763099d7050c890fa4bd02f1657710e73107e7028576abdb11cfcb505ee22667d4ee6edbce5b9718fa4751b8330495e35b3163e30884265b0829fb1e838ad63c
SSDEEP

393216:B9xSYtQqCKYrFX8HtN3ZW+tVTXJecKxGb:B9xSYXCVrFXutN3jtxbKxy

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 26 IoCs

Processes:

ProgressSheetUpdater.exe

pid	process
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe
900	ProgressSheetUpdater.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

ProgressSheetUpdater.exe

description	pid	process	target process
PID 3004 wrote to memory of 900	3004	ProgressSheetUpdater.exe	ProgressSheetUpdater.exe
PID 3004 wrote to memory of 900	3004	ProgressSheetUpdater.exe	ProgressSheetUpdater.exe

C:\Users\Admin\AppData\Local\Temp\ProgressSheetUpdater.exe
"C:\Users\Admin\AppData\Local\Temp\ProgressSheetUpdater.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3004

C:\Users\Admin\AppData\Local\Temp\ProgressSheetUpdater.exe
"C:\Users\Admin\AppData\Local\Temp\ProgressSheetUpdater.exe"
2⤵
- Loads dropped DLL
PID:900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI30042\VCRUNTIME140.dll
Filesize
83KB

MD5
0c583614eb8ffb4c8c2d9e9880220f1d

SHA1
0b7fca03a971a0d3b0776698b51f62bca5043e4d

SHA256
6cadb4fef773c23b511acc8b715a084815c6e41dd8c694bc70090a97b3b03fb9

SHA512
79bbf50e38e358e492f24fe0923824d02f4b831336dae9572540af1ae7df162457d08de13e720f180309d537667bc1b108bdd782af84356562cca44d3e9e3b64

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\_bz2.pyd
Filesize
75KB

MD5
d2aea2c7d91ac15f99bf8caa499e1251

SHA1
a2c70af8621c5ed56c555fe0cd797b8770a1dbce

SHA256
ae769b45f0a4bd76b82eb1d0e20d47301276fc78945cecab4e1cfb8244624331

SHA512
54d86794a9c27a3fc1a8f5945715151f7830570baa7425378986ac87cf1a23eeb7cfadd155694753e643792e1d1af9cbd9fd7caff192a7541248ed19e74c7ec0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\_cffi_backend.cp38-win_amd64.pyd
Filesize
178KB

MD5
a7e31443fb461aae369257dd8e67c525

SHA1
c78636386da49d2418b0227739a9a562c2ce37da

SHA256
75f154e3c0b970a045fb40b14475d1804103c69b97294eaab048002ad4f9d0f8

SHA512
e34597c3ac0cdf5730eb1c82aa5727e66bda788f8bcaeb65028ce934f8023d2e8f6b9bc0dbb406678fea9ffb7c4d889cd863b6bb29817a2f914c066b8e585e9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\_ctypes.pyd
Filesize
114KB

MD5
bc5516ab19c71dfd667a227e96e5df31

SHA1
14fef0bb0cfd3903415e4521db018e5106e1fecc

SHA256
9c70eda126ff63222e9f0cab09d3c42872e505fac7a98dbd0b045c51c82b29ec

SHA512
079ce171c03b92d769a1662272253f2cedd0db399000cb6a27362fc8653bad0ad952be97cbe3749f3bc7a3e57e93a868430df1dc4086611a289f626a140d049b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\_hashlib.pyd
Filesize
37KB

MD5
7d3829a73b6cb5b30c0da9721ffea3db

SHA1
6092ef8b8cfb9870c760f37666912e6fd32b125c

SHA256
bbb3e524ecc2c239e02127efe80e7be3d6a38de91308ea25d47ee6a03c9f6af9

SHA512
797c1522c47bbaf2efb34bbdffc362d2a9e923f3d99c5b4c90b790cee76250ff339224c0581602a0d3e9529778a43955706af8d0bbc72e23587f0a7404b5ef5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\_lzma.pyd
Filesize
152KB

MD5
26a746676f3826ded32523f06a6908a1

SHA1
36b1361b4dea82164bfcfb01ce3e105d9a6c88c4

SHA256
48fdc674296194b44d56f27307819a9c8c795446ea07b71b7a9e7eea09514124

SHA512
15d7f338db8bde068b802dd594dfa17061033aacd0903ff955cdf7b9775c144f75e7ea150b7007456e7cd16cfa13f3c54c2593e659e26ff7d29f1f7ef23ae8d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\_queue.pyd
Filesize
20KB

MD5
fb6fa19efac105feff1ff0d4660fbaf7

SHA1
3fcb404dca4d8e9a58e94c56d8fc6e8e4459a6ad

SHA256
e308d6ef045938d2989e6f8ec5b796f50f197406a4869354416226a70f153030

SHA512
bf0769287426c0107eed7117bc0fba90a8ff91e9187eb1d8d4fecdcc17ebc666b6dbd75ce32e7d23313913e16902a09e8ad976682533def8d4d075f1cd9474e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\_socket.pyd
Filesize
70KB

MD5
81050c77d4dee0cab75d891a21a06423

SHA1
f86d3918027daa9583edc92cc25879e447bcf7d2

SHA256
b9fed851700ada3ebc711e6f5827554759ab1ac56ff4aa194f0ef3c97bbd0d65

SHA512
fc67a990016f16764cd3b7dba235ef810eeee3bbda61e60cfee5607a0b77ed6a6d5229d58ed1ddb2d234707cedf74cccdc35c785d8032e30d071e9a61f9c3577

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\_sqlite3.pyd
Filesize
78KB

MD5
38f1cc9804f3a5f0c900971a391036e3

SHA1
5ca2a0de31f8b5be18f809c30df594ef08684a45

SHA256
1d536d8a6847f27c53bd4b2947113dc9625b4bb6dd86ef8a0b39b0ced193646d

SHA512
a49a48ff8790eb2d2ae7354a4fd56b8d4eba99cd11488e6f22526f80536f73174f3895aabbc194fa97814a8a68de56070da9ad7b821ffe3645d3cc3bb75430cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\_ssl.pyd
Filesize
141KB

MD5
ee004c1dcd9cf7c91ecbb57c7784fd01

SHA1
a7b5285a6a38ac625750d7ff8c1bd21baff794cb

SHA256
5a6d2f9842219807edd4abfb86222adae3746f980fba82ccf6c31d84d2c00d3f

SHA512
2ba38d79dacbdf697b4930aa884b5513de7547fcc03f7358536540e747dc13ddd766397a6fecaad95e1db712ea75ae5676e39e6db7fde0e4c374fca456f32a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\_tkinter.pyd
Filesize
56KB

MD5
1d3094391cca5d086ec6402447ee4112

SHA1
972dce3dd755fc213fa0cfc31fd386e6f5d8e572

SHA256
6827ed05ddeadc64949f7d974ec85ab8ce6c87a2682b6d8ae0cc696d691e44ff

SHA512
4c59aca727a5d69d5650b1d4a0bec7065fdb945b532af3b2b342e7168b1be11ef46670a9ebaa1bafddad2042554c176ca0e0a0a91981248f6c567c9ce1e6fab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\base_library.zip
Filesize
775KB

MD5
7c094fbfe6eb1529cd9262aad26148ca

SHA1
7092f9ada05a48817d5fa86fda2567d07048e742

SHA256
8fb4b54fd9cb9c85787f1c0f4f876757beb691f0fc7207af9c25b8efcbdb28d3

SHA512
082c200d3aa787aa3d1a44751017a77dd0259cbce10c84410bf099aed3973abcd5bfa458ab91c1e84149383b11efe1bce50c700e0071e1debeefa4fc28abab71

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\brotli\_brotli.cp38-win_amd64.pyd
Filesize
811KB

MD5
80c212c560ef3ed10f9babef65f9295e

SHA1
9bf8256f9c8900d00237596148ff563ee1bebae1

SHA256
22ae2465aa837e04ada88c3707180bbd5e5ed8906d8e271660bcc8ec2909c6b5

SHA512
af2990a844d871942bc65a609c695c5f47ae84f8105a00809b1a30e5277c3b07641eb7ae45b8cf3dfb94ca778288c58c231633c54ae629bad3d4e8db1d548487

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\cryptography\hazmat\bindings\_openssl.pyd
Filesize
685KB

MD5
cd83291c16235ed7adeb059a84ff49da

SHA1
734d73a2ccfa7f927625f02232214061626393ca

SHA256
8c065dceb3490107cd206cc6038a46a5a55b7fb8de081ccedfb3a67443c84df8

SHA512
e1cd5524f9d35263eaa8d3af63e1238c5d50491820b625e6eda065bb1aa9f5e10dd6cf1bfcd1a66ea826ab465ad35b93ea5f02c6b6573e9efd6b594e7fbad7f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\libcrypto-1_1-x64.dll
Filesize
3.3MB

MD5
bfdacc78ce4e0a3e8ce538de1716510a

SHA1
79741993c0045a647985c6cc17731a358de0e481

SHA256
49ec11b55669da5dbddee4cd9353a7b7d09750cb627f35ce5ca2e16b7c58fa05

SHA512
4423a3d029f93ce44458611abd64d3b303aa379e61e5384f215dc7b9a5308d041a1c2509f2fd393a3a82a470eb1adf791c46c8f275227cfbf1de3f7a6fb6e392

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\libffi-7.dll
Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\libssl-1_1-x64.dll
Filesize
666KB

MD5
058f8339d12f37d27c9633332018f20d

SHA1
61c49ecfcb21631c13e41e490b85381d9eb14eb1

SHA256
805aa7b72c740a0c56ea126ecc12fe0ee1d5d41ce0784f1eb0c517e3965f62fc

SHA512
b55cabbc14d15efac479c22b88679ffbfb00adddceb332dc2583a92216bd7544aede8321747f89c8d50fd797452fd31e7fd12e85cd01016a91057b0f8e5f8018

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\pyexpat.pyd
Filesize
178KB

MD5
cce35b2a1c49cf6b6e8cbe71f3698cd3

SHA1
7720d4daa1fe42baa7b1e4e5cb8088bbfb0d1004

SHA256
5b5a50d2095dbea7ac80a2a35b8dd70c3907ca2aeed19b2b893c0f8fe0ffd22c

SHA512
971952b342a6cafde5c295aaaa8c11c30a7e2e36626513e7f284043cd4b48a253c8b17299b6161c4d188ab485f2fa42a8c3252b3b58c5d15d856959d06418e17

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\pyinstaller-4.10.dist-info\INSTALLER
Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\python3.dll
Filesize
50KB

MD5
194c51ddbd778a56d95afa7b0c366440

SHA1
1a1f614a5e1af342170f2ed48a65737c668887c6

SHA256
8934252132ea2c232ec39bb88b4f02eab27afcabdb9c6cf90f6e166bb6b9ba85

SHA512
8ed8b7a7c163b1be631df49532349521c29cd74866cca1676524cabb7125929bc47965c5e0a41d69bc260e4a2300d43c666f564960a4025209b2999ca5525b0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\python38.dll
Filesize
4.0MB

MD5
2169046469a5c6c1cd64411c01421955

SHA1
94e817bc87a1ea2ebde30f2d4807fb950d1dd1b5

SHA256
abc466b7c350b7073e00af1776a2df61a9bdf3577f742b0c1dde7ab7602cfe53

SHA512
7dd6f342f155375c2657ef99e1192f44abe1ac60f3a29b96132c1b83d2ee170810b395a6a7c6a2743018010ac2718f356dd4fe8f11a7086664343a664f3dcf2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\select.pyd
Filesize
19KB

MD5
f6e18478d3c7969169c1d7ab2bc4c37f

SHA1
e30181e687059c7747160c92dc8fa8fb4672f8b1

SHA256
4e30121a0f336549fecb55480704749e3fc2036ac0c20619572e47f683a8dc2c

SHA512
c91f49bf013ae1ed5b23dac8953ca89139ac2ba24c25dd45b2c8bb1caeb66665f3ac57bab635a11276f5835cf54713767478aa5df04126c6430c7040e638dd84

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\sqlite3.dll
Filesize
1.5MB

MD5
661e1d08aa162954c8acc3ee534cc819

SHA1
b2fa909f0b10f5f8fe5deccf5bb19576543e7c5c

SHA256
720b8374953d41aeb9613ba1876258c1ee00779c4f3b92ce58e6b7bd578e0ea2

SHA512
3524219a28d33d46466020c26c2d6b7402c6d5b47850174c34f3a851448b2056b069dc0cc010d2ca87320ed12e534e23e7fb8479c4625dbe0d9829416303d511

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\tcl86t.dll
Filesize
1.6MB

MD5
c0b23815701dbae2a359cb8adb9ae730

SHA1
5be6736b645ed12e97b9462b77e5a43482673d90

SHA256
f650d6bc321bcda3fc3ac3dec3ac4e473fb0b7b68b6c948581bcfc54653e6768

SHA512
ed60384e95be8ea5930994db8527168f78573f8a277f8d21c089f0018cd3b9906da764ed6fcc1bd4efad009557645e206fbb4e5baef9ab4b2e3c8bb5c3b5d725

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\tcl\encoding\cp1252.enc
Filesize
1KB

MD5
5900f51fd8b5ff75e65594eb7dd50533

SHA1
2e21300e0bc8a847d0423671b08d3c65761ee172

SHA256
14df3ae30e81e7620be6bbb7a9e42083af1ae04d94cf1203565f8a3c0542ace0

SHA512
ea0455ff4cd5c0d4afb5e79b671565c2aede2857d534e1371f0c10c299c74cb4ad113d56025f58b8ae9e88e2862f0864a4836fed236f5730360b2223fde479dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\tk86t.dll
Filesize
1.4MB

MD5
fdc8a5d96f9576bd70aa1cadc2f21748

SHA1
bae145525a18ce7e5bc69c5f43c6044de7b6e004

SHA256
1a6d0871be2fa7153de22be008a20a5257b721657e6d4b24da8b1f940345d0d5

SHA512
816ada61c1fd941d10e6bb4350baa77f520e2476058249b269802be826bab294a9c18edc5d590f5ed6f8dafed502ab7ffb29db2f44292cb5bedf2f5fa609f49c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\ucrtbase.dll
Filesize
992KB

MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef

SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6

SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI30042\unicodedata.pyd
Filesize
1.0MB

MD5
dbe4d0eec782a495730d6db2e2cceac9

SHA1
771037e5f4e34b55047ce039eabe3470d6929f60

SHA256
d42b9c86e7f5c3e1351a9416d1792820da771160fec9884cedcc0a67d083fda9

SHA512
0852daaefbe6708466dbe43f6d1f715c7b25601eb5562485f6113ac78e4ba0d1a0dcbc43a18092c219fa8b52833b0226b99e84b2de6c79d860cc8d379bff4a73

Download Submit
\??\c:\users\admin\appdata\local\temp\_mei30042\google_api_core-2.7.1.dist-info\namespace_packages.txt
Filesize
7B

MD5
0cfa9f600839f57e90e5559b8ee54864

SHA1
d662cc72cfed7244a88a7360add85d5627b9cd6c

SHA256
ff542f48922114019fc5befd0fa0e107b494c365fa4f8af09f3fcb2eb6dc0f77

SHA512
4100be97de001e7b1ad88e8e0ac5bae1ba3fe96b2cb9d69243ae31682ce99df489a8ec628d479a5cf6927a2fbe359465c56db8c5593cb9077374ef8727be774d

Download Submit
\??\c:\users\admin\appdata\local\temp\_mei30042\wheel-0.35.1-py3.6.egg-info\PKG-INFO
Filesize
2KB

MD5
8009a17b7bd1e73813c5b06f22443743

SHA1
f3f321c6b0650fb5f8bd85944d03b3524d0e64f2

SHA256
ce278871dc7b1950ccfc799368ed4cf748ae372dbc65d5a6c578f2aa0b93ba99

SHA512
e777aaf477e54b7215e3fa989acca222616b5906c4e853bca5b55e4c58f68a38a0055f58b782c1f7b2f5c35d3cb5901d5f50a9b4ab45591e1875fb535d417bf4

Download Submit