URL: | https://dl.memuplay.com/download/MEmu-setup-abroad-sdk.exe |
Full analysis: | https://app.any.run/tasks/fb14df21-dfd3-4a3d-945c-6c8ca9c86235 |
Verdict: | Malicious activity |
Analysis date: | December 15, 2021, 17:25:07 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 66A6DCE19AA2645BC254EC4B3B521B97 |
SHA1: | C960C76A3BEBD640A2BE24FC6A3A17BBB37D5D4F |
SHA256: | 1FE75282E5003BFBB27F7219406BBEBAEB83124BF965F935423E5F349B1025F5 |
SSDEEP: | 3:N8RfVHZ38L9tIWpV5EACn:2hRZMRttVan |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3732 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --disk-cache-dir=null --disk-cache-size=1 --media-cache-size=1 --disable-gpu-shader-disk-cache --disable-background-networking "https://dl.memuplay.com/download/MEmu-setup-abroad-sdk.exe" | C:\Program Files\Google\Chrome\Application\chrome.exe | Explorer.EXE | |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 86.0.4240.198 | ||||
2940 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6ed8d988,0x6ed8d998,0x6ed8d9a4 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 86.0.4240.198 | ||||
488 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1072,16510787205302147161,6534255135655193401,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgACAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1076 /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 | ||||
1040 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1072,16510787205302147161,6534255135655193401,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1256 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | chrome.exe | |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Version: 86.0.4240.198 | ||||
2000 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1072,16510787205302147161,6534255135655193401,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1264 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Version: 86.0.4240.198 | ||||
1292 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1072,16510787205302147161,6534255135655193401,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1876 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Version: 86.0.4240.198 | ||||
576 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1072,16510787205302147161,6534255135655193401,131072 --enable-features=PasswordImport --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2132 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 | ||||
3988 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1072,16510787205302147161,6534255135655193401,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgACAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2700 /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Version: 86.0.4240.198 | ||||
3820 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1072,16510787205302147161,6534255135655193401,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2900 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 | ||||
3800 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1072,16510787205302147161,6534255135655193401,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2920 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 86.0.4240.198 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3732 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61BA24F6-E94.pma | — | |
MD5:— | SHA256:— | |||
3732 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\92a0e731-15df-4818-a9b3-33be65fc30a1.tmp | text | |
MD5:D9941D465FFB71CF7CA7C12DD00062CD | SHA256:C977A8C2EEE597CE3625F801BF05A15FC7628EA3B2BB9A93CD21C8632640F284 | |||
3732 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences | text | |
MD5:D9941D465FFB71CF7CA7C12DD00062CD | SHA256:C977A8C2EEE597CE3625F801BF05A15FC7628EA3B2BB9A93CD21C8632640F284 | |||
2940 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma | binary | |
MD5:03C4F648043A88675A920425D824E1B3 | SHA256:F91DBB7C64B4582F529C968C480D2DCE1C8727390482F31E4355A27BB3D9B450 | |||
3732 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version | text | |
MD5:00046F773EFDD3C8F8F6D0F87A2B93DC | SHA256:593EDE11D17AF7F016828068BCA2E93CF240417563FB06DC8A579110AEF81731 | |||
3732 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old | text | |
MD5:5BD3C311F2136A7A88D3E197E55CF902 | SHA256:FA331915E1797E59979A3E4BCC2BD0D3DEAA039B94D4DB992BE251FD02A224B9 | |||
3732 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\275a75e4-7867-4858-a40b-a1fb268108a0.tmp | binary | |
MD5:5058F1AF8388633F609CADB75A75DC9D | SHA256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8 | |||
3732 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1935db.TMP | text | |
MD5:8304B8F42465198890090F52D3F80A4C | SHA256:80C32AC2585E7E81200104B1630F19560A156C4ABF51B5888B0FBF07323FAB34 | |||
3732 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000001 | binary | |
MD5:5AF87DFD673BA2115E2FCF5CFDB727AB | SHA256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 | |||
3732 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old~RF193b98.TMP | text | |
MD5:65F7BEE92771101B63D90E31DB82105A | SHA256:A0B0D20056D7798BA6CF228F8BC1D7B7FC894DDB01343158368F80ADA145E622 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1040 | chrome.exe | 142.250.185.163:443 | ssl.gstatic.com | Google Inc. | US | whitelisted |
1040 | chrome.exe | 142.250.185.237:443 | accounts.google.com | Google Inc. | US | suspicious |
1384 | MEmu-setup-abroad-sdk.exe | 18.66.242.220:443 | d1xj8c1wowfhpd.cloudfront.net | Massachusetts Institute of Technology | US | unknown |
1040 | chrome.exe | 172.217.16.142:443 | clients2.google.com | Google Inc. | US | whitelisted |
1040 | chrome.exe | 142.250.185.142:443 | sb-ssl.google.com | Google Inc. | US | whitelisted |
1384 | MEmu-setup-abroad-sdk.exe | 108.156.253.53:443 | dvmc8t0c8zd8y.cloudfront.net | — | US | unknown |
— | — | 172.217.16.142:443 | clients2.google.com | Google Inc. | US | whitelisted |
1040 | chrome.exe | 142.250.185.227:443 | update.googleapis.com | Google Inc. | US | whitelisted |
1040 | chrome.exe | 45.192.128.17:443 | dl.memuplay.com | MacroLAN | ZA | suspicious |
Domain | IP | Reputation |
---|---|---|
accounts.google.com |
| shared |
dl.memuplay.com |
| suspicious |
clients2.google.com |
| whitelisted |
ssl.gstatic.com |
| whitelisted |
sb-ssl.google.com |
| whitelisted |
d1xj8c1wowfhpd.cloudfront.net |
| whitelisted |
dvmc8t0c8zd8y.cloudfront.net |
| whitelisted |
update.googleapis.com |
| whitelisted |
clients1.google.com |
| whitelisted |
Process | Message |
---|---|
MEmu-setup-abroad-sdk.exe | QWindowsWindow::setGeometryDp: Unable to set geometry 21x14+320+106 on QWidgetWindow/'QCheckBoxClassWindow'. Resulting geometry: 104x14+320+106 (frame: 4, 23, 4, 4, custom margin: 0, 0, 0, 0, minimum size: 0x0, maximum size: 16777215x16777215).
|
MEmu-setup-abroad-sdk.exe | QWindowsWindow::setGeometryDp: Unable to set geometry 55x14+320+106 on QWidgetWindow/'QLabelClassWindow'. Resulting geometry: 104x14+320+106 (frame: 4, 23, 4, 4, custom margin: 0, 0, 0, 0, minimum size: 0x0, maximum size: 16777215x16777215).
|
Dism.exe | PID=1528 Instantiating the Provider Store. - CDISMImageSession::get_ProviderStore |
Dism.exe | PID=1528 Initializing a provider store for the LOCAL session type. - CDISMProviderStore::Final_OnConnect |
Dism.exe | PID=1528 Attempting to initialize the logger from the Image Session. - CDISMProviderStore::Final_OnConnect |
Dism.exe | PID=1528 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider |
Dism.exe | PID=1528 Loading Provider from location C:\Windows\System32\Dism\LogProvider.dll - CDISMProviderStore::Internal_GetProvider |
Dism.exe | PID=1528 Connecting to the provider located at C:\Windows\System32\Dism\LogProvider.dll. - CDISMProviderStore::Internal_LoadProvider |
Dism.exe | PID=1528 Getting Provider OSServices - CDISMProviderStore::GetProvider |
Dism.exe | PID=1528 The requested provider was not found in the Provider Store. - CDISMProviderStore::Internal_GetProvider(hr:0x80004005) |