Technically, you can’t. That filter doesn’t pass in any data that will specifically allow you to distinguish between those two cases.
2086 /**
2087 * Fires immediately after an existing user is updated.
2088 *
2089 * @since 2.0.0
2090 *
2091 * @param int $user_id User ID.
2092 * @param object $old_user_data Object containing user's data prior to update.
2093 */
2094 do_action( 'profile_update', $user_id, $old_user_data );
You notice that the filter does pass through $old_user_data so you could check the user_activation_key in the *_users table. That should get you close, however, I think that that field is populated when a user resets the password, and not just when the account is created.
To be absolutely sure you’d probably need to set a user meta value on first login then check that for subsequent logins.