Analysis
-
max time kernel
67s -
max time network
130s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
12-01-2021 02:16
Static task
static1
Behavioral task
behavioral1
Sample
Filmora9.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
Filmora9.exe
-
Size
750.4MB
-
MD5
bea9a069887845ffa2db931d401b5fb0
-
SHA1
78a3e909749d816c6996caa3bba1ed71714d20d3
-
SHA256
0384cdd9a194aef83de6cb5ab31157ff5b8d4293642539d93d5b4c4c3a96d7a5
-
SHA512
dcc70eee65c6af4fe0fe6ab34c1af2790470c4d7d3048a6b48e50ba06033d42d15bbb97528ab5947b8ff293b852e372c387915dc63e1178e389563a6f56f2ff0
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Delays execution with timeout.exe 1 IoCs
Processes:
timeout.exepid process 184 timeout.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
Filmora9.execmd.exedescription pid process target process PID 8 wrote to memory of 3164 8 Filmora9.exe cmd.exe PID 8 wrote to memory of 3164 8 Filmora9.exe cmd.exe PID 8 wrote to memory of 3164 8 Filmora9.exe cmd.exe PID 3164 wrote to memory of 184 3164 cmd.exe timeout.exe PID 3164 wrote to memory of 184 3164 cmd.exe timeout.exe PID 3164 wrote to memory of 184 3164 cmd.exe timeout.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Filmora9.exe"C:\Users\Admin\AppData\Local\Temp\Filmora9.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe/c timeout /t 3 & del /f /q C:\Users\Admin\AppData\Local\Temp\Filmora9.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\timeout.exetimeout /t 33⤵
- Delays execution with timeout.exe