Overview

overview

10

Static

static

10

Languages/...es.dll

windows10-2004-x64

1

Languages/...es.dll

windows10-2004-x64

1

Languages/...es.dll

windows10-2004-x64

1

MegaApiClient.dll

windows10-2004-x64

1

Microsoft....am.dll

windows10-2004-x64

1

Microsoft....er.dll

windows10-2004-x64

1

Newtonsoft.Json.dll

windows10-2004-x64

1

Recorder-d...up.exe

windows10-2004-x64

8

Renci.SshNet.dll

windows10-2004-x64

1

Scheduler.dll

windows10-2004-x64

1

ShareX.HelpersLib.dll

windows10-2004-x64

1

ShareX.HistoryLib.dll

windows10-2004-x64

1

ShareX.Ima...ib.dll

windows10-2004-x64

1

ShareX.IndexerLib.dll

windows10-2004-x64

1

ShareX.MediaLib.dll

windows10-2004-x64

1

ShareX.Scr...ib.dll

windows10-2004-x64

1

ShareX.Upl...ib.dll

windows10-2004-x64

1

ShareX.exe

windows10-2004-x64

6

ShareX.exe.xml

windows10-2004-x64

1

ShareX_Nat...st.exe

windows10-2004-x64

1

System.Buffers.dll

windows10-2004-x64

1

System.Memory.dll

windows10-2004-x64

1

System.Num...rs.dll

windows10-2004-x64

1

System.Run...fe.dll

windows10-2004-x64

1

Telerik.Wi...or.dll

windows10-2004-x64

1

Telerik.Wi...UI.dll

windows10-2004-x64

1

Telerik.Wi...ls.dll

windows10-2004-x64

1

Telerik.Wi...re.dll

windows10-2004-x64

1

Telerik.Wi...ip.dll

windows10-2004-x64

1

TelerikCommon.dll

windows10-2004-x64

1

zxing.dll

windows10-2004-x64

1

zxing.pres...on.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    59s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-12-2022 11:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Recorder-devices-setup.exe

  • Size

    1MB

  • MD5

    9f3dfb3b26e8207a51f4ff4c80184f54

  • SHA1

    5b6cd73643479ce99bac9d1262d2a3165fc55790

  • SHA256

    3e6c588ea0e26407aa431f9c8cfb3cfb9a0b0933a0c3a641973fc0ca920e761a

  • SHA512

    8ef0e36d301183c08594e41e3c0cd95e862bf85fd1a83a60f23fab752794e63b9fc423574ddd5b92a70eda8169102975f83936a4485cea399300a8b600712a3f

  • SSDEEP

    24576:t7FUDowAyrTVE3U5FmUw2LB9+55x7awFhJdNo69lOy7KTijli:tBuZrEUW2Lq55DdN7POGjY

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Recorder-devices-setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Recorder-devices-setup.exe"
    • Suspicious use of WriteProcessMemory
    PID:2768
    • C:\Users\Admin\AppData\Local\Temp\is-9HG00.tmp\Recorder-devices-setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-9HG00.tmp\Recorder-devices-setup.tmp" /SL5="$B01D8,900659,832512,C:\Users\Admin\AppData\Local\Temp\Recorder-devices-setup.exe"
      • Executes dropped EXE
      PID:4572

Network

MITRE ATT&CK Matrix

Replay Monitor

00:00 00:00

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-9HG00.tmp\Recorder-devices-setup.tmp
    Filesize

    3MB

    MD5

    d5adadd464a985ab264850ea5c0506ff

    SHA1

    743dbb163f4354d9dff8a4e1db2cc059fe615089

    SHA256

    af5f5f9ffd16f777972f3211e7dd2b635743e6b4dd679e0d0a1bb620b03e457c

    SHA512

    a5d1a2fe2075ce65e90a191c62569a78275ccb1f15065a3d9dd02f6e0c470cf4da8a67c4661efb7af401734312170c5870d30234f7eb12afbab863c53857cb9a

    Download Submit
  • memory/2768-132-0x0000000000400000-0x00000000004D8000-memory.dmp
    Filesize

    864KB

    Download
  • memory/2768-136-0x0000000000400000-0x00000000004D8000-memory.dmp
    Filesize

    864KB

    Download
  • memory/4572-134-0x0000000000000000-mapping.dmp
    Download