21249bb0ad8b3391ebc28b1817037326c18f5b3d566e8a59de8f0d2d6202a6b7

Analysis

max time kernel
28s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28-01-2023 12:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Wondershare UniConverter 14.1.6.107 (x64) Multilingual ( 2 decembre 2022 ) by Keff/Wondershare Uni.exe
Size

218.3MB
MD5

74f0148fc42dee4b28d1e6dce1307e2b
SHA1

bf1f0c55985921c2eecdd73f058b5065331a62ea
SHA256

0dde78e569310a7a39333495c02c62c5e1aa53534d478ef273d5fde4958a5a58
SHA512

09e39cab379e8358bcad51cf10cfb2a6f6384a741e25907c756503324adb078c8417b00bd4bc68656608cf81b38fe2e8bb48df858a477e997f1f7500a3d59ef3
SSDEEP

6291456:nXDORmOgaMLERcA3J1uK4I16pA+xK5pWM7EfaDRYBc3:XDAmOgDDA3J1uKXx+xyWQoaDF3

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

Wondershare Uni.tmp

pid process

1504 Wondershare Uni.tmp
Loads dropped DLL 4 IoCs

Processes:

Wondershare Uni.exeWondershare Uni.tmp

pid process

1776 Wondershare Uni.exe
1504 Wondershare Uni.tmp
1504 Wondershare Uni.tmp
1504 Wondershare Uni.tmp

pid	process
1504	Wondershare Uni.tmp

pid	process
1776	Wondershare Uni.exe
1504	Wondershare Uni.tmp
1504	Wondershare Uni.tmp
1504	Wondershare Uni.tmp

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

Wondershare Uni.exe

description	pid	process	target process
PID 1776 wrote to memory of 1504	1776	Wondershare Uni.exe	Wondershare Uni.tmp
PID 1776 wrote to memory of 1504	1776	Wondershare Uni.exe	Wondershare Uni.tmp
PID 1776 wrote to memory of 1504	1776	Wondershare Uni.exe	Wondershare Uni.tmp
PID 1776 wrote to memory of 1504	1776	Wondershare Uni.exe	Wondershare Uni.tmp
PID 1776 wrote to memory of 1504	1776	Wondershare Uni.exe	Wondershare Uni.tmp
PID 1776 wrote to memory of 1504	1776	Wondershare Uni.exe	Wondershare Uni.tmp
PID 1776 wrote to memory of 1504	1776	Wondershare Uni.exe	Wondershare Uni.tmp

C:\Users\Admin\AppData\Local\Temp\Wondershare UniConverter 14.1.6.107 (x64) Multilingual ( 2 decembre 2022 ) by Keff\Wondershare Uni.exe
"C:\Users\Admin\AppData\Local\Temp\Wondershare UniConverter 14.1.6.107 (x64) Multilingual ( 2 decembre 2022 ) by Keff\Wondershare Uni.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1776

C:\Users\Admin\AppData\Local\Temp\is-UEHBD.tmp\Wondershare Uni.tmp
"C:\Users\Admin\AppData\Local\Temp\is-UEHBD.tmp\Wondershare Uni.tmp" /SL5="$60122,227641270,172032,C:\Users\Admin\AppData\Local\Temp\Wondershare UniConverter 14.1.6.107 (x64) Multilingual ( 2 decembre 2022 ) by Keff\Wondershare Uni.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1504

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-UEHBD.tmp\Wondershare Uni.tmp
Filesize
1.2MB

MD5
6bb08f7d92dcfcbeb32b3cc8abd14571

SHA1
6a95823e36c4e642216e1ffdda5c131983ee671a

SHA256
cbf625da264fc0cfdf1367315a8f87a791cf830585122ace468203862b32b6e6

SHA512
fe72cbfd9fdfcbabef97f2cf02ab4e7436ba4932ee7afa6cf73723e1821f9d5470cc8c9b850c614652bad3df68eeae86e3c247a2bdec7eb8a42bd605429642bc

Download Submit
\Users\Admin\AppData\Local\Temp\is-3JNE3.tmp\WS_VersionProcess.dll
Filesize
112KB

MD5
4aba09ab8bf296f816e205acabf279ee

SHA1
fe3038f5ac65d4057afa29df955ee723086a35b2

SHA256
a8276b8810b73b63b91181f7187c9dcc6670d127f5ff026229cb098d390ed62b

SHA512
0be9a983bc808afbc581cd8ec7bb828876f313b4a16bc4bf2a0130713fd4e2454b7a241f9d5e3445a8370d66eb80065209587cbbda91569d767c63977fb5a311

Download Submit
\Users\Admin\AppData\Local\Temp\is-3JNE3.tmp\_isetup\_shfoldr.dll
Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-3JNE3.tmp\_isetup\_shfoldr.dll
Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-UEHBD.tmp\Wondershare Uni.tmp
Filesize
1.2MB

MD5
6bb08f7d92dcfcbeb32b3cc8abd14571

SHA1
6a95823e36c4e642216e1ffdda5c131983ee671a

SHA256
cbf625da264fc0cfdf1367315a8f87a791cf830585122ace468203862b32b6e6

SHA512
fe72cbfd9fdfcbabef97f2cf02ab4e7436ba4932ee7afa6cf73723e1821f9d5470cc8c9b850c614652bad3df68eeae86e3c247a2bdec7eb8a42bd605429642bc

Download Submit
memory/1504-58-0x0000000000000000-mapping.dmp

Download
memory/1504-65-0x00000000020F0000-0x000000000210F000-memory.dmp

Filesize
124KB

Download
memory/1776-54-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download
memory/1776-55-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1776-61-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads