21249bb0ad8b3391ebc28b1817037326c18f5b3d566e8a59de8f0d2d6202a6b7

Analysis

max time kernel
90s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
28-01-2023 12:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Wondershare UniConverter 14.1.6.107 (x64) Multilingual ( 2 decembre 2022 ) by Keff/Wondershare Uni.exe
Size

218.3MB
MD5

74f0148fc42dee4b28d1e6dce1307e2b
SHA1

bf1f0c55985921c2eecdd73f058b5065331a62ea
SHA256

0dde78e569310a7a39333495c02c62c5e1aa53534d478ef273d5fde4958a5a58
SHA512

09e39cab379e8358bcad51cf10cfb2a6f6384a741e25907c756503324adb078c8417b00bd4bc68656608cf81b38fe2e8bb48df858a477e997f1f7500a3d59ef3
SSDEEP

6291456:nXDORmOgaMLERcA3J1uK4I16pA+xK5pWM7EfaDRYBc3:XDAmOgDDA3J1uKXx+xyWQoaDF3

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

Wondershare Uni.tmp

pid process

3368 Wondershare Uni.tmp
Loads dropped DLL 2 IoCs

Processes:

Wondershare Uni.tmp

pid process

3368 Wondershare Uni.tmp
3368 Wondershare Uni.tmp

pid	process
3368	Wondershare Uni.tmp

pid	process
3368	Wondershare Uni.tmp
3368	Wondershare Uni.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Wondershare Uni.exe

description	pid	process	target process
PID 2052 wrote to memory of 3368	2052	Wondershare Uni.exe	Wondershare Uni.tmp
PID 2052 wrote to memory of 3368	2052	Wondershare Uni.exe	Wondershare Uni.tmp
PID 2052 wrote to memory of 3368	2052	Wondershare Uni.exe	Wondershare Uni.tmp

C:\Users\Admin\AppData\Local\Temp\Wondershare UniConverter 14.1.6.107 (x64) Multilingual ( 2 decembre 2022 ) by Keff\Wondershare Uni.exe
"C:\Users\Admin\AppData\Local\Temp\Wondershare UniConverter 14.1.6.107 (x64) Multilingual ( 2 decembre 2022 ) by Keff\Wondershare Uni.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2052

C:\Users\Admin\AppData\Local\Temp\is-EPP86.tmp\Wondershare Uni.tmp
"C:\Users\Admin\AppData\Local\Temp\is-EPP86.tmp\Wondershare Uni.tmp" /SL5="$80060,227641270,172032,C:\Users\Admin\AppData\Local\Temp\Wondershare UniConverter 14.1.6.107 (x64) Multilingual ( 2 decembre 2022 ) by Keff\Wondershare Uni.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-EPP86.tmp\Wondershare Uni.tmp
Filesize
1.2MB

MD5
6bb08f7d92dcfcbeb32b3cc8abd14571

SHA1
6a95823e36c4e642216e1ffdda5c131983ee671a

SHA256
cbf625da264fc0cfdf1367315a8f87a791cf830585122ace468203862b32b6e6

SHA512
fe72cbfd9fdfcbabef97f2cf02ab4e7436ba4932ee7afa6cf73723e1821f9d5470cc8c9b850c614652bad3df68eeae86e3c247a2bdec7eb8a42bd605429642bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-EPP86.tmp\Wondershare Uni.tmp
Filesize
1.2MB

MD5
6bb08f7d92dcfcbeb32b3cc8abd14571

SHA1
6a95823e36c4e642216e1ffdda5c131983ee671a

SHA256
cbf625da264fc0cfdf1367315a8f87a791cf830585122ace468203862b32b6e6

SHA512
fe72cbfd9fdfcbabef97f2cf02ab4e7436ba4932ee7afa6cf73723e1821f9d5470cc8c9b850c614652bad3df68eeae86e3c247a2bdec7eb8a42bd605429642bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-U3RON.tmp\WS_VersionProcess.dll
Filesize
112KB

MD5
4aba09ab8bf296f816e205acabf279ee

SHA1
fe3038f5ac65d4057afa29df955ee723086a35b2

SHA256
a8276b8810b73b63b91181f7187c9dcc6670d127f5ff026229cb098d390ed62b

SHA512
0be9a983bc808afbc581cd8ec7bb828876f313b4a16bc4bf2a0130713fd4e2454b7a241f9d5e3445a8370d66eb80065209587cbbda91569d767c63977fb5a311

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-U3RON.tmp\WS_VersionProcess.dll
Filesize
112KB

MD5
4aba09ab8bf296f816e205acabf279ee

SHA1
fe3038f5ac65d4057afa29df955ee723086a35b2

SHA256
a8276b8810b73b63b91181f7187c9dcc6670d127f5ff026229cb098d390ed62b

SHA512
0be9a983bc808afbc581cd8ec7bb828876f313b4a16bc4bf2a0130713fd4e2454b7a241f9d5e3445a8370d66eb80065209587cbbda91569d767c63977fb5a311

Download Submit
memory/2052-132-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2052-134-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2052-141-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3368-135-0x0000000000000000-mapping.dmp

Download
memory/3368-140-0x00000000048C0000-0x00000000048DF000-memory.dmp

Filesize
124KB

Download