Overview

overview

7

Static

static

1

filmora_se...81.exe

windows7-x64

7

filmora_se...81.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    258s
  • max time network
    320s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/03/2023, 03:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    filmora_setup_full1081.exe

  • Size

    3.0MB

  • MD5

    35d0642dc284d5a4178d430f954b3a42

  • SHA1

    d1701b463bd2b2d4f29e5877e0858d77224fa79d

  • SHA256

    3c63f3e2a380a36896a4e136e3aa8f2dc70151742afa47ed000b6f3b46177d80

  • SHA512

    5c980aaec8e3ce13b87228b75e6939834bd779db1e9d5803dcaba12d0865d134dfc6fdf20cf48c574aff8a6119e190e7ad68e801f6c0f9dde2c4e24ef4361098

  • SSDEEP

    49152:siQzJj7H+/z4Tmyhvd0bdefjHppJBTMBjWupM7XtNTZDtSNyx8JiD:siQzJP+rTyadefbppKWtztNpB

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies Control Panel 1 IoCs
    evasion
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\filmora_setup_full1081.exe
    "C:\Users\Admin\AppData\Local\Temp\filmora_setup_full1081.exe"
    1⤵
    • Modifies Control Panel
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:464
    • C:\Users\Public\Documents\Wondershare\NFWCHK.exe
      C:\Users\Public\Documents\Wondershare\NFWCHK.exe
      2⤵
      • Executes dropped EXE
      PID:5104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Wondershare\WAE\wsWAE.log
    Filesize

    496B

    MD5

    a0a88263e28fcecb7b7c52662f096e89

    SHA1

    4a275c0fb6caed7f21ef5ade9dd74f802b5e1425

    SHA256

    92b637f2e870a9bda1acb10c8b981a68b368b928e16e0cea47ce801f9a18c0dd

    SHA512

    3df0a6b4473aa8c9ff5dd0b4c568fd1cd7ad7dbd6698a7c9277db3f26288daf9b920c763e60cf210399e02587956883ff2c194e0f101d90540d8777b6b691e37

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Wondershare\WAE\wsWAE.log
    Filesize

    1KB

    MD5

    115f6733f1cf45cbf301fadddfd70b18

    SHA1

    d0e568ae38b83a1853ce119cc5cd84ef4a7f2475

    SHA256

    ecf3fd1af27d7cb007e291a813abe20058a3dea5d86fb071240be0af0ed1bad9

    SHA512

    d71f65b9eec16e9ff3a410e7dac4a855ed00676fe3577791bae41c1998a006fabf9a55920dd0effe165e3759a3307ae84bcbdd40f8a944c3cdf595b9a544f253

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    1KB

    MD5

    75a9b49446fb1bc33b581642a6df3c27

    SHA1

    e33d9a07e1b4e8a2b7137d836e7266e37f6be78c

    SHA256

    f345b8d73129c81c428162f490fcb186b27f2f698e308cb1a205763401e49735

    SHA512

    7b0bca974e1f9cf79ab497d43417d13f0bfa07ec8c0a2a28d212839281e335d3026bedebae25080b0ac308cbdb669befa9d3230ea2a23ab439853bc1ec262970

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    4KB

    MD5

    3a9639d12702c1455e23e3d5975e25e2

    SHA1

    51ea89bc9d970d9c042171de421d639f58d135e2

    SHA256

    d2eb922e27f571974f86698d9a68508aa891f9a582215ebd59aed2a79f0130a9

    SHA512

    f14368a9ff9bb54d640b587baa42782e5bd27e75da5eb028896fa2168f3284b22e39ebd61322b192d9294d42f3ec1f1ded9aec89b5e669bec21c83801720d46b

    Download Submit

  • C:\Users\Public\Documents\Wondershare\NFWCHK.exe
    Filesize

    7KB

    MD5

    27cfb3990872caa5930fa69d57aefe7b

    SHA1

    5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

    SHA256

    43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

    SHA512

    a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

    Download Submit

  • C:\Users\Public\Documents\Wondershare\NFWCHK.exe
    Filesize

    7KB

    MD5

    27cfb3990872caa5930fa69d57aefe7b

    SHA1

    5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

    SHA256

    43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

    SHA512

    a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

    Download Submit

  • C:\Users\Public\Documents\Wondershare\NFWCHK.exe.config
    Filesize

    229B

    MD5

    ad0967a0ab95aa7d71b3dc92b71b8f7a

    SHA1

    ed63f517e32094c07a2c5b664ed1cab412233ab5

    SHA256

    9c1212bc648a2533b53a2d0afcec518846d97630afb013742a9622f0df7b04fc

    SHA512

    85766a907331f60044ec205cf345453fc3d44bfcac296ac93a12e8a752b84290dfd94f73b71de82f46f9503177d29602cbb87549f89dc61373d889b4ea26634b

    Download Submit

  • memory/5104-1519-0x0000000001080000-0x00000000010A4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/5104-1518-0x00000000007A0000-0x00000000007A8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/5104-1520-0x00000000010D0000-0x00000000010E8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/5104-1521-0x0000000001220000-0x0000000001240000-memory.dmp

    Filesize

    128KB

    Download

  • memory/5104-1522-0x000000001C190000-0x000000001C49E000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/5104-1523-0x000000001C910000-0x000000001C959000-memory.dmp

    Filesize

    292KB

    Download

  • memory/5104-1524-0x000000001C9D0000-0x000000001CA32000-memory.dmp

    Filesize

    392KB

    Download

  • memory/5104-1525-0x000000001CF10000-0x000000001D3DE000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/5104-1526-0x000000001D480000-0x000000001D51C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/5104-1527-0x000000001C8A0000-0x000000001C8A8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/5104-1528-0x000000001D950000-0x000000001D98E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/5104-1517-0x0000000001280000-0x0000000001290000-memory.dmp

    Filesize

    64KB

    Download