6d5597875970b6a30f1a8ad83800edebe692582fad0044fb25002e525bbe7af0

Analysis

max time kernel
144s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2023, 02:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f6426b0740788f8f1dda84a95b928d86.exe
Size

3.0MB
MD5

f6426b0740788f8f1dda84a95b928d86
SHA1

0bc615dfc759ff4b5e78ea7ff013c5a1f95995ce
SHA256

6d5597875970b6a30f1a8ad83800edebe692582fad0044fb25002e525bbe7af0
SHA512

fb911d7ce4612224d081cce4534969e018fab45649b1f5ae75ab2bf4ac95f0b44e3894333bdd2aaa38927916569339a0933171ec1532923836e5f1d6cef6968c
SSDEEP

49152:YhDpY69PS9SsbCmlaJUgNTxR4VRVB2nLVBTpRqPupM7T2NTZLdaDftd5So:YhDpT9KYkC+GUWTxRSRVUnLOPtn2NF8

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5988	NFWCHK.exe

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\Desktop\MuiCached	f6426b0740788f8f1dda84a95b928d86.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3088	f6426b0740788f8f1dda84a95b928d86.exe
3088	f6426b0740788f8f1dda84a95b928d86.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3088 wrote to memory of 5988	3088	f6426b0740788f8f1dda84a95b928d86.exe	86
PID 3088 wrote to memory of 5988	3088	f6426b0740788f8f1dda84a95b928d86.exe	86

C:\Users\Admin\AppData\Local\Temp\f6426b0740788f8f1dda84a95b928d86.exe
"C:\Users\Admin\AppData\Local\Temp\f6426b0740788f8f1dda84a95b928d86.exe"
1⤵
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3088
- C:\Users\Public\Documents\Wondershare\NFWCHK.exe
  C:\Users\Public\Documents\Wondershare\NFWCHK.exe
  2⤵
  - Executes dropped EXE
  PID:5988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Wondershare\WAE\wsWAE.log

Filesize
1KB

MD5
2d3b67c2e79775ee7b52ee258db28aa5

SHA1
62f1e691e4132483f5def961051a14a1dbfa798c

SHA256
67440ad21f5a62c91373e1421f317cdba2cc6260f18da0ae7b4286c5da22e722

SHA512
70987c3fd709cbf8a1ba6dc9a70c4827baab2f2e0a829138fbe7d29fb17de3165fa18fc2c80f845ae314148f6190eeeaf7927d18b4325cf66c151a8e6633e58a

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsduilib.log

Filesize
7KB

MD5
2ec991c6c906aabec1adf0a268b358e0

SHA1
c277cada60e5659bfd1d11f5283b99fc995d44ad

SHA256
9e2ec79959a29ad5e2e8150d01929274a01242e81101f317524905309add1327

SHA512
c50fbb69198a9103f3109a33639da46c3fff8f45c7859a3f1bddd9db572ef9f7bf554d436882c9147f1a76878669dbde6c760fdd2eabd37dbd2b020419f5b357

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsduilib.log

Filesize
7KB

MD5
2ec991c6c906aabec1adf0a268b358e0

SHA1
c277cada60e5659bfd1d11f5283b99fc995d44ad

SHA256
9e2ec79959a29ad5e2e8150d01929274a01242e81101f317524905309add1327

SHA512
c50fbb69198a9103f3109a33639da46c3fff8f45c7859a3f1bddd9db572ef9f7bf554d436882c9147f1a76878669dbde6c760fdd2eabd37dbd2b020419f5b357

Download Submit
C:\Users\Public\Documents\Wondershare\NFWCHK.exe

Filesize
7KB

MD5
27cfb3990872caa5930fa69d57aefe7b

SHA1
5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

SHA256
43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

SHA512
a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

Download Submit
C:\Users\Public\Documents\Wondershare\NFWCHK.exe

Filesize
7KB

MD5
27cfb3990872caa5930fa69d57aefe7b

SHA1
5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

SHA256
43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

SHA512
a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

Download Submit
C:\Users\Public\Documents\Wondershare\NFWCHK.exe.config

Filesize
229B

MD5
ad0967a0ab95aa7d71b3dc92b71b8f7a

SHA1
ed63f517e32094c07a2c5b664ed1cab412233ab5

SHA256
9c1212bc648a2533b53a2d0afcec518846d97630afb013742a9622f0df7b04fc

SHA512
85766a907331f60044ec205cf345453fc3d44bfcac296ac93a12e8a752b84290dfd94f73b71de82f46f9503177d29602cbb87549f89dc61373d889b4ea26634b

Download Submit
memory/5988-1520-0x000000001B160000-0x000000001B178000-memory.dmp

Filesize
96KB

Download
memory/5988-1519-0x0000000000A80000-0x0000000000AA4000-memory.dmp

Filesize
144KB

Download
memory/5988-1518-0x00000000001B0000-0x00000000001B8000-memory.dmp

Filesize
32KB

Download
memory/5988-1521-0x000000001BBE0000-0x000000001BC00000-memory.dmp

Filesize
128KB

Download
memory/5988-1522-0x000000001BC00000-0x000000001BF0E000-memory.dmp

Filesize
3.1MB

Download
memory/5988-1523-0x000000001C3B0000-0x000000001C3F9000-memory.dmp

Filesize
292KB

Download
memory/5988-1524-0x000000001C470000-0x000000001C4D2000-memory.dmp

Filesize
392KB

Download
memory/5988-1525-0x000000001C9B0000-0x000000001CE7E000-memory.dmp

Filesize
4.8MB

Download
memory/5988-1526-0x000000001CF20000-0x000000001CFBC000-memory.dmp

Filesize
624KB

Download
memory/5988-1527-0x000000001C340000-0x000000001C348000-memory.dmp

Filesize
32KB

Download
memory/5988-1528-0x000000001D320000-0x000000001D35E000-memory.dmp

Filesize
248KB

Download
memory/5988-1530-0x000000001AFD0000-0x000000001B153000-memory.dmp

Filesize
1.5MB

Download
memory/5988-1517-0x0000000000C00000-0x0000000000C10000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads