Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

wondershar...co.exe

windows10-1703-x64

7

Analysis

  • max time kernel
    131s
  • max time network
    56s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    15/03/2023, 23:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wondershare.filmora.v12.0.12.1450-zmco.exe

  • Size

    20.7MB

  • MD5

    b86c7de74eedaeee9682c0f4613e268f

  • SHA1

    f1ce4cff229b4d6b06ca6e8124b2abf8657d7903

  • SHA256

    fab2ae9b72c3e5140ef8a5124104d1e3bdf003ebe9eee5467ab6411a8f12c4b6

  • SHA512

    4ddd265ef461cd4cb210c805651c995092d14af41c96eaf8ed13e1c3cee804d75ee2ad09bcd1f1e5153a58bfaf275296bb1a354290d264c95984b2fdf8ab1131

  • SSDEEP

    393216:Ll5AFDYar1t5NpFhNdzt/ECrREtpCVS+5DPwwuRwCY7LoZ8vS:keC7pbRM2EPCI+5bcRwCKoZIS

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\wondershare.filmora.v12.0.12.1450-zmco.exe
    "C:\Users\Admin\AppData\Local\Temp\wondershare.filmora.v12.0.12.1450-zmco.exe"
    1⤵
    • Loads dropped DLL
    PID:3144
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x218
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\bassmod.dll
    Filesize

    33KB

    MD5

    e4ec57e8508c5c4040383ebe6d367928

    SHA1

    b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

    SHA256

    8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

    SHA512

    77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

    Download Submit

  • memory/3144-137-0x0000000003A80000-0x0000000003A81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3144-120-0x0000000003850000-0x00000000038B0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/3144-122-0x0000000001C10000-0x0000000001C11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3144-123-0x0000000001C00000-0x0000000001C01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3144-124-0x00000000039B0000-0x00000000039B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3144-126-0x0000000003840000-0x0000000003841000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3144-125-0x00000000037F0000-0x00000000037F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3144-127-0x0000000003810000-0x0000000003811000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3144-129-0x00000000039E0000-0x00000000039E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3144-130-0x0000000003A40000-0x0000000003A41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3144-128-0x00000000039F0000-0x00000000039F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3144-131-0x0000000003A10000-0x0000000003A11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3144-132-0x00000000039D0000-0x00000000039D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3144-134-0x0000000003AA0000-0x0000000003AA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3144-133-0x0000000003A50000-0x0000000003A51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3144-135-0x0000000003A90000-0x0000000003A91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3144-119-0x0000000000400000-0x0000000001A48000-memory.dmp

    Filesize

    22.3MB

    Download

  • memory/3144-136-0x0000000003AF0000-0x0000000003AF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3144-159-0x0000000000400000-0x0000000001A48000-memory.dmp

    Filesize

    22.3MB

    Download

  • memory/3144-140-0x0000000003A00000-0x0000000003A01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3144-139-0x0000000003AE0000-0x0000000003AE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3144-141-0x0000000000400000-0x0000000001A48000-memory.dmp

    Filesize

    22.3MB

    Download

  • memory/3144-142-0x0000000003850000-0x00000000038B0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/3144-121-0x0000000001C30000-0x0000000001C31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3144-154-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3144-156-0x0000000000400000-0x0000000001A48000-memory.dmp

    Filesize

    22.3MB

    Download

  • memory/3144-157-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3144-158-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3144-138-0x0000000003AC0000-0x0000000003AC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3144-160-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3144-161-0x0000000000400000-0x0000000001A48000-memory.dmp

    Filesize

    22.3MB

    Download

  • memory/3144-162-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3144-164-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3144-166-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3144-168-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download

  • memory/3144-170-0x0000000010000000-0x0000000010013000-memory.dmp

    Filesize

    76KB

    Download