Overview

overview

10

Static

static

1

AnyDesk.exe

windows7-x64

8

AnyDesk.exe

windows10-2004-x64

8

tmp/ChromeSetup.exe

windows7-x64

8

tmp/ChromeSetup.exe

windows10-2004-x64

8

tmp/Spotif...6).exe

windows7-x64

8

tmp/Spotif...6).exe

windows10-2004-x64

10

tmp/filmor...83.exe

windows7-x64

7

tmp/filmor...83.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    15-03-2023 08:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp/filmora_setup_full1083.exe

  • Size

    1.7MB

  • MD5

    5b293ce0c49329de880b71bb704e75e3

  • SHA1

    c82db99df1f3e238fd1f489c8648a9afe82dcf4f

  • SHA256

    ef44c8a411347ab85152769cd99a6ad5fe1d20005ea857f920eb2bb60c705ca0

  • SHA512

    5d5d50d77b1e242a048ed7f78d82ad7c1fea78b6759afeda54764f92a77037b440c1f04d0a433a5f4e7760b6b165f09509e071793dfc93cd1972f49a04611743

  • SSDEEP

    49152:nCuREYPAwUb+zlXxbeOzsByErzt/QH3TOu5+NSae6G4n:WwxbfzsTrzt/gwNu+

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp\filmora_setup_full1083.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp\filmora_setup_full1083.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1676
    • C:\Users\Public\Documents\Wondershare\NFWCHK.exe
      C:\Users\Public\Documents\Wondershare\NFWCHK.exe
      2⤵
      • Executes dropped EXE
      PID:640

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    4KB

    MD5

    6688b1aab1c3a4e55be167fc3a276de0

    SHA1

    57109a5e3815d1d421d18c19696efb9dcb02c0e9

    SHA256

    c32bd43de49d4ea121feb96b06e6989fb8da715f7a00b91ccf9fad7675d1244a

    SHA512

    bc4be7310e332088429eae29e9090286978606e7e504672cb7ed9c687d7b3190f5aaa7812ff5816f1ffbc4e7b8584361894eaa6f9b7c7792d724de2220d72262

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    1KB

    MD5

    d043a5b455aafb2a2116812501711bab

    SHA1

    2d9492a9397be06bbf9987c0c06d85d5bd030a33

    SHA256

    8574e8c9ca6eb22fb7449611142e847d92ee39d04f6517f067f1af0fc73a1b30

    SHA512

    7f22d24ce0b0afd702971cc4e441dea7853d4a7f99e1e305ace3b7773c5a4600ad30dec4d596301773c5d5e40cf02815d078a7c606f193c251a712735fa77f86

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    1KB

    MD5

    d043a5b455aafb2a2116812501711bab

    SHA1

    2d9492a9397be06bbf9987c0c06d85d5bd030a33

    SHA256

    8574e8c9ca6eb22fb7449611142e847d92ee39d04f6517f067f1af0fc73a1b30

    SHA512

    7f22d24ce0b0afd702971cc4e441dea7853d4a7f99e1e305ace3b7773c5a4600ad30dec4d596301773c5d5e40cf02815d078a7c606f193c251a712735fa77f86

    Download Submit

  • C:\Users\Public\Documents\Wondershare\NFWCHK.exe
    Filesize

    7KB

    MD5

    27cfb3990872caa5930fa69d57aefe7b

    SHA1

    5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

    SHA256

    43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

    SHA512

    a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

    Download Submit

  • C:\Users\Public\Documents\Wondershare\NFWCHK.exe
    Filesize

    7KB

    MD5

    27cfb3990872caa5930fa69d57aefe7b

    SHA1

    5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

    SHA256

    43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

    SHA512

    a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

    Download Submit

  • C:\Users\Public\Documents\Wondershare\NFWCHK.exe.config
    Filesize

    229B

    MD5

    ad0967a0ab95aa7d71b3dc92b71b8f7a

    SHA1

    ed63f517e32094c07a2c5b664ed1cab412233ab5

    SHA256

    9c1212bc648a2533b53a2d0afcec518846d97630afb013742a9622f0df7b04fc

    SHA512

    85766a907331f60044ec205cf345453fc3d44bfcac296ac93a12e8a752b84290dfd94f73b71de82f46f9503177d29602cbb87549f89dc61373d889b4ea26634b

    Download Submit

  • \Users\Public\Documents\Wondershare\NFWCHK.exe
    Filesize

    7KB

    MD5

    27cfb3990872caa5930fa69d57aefe7b

    SHA1

    5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

    SHA256

    43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

    SHA512

    a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

    Download Submit

  • memory/640-1128-0x0000000000950000-0x0000000000958000-memory.dmp

    Filesize

    32KB

    Download