Overview

overview

10

Static

static

1

AnyDesk.exe

windows7-x64

8

AnyDesk.exe

windows10-2004-x64

8

tmp/ChromeSetup.exe

windows7-x64

8

tmp/ChromeSetup.exe

windows10-2004-x64

8

tmp/Spotif...6).exe

windows7-x64

8

tmp/Spotif...6).exe

windows10-2004-x64

10

tmp/filmor...83.exe

windows7-x64

7

tmp/filmor...83.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-03-2023 08:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp/filmora_setup_full1083.exe

  • Size

    1.7MB

  • MD5

    5b293ce0c49329de880b71bb704e75e3

  • SHA1

    c82db99df1f3e238fd1f489c8648a9afe82dcf4f

  • SHA256

    ef44c8a411347ab85152769cd99a6ad5fe1d20005ea857f920eb2bb60c705ca0

  • SHA512

    5d5d50d77b1e242a048ed7f78d82ad7c1fea78b6759afeda54764f92a77037b440c1f04d0a433a5f4e7760b6b165f09509e071793dfc93cd1972f49a04611743

  • SSDEEP

    49152:nCuREYPAwUb+zlXxbeOzsByErzt/QH3TOu5+NSae6G4n:WwxbfzsTrzt/gwNu+

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp\filmora_setup_full1083.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp\filmora_setup_full1083.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2440
    • C:\Users\Public\Documents\Wondershare\NFWCHK.exe
      C:\Users\Public\Documents\Wondershare\NFWCHK.exe
      2⤵
      • Executes dropped EXE
      PID:3156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    1KB

    MD5

    7bec9f0e3607c15024e7f394f7a637a2

    SHA1

    07b60de7e1f56b1c61071baaa87647e852429fa2

    SHA256

    c76a3572d6567df522a7b7f0435a02e9506a2f2d6720e519a2cafaafaa60a263

    SHA512

    7cdef8fcb2413677977f37bd14d773c4721484f0c5065760052fd7f28589e0da02bde072990cf3ef73e05dd68724005efadcdb21ef9a392103553c746adcfe17

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    1KB

    MD5

    5e5ff4907cde9b052a3579651384c45e

    SHA1

    93a4a66b79829c57b0c4ecc174021c803a15e592

    SHA256

    7e3cd5816554bfd68b424abcbf6ba4abd49c8998124c55c10157cb585cdb2ba6

    SHA512

    e19b4b9b8eb6a1dbb9b46dc1f7390c3045bbabe40484183d0e261ad7e04cc0c22011308422db3d9c150b5eb5bf3ae9a3c1bce336a91d271244028031f9127364

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    3KB

    MD5

    d3fc2d3e5162431286322bf8da197ad7

    SHA1

    9c648dac3c07b518db6fde4418a92e09e3fc3468

    SHA256

    86b41761d7080b8b7a60d7c8793ae0f310c7b2ade704c35214eb31af5da5db86

    SHA512

    03f5d9a3ad41a44d0f265294ebb7736235f194e3684f29897b890ae5e4cb9b180458eafb88d0f76b8047057273aba06a3109f9bdd0ac6b43c79d093b8ceaa68e

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    3KB

    MD5

    7a62e2e5e3b35f043e2b11bcb6f0d352

    SHA1

    9fb54e8f360fe8790464ad9842dd5c2cf1bd3c78

    SHA256

    7a0685f242263aeaf76a93473fdd70a357e372b2c5f67c7795b6fbe576528134

    SHA512

    7399c4c8aed745ccbcba5b9c877c5602eb23d686134ffa72c8034ff4eadb23ef83bb18a2ab16be857363805d747528dd611e9ac3022c7711849f3bd67b5d8896

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    7KB

    MD5

    8238478902482a7f6622817ae0e84deb

    SHA1

    e1bfb51da016d8dc742ef059538b7764068d90e0

    SHA256

    ecc85020f9d35c5f2a9b66a80063c6f165524aa610b50d87638a4a2d176aca45

    SHA512

    58d1301a25536ab90c79927974891d018c454c260f5643fb82773c5c0852a50278f25f6351d6d44755d79353ac3b50cd0f76dd11a58cdfaee91068a0dbf4371f

    Download Submit
  • C:\Users\Public\Documents\Wondershare\NFWCHK.exe
    Filesize

    7KB

    MD5

    27cfb3990872caa5930fa69d57aefe7b

    SHA1

    5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

    SHA256

    43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

    SHA512

    a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

    Download Submit
  • C:\Users\Public\Documents\Wondershare\NFWCHK.exe
    Filesize

    7KB

    MD5

    27cfb3990872caa5930fa69d57aefe7b

    SHA1

    5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

    SHA256

    43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

    SHA512

    a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

    Download Submit
  • C:\Users\Public\Documents\Wondershare\NFWCHK.exe.config
    Filesize

    229B

    MD5

    ad0967a0ab95aa7d71b3dc92b71b8f7a

    SHA1

    ed63f517e32094c07a2c5b664ed1cab412233ab5

    SHA256

    9c1212bc648a2533b53a2d0afcec518846d97630afb013742a9622f0df7b04fc

    SHA512

    85766a907331f60044ec205cf345453fc3d44bfcac296ac93a12e8a752b84290dfd94f73b71de82f46f9503177d29602cbb87549f89dc61373d889b4ea26634b

    Download Submit
  • memory/3156-1209-0x0000000001290000-0x00000000012B4000-memory.dmp
    Filesize

    144KB

    Download
  • memory/3156-1208-0x0000000000AC0000-0x0000000000AC8000-memory.dmp
    Filesize

    32KB

    Download
  • memory/3156-1207-0x0000000001640000-0x0000000001650000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3156-1210-0x00000000012F0000-0x0000000001308000-memory.dmp
    Filesize

    96KB

    Download
  • memory/3156-1211-0x0000000001330000-0x0000000001350000-memory.dmp
    Filesize

    128KB

    Download
  • memory/3156-1212-0x000000001C4C0000-0x000000001C7CE000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/3156-1213-0x00000000017E0000-0x0000000001829000-memory.dmp
    Filesize

    292KB

    Download
  • memory/3156-1214-0x000000001CC40000-0x000000001CCA2000-memory.dmp
    Filesize

    392KB

    Download
  • memory/3156-1215-0x000000001D180000-0x000000001D64E000-memory.dmp
    Filesize

    4.8MB

    Download
  • memory/3156-1216-0x000000001D6F0000-0x000000001D78C000-memory.dmp
    Filesize

    624KB

    Download
  • memory/3156-1217-0x0000000001380000-0x0000000001388000-memory.dmp
    Filesize

    32KB

    Download
  • memory/3156-1218-0x000000001DA70000-0x000000001DAAE000-memory.dmp
    Filesize

    248KB

    Download