Analysis
-
max time kernel
29s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
15-03-2023 08:25
General
-
Target
tmp/filmora_setup_full1083.exe
-
Size
1.7MB
-
MD5
5b293ce0c49329de880b71bb704e75e3
-
SHA1
c82db99df1f3e238fd1f489c8648a9afe82dcf4f
-
SHA256
ef44c8a411347ab85152769cd99a6ad5fe1d20005ea857f920eb2bb60c705ca0
-
SHA512
5d5d50d77b1e242a048ed7f78d82ad7c1fea78b6759afeda54764f92a77037b440c1f04d0a433a5f4e7760b6b165f09509e071793dfc93cd1972f49a04611743
-
SSDEEP
49152:nCuREYPAwUb+zlXxbeOzsByErzt/QH3TOu5+NSae6G4n:WwxbfzsTrzt/gwNu+
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\tmp\filmora_setup_full1083.exe"C:\Users\Admin\AppData\Local\Temp\tmp\filmora_setup_full1083.exe"1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Public\Documents\Wondershare\NFWCHK.exeC:\Users\Public\Documents\Wondershare\NFWCHK.exe2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\wsduilib.logFilesize
7KB
MD5f52af0f284ce151738cd6c487814d217
SHA1b6f640bbcc82ad4fcb48b483dbba86c9036d302e
SHA2569df903d5590b44eec81f89b562e3feab00cab5367e8d69ada00dfb864668fa44
SHA512a6909703de5d6a1400535ade08a2ebc00dbdd5014de311ff1982ea6fe59db3953010c17234ae8d218f7a3c09f82ea210b11d5b107f7c16a58838db7cc6a36ba2
-
C:\Users\Admin\AppData\Local\Temp\wsduilib.logFilesize
3KB
MD565535e5ce96ff8511d9f5896af35dcb0
SHA1e970d512ae240fc665d9f8b3ef4d684deeddb380
SHA256112050046cae43f2f84cd010509db1564251933cfc7213623054a64e1e32f4eb
SHA5122746bca82379202af5ff913d2a90efd6890d7ec485a8322e7e9ae9f20a2e10726c4d4d8f0773e4790be4c62b8de09dc2731643058468ad8c84d0c7917fbc1fe2
-
C:\Users\Admin\AppData\Local\Temp\wsduilib.logFilesize
7KB
MD5f52af0f284ce151738cd6c487814d217
SHA1b6f640bbcc82ad4fcb48b483dbba86c9036d302e
SHA2569df903d5590b44eec81f89b562e3feab00cab5367e8d69ada00dfb864668fa44
SHA512a6909703de5d6a1400535ade08a2ebc00dbdd5014de311ff1982ea6fe59db3953010c17234ae8d218f7a3c09f82ea210b11d5b107f7c16a58838db7cc6a36ba2
-
C:\Users\Public\Documents\Wondershare\NFWCHK.exeFilesize
7KB
MD527cfb3990872caa5930fa69d57aefe7b
SHA15e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f
SHA25643881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146
SHA512a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a
-
C:\Users\Public\Documents\Wondershare\NFWCHK.exeFilesize
7KB
MD527cfb3990872caa5930fa69d57aefe7b
SHA15e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f
SHA25643881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146
SHA512a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a
-
C:\Users\Public\Documents\Wondershare\NFWCHK.exe.configFilesize
229B
MD5ad0967a0ab95aa7d71b3dc92b71b8f7a
SHA1ed63f517e32094c07a2c5b664ed1cab412233ab5
SHA2569c1212bc648a2533b53a2d0afcec518846d97630afb013742a9622f0df7b04fc
SHA51285766a907331f60044ec205cf345453fc3d44bfcac296ac93a12e8a752b84290dfd94f73b71de82f46f9503177d29602cbb87549f89dc61373d889b4ea26634b
-
\Users\Public\Documents\Wondershare\NFWCHK.exeFilesize
7KB
MD527cfb3990872caa5930fa69d57aefe7b
SHA15e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f
SHA25643881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146
SHA512a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a
-
memory/888-1128-0x0000000001310000-0x0000000001318000-memory.dmpFilesize
32KB
-
memory/888-1130-0x00000000009F0000-0x0000000000A70000-memory.dmpFilesize
512KB