Overview

overview

10

Static

static

1

AnyDesk.exe

windows7-x64

9

AnyDesk.exe

windows10-2004-x64

10

tmp/ChromeSetup.exe

windows7-x64

8

tmp/ChromeSetup.exe

windows10-2004-x64

8

tmp/Spotif...6).exe

windows7-x64

8

tmp/Spotif...6).exe

windows10-2004-x64

10

tmp/filmor...83.exe

windows7-x64

7

tmp/filmor...83.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-03-2023 08:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp/filmora_setup_full1083.exe

  • Size

    1.7MB

  • MD5

    5b293ce0c49329de880b71bb704e75e3

  • SHA1

    c82db99df1f3e238fd1f489c8648a9afe82dcf4f

  • SHA256

    ef44c8a411347ab85152769cd99a6ad5fe1d20005ea857f920eb2bb60c705ca0

  • SHA512

    5d5d50d77b1e242a048ed7f78d82ad7c1fea78b6759afeda54764f92a77037b440c1f04d0a433a5f4e7760b6b165f09509e071793dfc93cd1972f49a04611743

  • SSDEEP

    49152:nCuREYPAwUb+zlXxbeOzsByErzt/QH3TOu5+NSae6G4n:WwxbfzsTrzt/gwNu+

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp\filmora_setup_full1083.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp\filmora_setup_full1083.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2852
    • C:\Users\Public\Documents\Wondershare\NFWCHK.exe
      C:\Users\Public\Documents\Wondershare\NFWCHK.exe
      2⤵
      • Executes dropped EXE
      PID:4092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    5KB

    MD5

    7035b1ede34ed288c1c2842c262baeee

    SHA1

    ccb9c2faed860961f405ccfb2e97f873983a1150

    SHA256

    7b6a75c80d5d5544e9c0f9615e7c3a074d1b7644a5318b1b1de25c17fb9982ef

    SHA512

    86e42351c6d60cce31cd9e449903fcfa819df8926731fefed44b6cf19e9a17eb36d3a3552ca9be77450fd3fa6c807740c19fc84255011845a9f5fa23fdb32dd6

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    4KB

    MD5

    ce3c7d8fe1fdacd79b56ec142a6d1b63

    SHA1

    d82dc388904308186ec4b55183e96a49c66ccea7

    SHA256

    ecc44c79f028c00fa1b661192d3623e218b2822d45dae200f1363d84045f5ccd

    SHA512

    30db6e1d39e58c0fbe45cab89c6c21a91d899da2e637e36bd84e2b9bef70a290f2759b240c243546cebd6a48b449e7ef2a8b55235fd586fef5a704da75fe2944

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    5KB

    MD5

    cd0236d7126d31a34e86ca7d1e9879c6

    SHA1

    3a0ccaa7bee6951ae613ce709ce0822ea42a5215

    SHA256

    1dc0a25669a05ab1186790356d402a8ff6cabc284790a8202a917e11e2f9b7e9

    SHA512

    1b60ea3089bdb954f78380302abac1413c17b0f29c7f5fc4edd7aab5b1ace990e5a186baa2fb97681465dec576379e80304524e53a6dc3bf26be9e471c5dba6b

    Download Submit
  • C:\Users\Public\Documents\Wondershare\NFWCHK.exe
    Filesize

    7KB

    MD5

    27cfb3990872caa5930fa69d57aefe7b

    SHA1

    5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

    SHA256

    43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

    SHA512

    a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

    Download Submit
  • C:\Users\Public\Documents\Wondershare\NFWCHK.exe
    Filesize

    7KB

    MD5

    27cfb3990872caa5930fa69d57aefe7b

    SHA1

    5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

    SHA256

    43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

    SHA512

    a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

    Download Submit
  • C:\Users\Public\Documents\Wondershare\NFWCHK.exe.config
    Filesize

    229B

    MD5

    ad0967a0ab95aa7d71b3dc92b71b8f7a

    SHA1

    ed63f517e32094c07a2c5b664ed1cab412233ab5

    SHA256

    9c1212bc648a2533b53a2d0afcec518846d97630afb013742a9622f0df7b04fc

    SHA512

    85766a907331f60044ec205cf345453fc3d44bfcac296ac93a12e8a752b84290dfd94f73b71de82f46f9503177d29602cbb87549f89dc61373d889b4ea26634b

    Download Submit
  • memory/4092-1207-0x0000000000900000-0x0000000000908000-memory.dmp
    Filesize

    32KB

    Download
  • memory/4092-1208-0x00000000010D0000-0x00000000010F4000-memory.dmp
    Filesize

    144KB

    Download
  • memory/4092-1209-0x0000000001130000-0x0000000001148000-memory.dmp
    Filesize

    96KB

    Download
  • memory/4092-1210-0x0000000001170000-0x0000000001190000-memory.dmp
    Filesize

    128KB

    Download
  • memory/4092-1211-0x000000001BA10000-0x000000001BD1E000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/4092-1212-0x0000000000E10000-0x0000000000E20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4092-1213-0x0000000001350000-0x0000000001399000-memory.dmp
    Filesize

    292KB

    Download
  • memory/4092-1214-0x000000001C190000-0x000000001C1F2000-memory.dmp
    Filesize

    392KB

    Download
  • memory/4092-1215-0x000000001C6D0000-0x000000001CB9E000-memory.dmp
    Filesize

    4.8MB

    Download
  • memory/4092-1216-0x000000001CC40000-0x000000001CCDC000-memory.dmp
    Filesize

    624KB

    Download
  • memory/4092-1217-0x00000000011D0000-0x00000000011D8000-memory.dmp
    Filesize

    32KB

    Download
  • memory/4092-1218-0x000000001D020000-0x000000001D05E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/4092-1220-0x000000001B880000-0x000000001BA03000-memory.dmp
    Filesize

    1.5MB

    Download