Overview

overview

1

Static

static

1

Release VE...18.exe

windows7-x64

1

Release VE...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    53s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    20-03-2023 11:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Release VEGAS Pro 18.exe

  • Size

    205KB

  • MD5

    3e6d909a0544e382a9c3e60015fba193

  • SHA1

    9b8247d1c934b6659b5c3de5f95eddbbfec786ac

  • SHA256

    54ae5696345fc54d2529eac72abefeb5156aeacedc7546b87ad0e2d3f4672df0

  • SHA512

    ac69052829e44c043aae3234d01eb00d34da354b0f9ce814f2a2677555cd64b0441b55acd650d72b322477d66fbd5da6d14943ebaa417128578e0d19b0636a77

  • SSDEEP

    3072:NuejlN5CuQe4s2IjsfWzzdjN/o4u9999999ax:NuejlN5CuQe4s2uRzbu9999999ax

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 48 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\Release VEGAS Pro 18.exe
    "C:\Users\Admin\AppData\Local\Temp\Release VEGAS Pro 18.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1104
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c if not exist "C:\Users\Admin\AppData\Local\Temp\afolder" mkdir "C:\Users\Admin\AppData\Local\Temp\afolder"
      2⤵
        PID:1392
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c if not exist "C:\Users\Admin\AppData\Local\Temp\ytmp" mkdir "C:\Users\Admin\AppData\Local\Temp\ytmp"
        2⤵
          PID:864
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c attrib +h C:\Users\Admin\AppData\Local\Temp\ytmp
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:1816
          • C:\Windows\SysWOW64\attrib.exe
            attrib +h C:\Users\Admin\AppData\Local\Temp\ytmp
            3⤵
            • Views/modifies file attributes
            PID:1252
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c cls
          2⤵
            PID:1196
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c cls
            2⤵
              PID:1160
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c cls
              2⤵
                PID:1488
              • C:\Windows\SysWOW64\cmd.exe
                C:\Windows\system32\cmd.exe /c if exist "C:\Users\Admin\AppData\Local\Temp\ytmp\tmp26386.bat" del "C:\Users\Admin\AppData\Local\Temp\ytmp\tmp26386.bat"
                2⤵
                  PID:1316
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c if exist "C:\Users\Admin\AppData\Local\Temp\ytmp\tmp78216.exe" del "C:\Users\Admin\AppData\Local\Temp\ytmp\tmp78216.exe"
                  2⤵
                    PID:320
                  • C:\Windows\SysWOW64\cmd.exe
                    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ytmp\tmp26386.bat "C:\Users\Admin\AppData\Local\Temp\Release VEGAS Pro 18.exe"
                    2⤵
                      PID:868
                    • C:\Windows\SysWOW64\cmd.exe
                      C:\Windows\system32\cmd.exe /c if exist "C:\Users\Admin\AppData\Local\Temp\ytmp\tmp26386.bat" del "C:\Users\Admin\AppData\Local\Temp\ytmp\tmp26386.bat"
                      2⤵
                        PID:560
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c if exist "C:\Users\Admin\AppData\Local\Temp\ytmp\tmp78216.exe" del "C:\Users\Admin\AppData\Local\Temp\ytmp\tmp78216.exe"
                        2⤵
                          PID:692

                      Network

                      MITRE ATT&CK Enterprise v6

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Temp\ytmp\tmp26386.bat
                        Filesize

                        1KB

                        MD5

                        0af86bd836515a272db22caf868c7c2b

                        SHA1

                        0e128d5fa2f820f161bef81e9b7e5a2ff20dd250

                        SHA256

                        208ac85c62860b5e792dc83f4de4423e840d1ada19e4da59e83a2cc0fec834a7

                        SHA512

                        76971161784ee0b4204707f1442982b69a75a01fd484be37c42c5bb2ed99e5ab7782e57e4e5ad81c14547a435c5631a769fd3b38d2006fc8c585293d0a0da81b

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\ytmp\tmp78216.exe
                        Filesize

                        15B

                        MD5

                        3c52638971ead82b5929d605c1314ee0

                        SHA1

                        7318148a40faca203ac402dff51bbb04e638545c

                        SHA256

                        5614459ec05fdf6110fa8ce54c34e859671eeffba2b7bb4b1ad6c2c6706855ab

                        SHA512

                        46f85f730e3ca9a57f51416c6ab4d03f868f895568eee8f7943cd249b2f71d2a3e83c34e7132715c983d3efaa865a9cb599a4278c911130a0a6948a535c0573b

                        Download Submit