Overview

overview

1

Static

static

1

Release VE...18.exe

windows7-x64

1

Release VE...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    135s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/03/2023, 11:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Release VEGAS Pro 18.exe

  • Size

    205KB

  • MD5

    3e6d909a0544e382a9c3e60015fba193

  • SHA1

    9b8247d1c934b6659b5c3de5f95eddbbfec786ac

  • SHA256

    54ae5696345fc54d2529eac72abefeb5156aeacedc7546b87ad0e2d3f4672df0

  • SHA512

    ac69052829e44c043aae3234d01eb00d34da354b0f9ce814f2a2677555cd64b0441b55acd650d72b322477d66fbd5da6d14943ebaa417128578e0d19b0636a77

  • SSDEEP

    3072:NuejlN5CuQe4s2IjsfWzzdjN/o4u9999999ax:NuejlN5CuQe4s2uRzbu9999999ax

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 36 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\Release VEGAS Pro 18.exe
    "C:\Users\Admin\AppData\Local\Temp\Release VEGAS Pro 18.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2136
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c if not exist "C:\Users\Admin\AppData\Local\Temp\afolder" mkdir "C:\Users\Admin\AppData\Local\Temp\afolder"
      2⤵
        PID:652
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c if not exist "C:\Users\Admin\AppData\Local\Temp\ytmp" mkdir "C:\Users\Admin\AppData\Local\Temp\ytmp"
        2⤵
          PID:736
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c attrib +h C:\Users\Admin\AppData\Local\Temp\ytmp
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:2364
          • C:\Windows\SysWOW64\attrib.exe
            attrib +h C:\Users\Admin\AppData\Local\Temp\ytmp
            3⤵
            • Views/modifies file attributes
            PID:2952
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c cls
          2⤵
            PID:4540
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c cls
            2⤵
              PID:988
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c cls
              2⤵
                PID:1092
              • C:\Windows\SysWOW64\cmd.exe
                C:\Windows\system32\cmd.exe /c if exist "C:\Users\Admin\AppData\Local\Temp\ytmp\tmp48561.bat" del "C:\Users\Admin\AppData\Local\Temp\ytmp\tmp48561.bat"
                2⤵
                  PID:396
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c if exist "C:\Users\Admin\AppData\Local\Temp\ytmp\tmp49051.exe" del "C:\Users\Admin\AppData\Local\Temp\ytmp\tmp49051.exe"
                  2⤵
                    PID:4828
                  • C:\Windows\SysWOW64\cmd.exe
                    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\ytmp\tmp48561.bat "C:\Users\Admin\AppData\Local\Temp\Release VEGAS Pro 18.exe"
                    2⤵
                      PID:1672
                    • C:\Windows\SysWOW64\cmd.exe
                      C:\Windows\system32\cmd.exe /c if exist "C:\Users\Admin\AppData\Local\Temp\ytmp\tmp48561.bat" del "C:\Users\Admin\AppData\Local\Temp\ytmp\tmp48561.bat"
                      2⤵
                        PID:1336
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c if exist "C:\Users\Admin\AppData\Local\Temp\ytmp\tmp49051.exe" del "C:\Users\Admin\AppData\Local\Temp\ytmp\tmp49051.exe"
                        2⤵
                          PID:3228

                      Network

                            MITRE ATT&CK Enterprise v6

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Temp\ytmp\tmp48561.bat
                              Filesize

                              1KB

                              MD5

                              b3e08c7fb0b2d2416ea117ee3cb4a08e

                              SHA1

                              c03b41179e8bdd7e06e025a110258ba7881faa1b

                              SHA256

                              11c8141fb98031d20bbf3e4cd86e38474a3313c0391d78c863c1a9b98831bf60

                              SHA512

                              a5d7d6d7c0cd7f090bbc1b0366050a4c0104b2b814949ab3e8e74794f6cbe2b8b1da7ecbf6522abf10274d9a55f654bef778572bb74407178fb7b1641bff402a

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\ytmp\tmp49051.exe
                              Filesize

                              15B

                              MD5

                              3c52638971ead82b5929d605c1314ee0

                              SHA1

                              7318148a40faca203ac402dff51bbb04e638545c

                              SHA256

                              5614459ec05fdf6110fa8ce54c34e859671eeffba2b7bb4b1ad6c2c6706855ab

                              SHA512

                              46f85f730e3ca9a57f51416c6ab4d03f868f895568eee8f7943cd249b2f71d2a3e83c34e7132715c983d3efaa865a9cb599a4278c911130a0a6948a535c0573b

                              Download Submit