e5e57cc01f94cd129db4fd88860253c0936cb2612a734cb176924ddfa3ffb862

Resubmissions

01/04/2023, 05:43

230401-ge1rcsgc39 8

01/04/2023, 05:42

01/04/2023, 04:26

01/04/2023, 02:49

01/04/2023, 02:31

01/04/2023, 02:27

Analysis

max time kernel
261s
max time network
264s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
01/04/2023, 02:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

drfone_setup_full3824 (1).exe
Size

2.2MB
MD5

ee06eafbe8972c749a5161e54d3fdcd6
SHA1

80f4197cf15c36acaf37a1ab8159ec4ab2368c26
SHA256

e5e57cc01f94cd129db4fd88860253c0936cb2612a734cb176924ddfa3ffb862
SHA512

116c7274a1adc3274c046dfdeaf8b187ec31d42dd523522e372b3ce05aada949c4a56856a4cf9c2dfaa2571c5ec62a7629e476d72e8259fa854cfa921b4f83c9
SSDEEP

49152:suI4s4xwYeRQXEEpusP5uKKNeEzo/I/P5jaYRTkTun99ZS6Y0fxfNrBFS:b2Q30rNeEzoiP5ja0397Sb0fxfNrfS

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4932	NFWCHK.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2744	drfone_setup_full3824 (1).exe
2744	drfone_setup_full3824 (1).exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 4932	2744	drfone_setup_full3824 (1).exe	83
PID 2744 wrote to memory of 4932	2744	drfone_setup_full3824 (1).exe	83

C:\Users\Admin\AppData\Local\Temp\drfone_setup_full3824 (1).exe
"C:\Users\Admin\AppData\Local\Temp\drfone_setup_full3824 (1).exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Users\Public\Documents\Wondershare\NFWCHK.exe
  C:\Users\Public\Documents\Wondershare\NFWCHK.exe
  2⤵
  - Executes dropped EXE
  PID:4932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\wsduilib.log

Filesize
1KB

MD5
1a8505775a4b3417415f648c20eda80a

SHA1
70f33fca94e10d6a5403a1728e22e3a5b18a05c1

SHA256
7f6482eee4a7b8b55b59d13075d9e1a3a216875a336f56438ea3cf0ccd458072

SHA512
4a5bada06c462db697a3fbab3cfdf47e167277422a223afe17c6a1e76a098bcd863be5cac801e40172f5c57ab1385c6f7139f3ebe6e24d6c012a383b35d7867d

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsduilib.log

Filesize
7KB

MD5
a6d916334cef29c04f1771964dfb86c8

SHA1
cf468a85bf980235751dd1894779645e1f183561

SHA256
f043332c95dc2faf9fd617921d996405c3caf5a03f17bba04d694e0fe9763d6c

SHA512
c32c4e8779de383580269125992d98961c3bfb3d40462f8e96bcc78b71d0a32dd38c04d9161eecfe0627170540baeac5688fe3f548a8b897640ed356456d981f

Download Submit
C:\Users\Public\Documents\Wondershare\NFWCHK.exe

Filesize
7KB

MD5
27cfb3990872caa5930fa69d57aefe7b

SHA1
5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

SHA256
43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

SHA512
a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

Download Submit
C:\Users\Public\Documents\Wondershare\NFWCHK.exe

Filesize
7KB

MD5
27cfb3990872caa5930fa69d57aefe7b

SHA1
5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

SHA256
43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

SHA512
a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

Download Submit
C:\Users\Public\Documents\Wondershare\NFWCHK.exe.config

Filesize
229B

MD5
ad0967a0ab95aa7d71b3dc92b71b8f7a

SHA1
ed63f517e32094c07a2c5b664ed1cab412233ab5

SHA256
9c1212bc648a2533b53a2d0afcec518846d97630afb013742a9622f0df7b04fc

SHA512
85766a907331f60044ec205cf345453fc3d44bfcac296ac93a12e8a752b84290dfd94f73b71de82f46f9503177d29602cbb87549f89dc61373d889b4ea26634b

Download Submit
memory/4932-1210-0x000000001AE50000-0x000000001AE68000-memory.dmp

Filesize
96KB

Download
memory/4932-1208-0x000000001AE20000-0x000000001AE44000-memory.dmp

Filesize
144KB

Download
memory/4932-1209-0x0000000000920000-0x0000000000930000-memory.dmp

Filesize
64KB

Download
memory/4932-1207-0x0000000000040000-0x0000000000048000-memory.dmp

Filesize
32KB

Download
memory/4932-1211-0x000000001AE90000-0x000000001AEB0000-memory.dmp

Filesize
128KB

Download
memory/4932-1212-0x000000001AEB0000-0x000000001B1BE000-memory.dmp

Filesize
3.1MB

Download
memory/4932-1213-0x000000001B670000-0x000000001B6B9000-memory.dmp

Filesize
292KB

Download
memory/4932-1214-0x000000001B730000-0x000000001B792000-memory.dmp

Filesize
392KB

Download
memory/4932-1215-0x000000001BC70000-0x000000001C13E000-memory.dmp

Filesize
4.8MB

Download
memory/4932-1216-0x000000001C1E0000-0x000000001C27C000-memory.dmp

Filesize
624KB

Download
memory/4932-1217-0x000000001B600000-0x000000001B608000-memory.dmp

Filesize
32KB

Download
memory/4932-1218-0x000000001C6B0000-0x000000001C6EE000-memory.dmp

Filesize
248KB

Download