e5e57cc01f94cd129db4fd88860253c0936cb2612a734cb176924ddfa3ffb862

Resubmissions

01/04/2023, 05:43

230401-ge1rcsgc39 8

01/04/2023, 05:42

01/04/2023, 04:26

01/04/2023, 02:49

01/04/2023, 02:31

01/04/2023, 02:27

Analysis

max time kernel
49s
max time network
56s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
01/04/2023, 05:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

drfone_setup_full3824 (1).exe
Size

2.2MB
MD5

ee06eafbe8972c749a5161e54d3fdcd6
SHA1

80f4197cf15c36acaf37a1ab8159ec4ab2368c26
SHA256

e5e57cc01f94cd129db4fd88860253c0936cb2612a734cb176924ddfa3ffb862
SHA512

116c7274a1adc3274c046dfdeaf8b187ec31d42dd523522e372b3ce05aada949c4a56856a4cf9c2dfaa2571c5ec62a7629e476d72e8259fa854cfa921b4f83c9
SSDEEP

49152:suI4s4xwYeRQXEEpusP5uKKNeEzo/I/P5jaYRTkTun99ZS6Y0fxfNrBFS:b2Q30rNeEzoiP5ja0397Sb0fxfNrfS

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2940	NFWCHK.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
380	drfone_setup_full3824 (1).exe
380	drfone_setup_full3824 (1).exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 380 wrote to memory of 2940	380	drfone_setup_full3824 (1).exe	66
PID 380 wrote to memory of 2940	380	drfone_setup_full3824 (1).exe	66

C:\Users\Admin\AppData\Local\Temp\drfone_setup_full3824 (1).exe
"C:\Users\Admin\AppData\Local\Temp\drfone_setup_full3824 (1).exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:380
- C:\Users\Public\Documents\Wondershare\NFWCHK.exe
  C:\Users\Public\Documents\Wondershare\NFWCHK.exe
  2⤵
  - Executes dropped EXE
  PID:2940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Wondershare\WAE\wsWAE.log

Filesize
496B

MD5
90fbfea8ef110ab52157b6e2e3b1effa

SHA1
0f8b597cd50e3906ede8f36c983dc942bf834138

SHA256
fcd9525ba8b892be9879eb032df93f651d032d7c2efc3067ca3196ee27f2540e

SHA512
8a03d8c4ff5b0f9790a7ac17355f3f35da1808a399ecbb4b8b6f8e55413a9bfecfc91931306f1c10790e0a279755e478c2387f478730fa6e25a3bb59620ec63f

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsduilib.log

Filesize
677B

MD5
e0661428ebc79b7ecc64ad785dfacdf2

SHA1
b6d4260585b81c0e64df807f579694ef4f6960a2

SHA256
f9dd882f5a9148416de0fef8afa2a96fdd4249b2cca1866011d2c28b0b2b1865

SHA512
bd17a6fb700f411809c3ce2109c519d96ac72d31e60544149845c2a902b6e86f715f27afcf6411da1dac51a5c2c6e49c73a2b2b3467e03ac15b6b36cd657d242

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsduilib.log

Filesize
4KB

MD5
5c0857a2500dacfc431e99786064be41

SHA1
f65fbfe4a41f12c0b84e54317fa11c9775fb95ef

SHA256
2e49b5463accdf0c87a5d7e22d44437304f11173d20b17de3fd3ee41cf67fabe

SHA512
d81485ba4dd9f35ca4e33129a46f8a8c48a0ede7d4b1a527c4f7a9a5706756cb7a0cefdc21df001c8a9d5708ffc6914c279136b185b999bbe4c0586cb1c468ad

Download Submit
C:\Users\Public\Documents\Wondershare\NFWCHK.exe

Filesize
7KB

MD5
27cfb3990872caa5930fa69d57aefe7b

SHA1
5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

SHA256
43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

SHA512
a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

Download Submit
C:\Users\Public\Documents\Wondershare\NFWCHK.exe

Filesize
7KB

MD5
27cfb3990872caa5930fa69d57aefe7b

SHA1
5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

SHA256
43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

SHA512
a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

Download Submit
C:\Users\Public\Documents\Wondershare\NFWCHK.exe.config

Filesize
229B

MD5
ad0967a0ab95aa7d71b3dc92b71b8f7a

SHA1
ed63f517e32094c07a2c5b664ed1cab412233ab5

SHA256
9c1212bc648a2533b53a2d0afcec518846d97630afb013742a9622f0df7b04fc

SHA512
85766a907331f60044ec205cf345453fc3d44bfcac296ac93a12e8a752b84290dfd94f73b71de82f46f9503177d29602cbb87549f89dc61373d889b4ea26634b

Download Submit
memory/2940-1195-0x0000000000D20000-0x0000000000D28000-memory.dmp

Filesize
32KB

Download
memory/2940-1196-0x00000000014D0000-0x00000000014F4000-memory.dmp

Filesize
144KB

Download
memory/2940-1197-0x0000000002DE0000-0x0000000002DF8000-memory.dmp

Filesize
96KB

Download
memory/2940-1198-0x0000000002E20000-0x0000000002E40000-memory.dmp

Filesize
128KB

Download
memory/2940-1199-0x0000000002EA0000-0x0000000002EB0000-memory.dmp

Filesize
64KB

Download
memory/2940-1200-0x000000001BC20000-0x000000001BF2E000-memory.dmp

Filesize
3.1MB

Download
memory/2940-1201-0x000000001C330000-0x000000001C379000-memory.dmp

Filesize
292KB

Download
memory/2940-1202-0x000000001C3F0000-0x000000001C452000-memory.dmp

Filesize
392KB

Download
memory/2940-1203-0x000000001C930000-0x000000001CDFE000-memory.dmp

Filesize
4.8MB

Download
memory/2940-1204-0x000000001CEA0000-0x000000001CF3C000-memory.dmp

Filesize
624KB

Download
memory/2940-1205-0x0000000002E60000-0x0000000002E68000-memory.dmp

Filesize
32KB

Download
memory/2940-1206-0x000000001D350000-0x000000001D38E000-memory.dmp

Filesize
248KB

Download