f3edf34bbcf130a6fb8e2683b6f849511b15d48015f1bc0bd3d68cc36fd28f7c

Analysis

max time kernel
142s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
05/06/2023, 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

free-heic-converter.exe
Size

13.4MB
MD5

7b0cf22cd697f52f254a6b048b8cee8f
SHA1

588a9c6d8f34ae1aa8826725567024bf165eb178
SHA256

f3edf34bbcf130a6fb8e2683b6f849511b15d48015f1bc0bd3d68cc36fd28f7c
SHA512

47e910927ffe9bac98c07a4a65553192e24537f36690e7550ece474f5c8549ac3380ffc502af45a9661439339adb0cf667fd70be296e280424c6be71a1cbbf67
SSDEEP

196608:N5VLHyumViiMOt+WeLHG+lNW32yR/SZ19dWT5Brxcqpb/NySOJeuVh:NTHEVjMPWeLG+ORS70rVbhOJeUh

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1964	free-heic-converter.tmp

Loads dropped DLL 1 IoCs

pid	Process
1976	free-heic-converter.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1964	free-heic-converter.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 1964	1976	free-heic-converter.exe	28
PID 1976 wrote to memory of 1964	1976	free-heic-converter.exe	28
PID 1976 wrote to memory of 1964	1976	free-heic-converter.exe	28
PID 1976 wrote to memory of 1964	1976	free-heic-converter.exe	28
PID 1976 wrote to memory of 1964	1976	free-heic-converter.exe	28
PID 1976 wrote to memory of 1964	1976	free-heic-converter.exe	28
PID 1976 wrote to memory of 1964	1976	free-heic-converter.exe	28

C:\Users\Admin\AppData\Local\Temp\free-heic-converter.exe
"C:\Users\Admin\AppData\Local\Temp\free-heic-converter.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Users\Admin\AppData\Local\Temp\is-7L8U7.tmp\free-heic-converter.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-7L8U7.tmp\free-heic-converter.tmp" /SL5="$70126,13527682,221184,C:\Users\Admin\AppData\Local\Temp\free-heic-converter.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-7L8U7.tmp\free-heic-converter.tmp

Filesize
1.5MB

MD5
9b9c0b17cab39d85788c89d0d2030d34

SHA1
979a67d3bb9f2e5bdb2c50e837eac936c14e6ae8

SHA256
627f7bf8d71d49196cb8c8e29729c59824f096e461a7d611fc41a369e98237c2

SHA512
051c80ecdaa2b2a8f36c41aecfa04137e9fd44b8db28f331afdf37ed6ab33cf739d94ce568984d9d64749eb060374c1100bdd26c8878bf24fef820417f972f24

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MP2G6.tmp\setup_zh_TW.bmp

Filesize
150KB

MD5
22e40357e7fa83b1be4d5690266caf67

SHA1
aeb33dbbf2a6af5b496c2de6e1ead843b49bad3c

SHA256
ca70dc26a5de92db16895f9208dda2cf423914279bf95c9af34e2636f7cc23a6

SHA512
dac41ad4d467349b00175810abdb4205e8ee306b9f1bc97004bb399a64937afb89b9bebdcb6f916cae92dd26ade82bfe9e3d5e1de7fc764e8ee0222c2ec185ea

Download Submit
\Users\Admin\AppData\Local\Temp\is-7L8U7.tmp\free-heic-converter.tmp

Filesize
1.5MB

MD5
9b9c0b17cab39d85788c89d0d2030d34

SHA1
979a67d3bb9f2e5bdb2c50e837eac936c14e6ae8

SHA256
627f7bf8d71d49196cb8c8e29729c59824f096e461a7d611fc41a369e98237c2

SHA512
051c80ecdaa2b2a8f36c41aecfa04137e9fd44b8db28f331afdf37ed6ab33cf739d94ce568984d9d64749eb060374c1100bdd26c8878bf24fef820417f972f24

Download Submit
memory/1964-61-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1964-74-0x0000000000400000-0x0000000000593000-memory.dmp

Filesize
1.6MB

Download
memory/1964-75-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1976-54-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1976-73-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads