cfd6db8c8772825444dfe37e4855f16beb708bfa73199c2e19ff8f04397ce8d7

Analysis

max time kernel
274s
max time network
278s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
09/06/2023, 05:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

FabFilter - Total Bundle/Setup FabFilter Total Bundle v2018.02.22.exe
Size

35.8MB
MD5

4be6bf4fe06430b35dacf3f84e521ce3
SHA1

f42ca2e72149fcba56d9f65c34c9f75cbd5ad632
SHA256

8bf6b314a746c442a1ab89122ea32259f4a7e76c2b230c9cc65a98a1b4ccff13
SHA512

e03a1b323e20594a9bff0fa6662405a8f4d79915c9c26ad2027a7f59d539b1239443868029578f331955f5ae5b713ee569dc565c90f93f6f277d73de3e73abc8
SSDEEP

786432:z8z+ax05rJIxwLDkMKhNOa76YAjKvIMWPjaGYo3HOYHcy8F0deh:z8z+w05GwLYB7hAjKQMGnX18FJh

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3468	Setup FabFilter Total Bundle v2018.02.22.tmp

Loads dropped DLL 3 IoCs

pid	Process
3468	Setup FabFilter Total Bundle v2018.02.22.tmp
3468	Setup FabFilter Total Bundle v2018.02.22.tmp
3468	Setup FabFilter Total Bundle v2018.02.22.tmp

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3468	Setup FabFilter Total Bundle v2018.02.22.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 444 wrote to memory of 3468	444	Setup FabFilter Total Bundle v2018.02.22.exe	83
PID 444 wrote to memory of 3468	444	Setup FabFilter Total Bundle v2018.02.22.exe	83
PID 444 wrote to memory of 3468	444	Setup FabFilter Total Bundle v2018.02.22.exe	83

C:\Users\Admin\AppData\Local\Temp\FabFilter - Total Bundle\Setup FabFilter Total Bundle v2018.02.22.exe
"C:\Users\Admin\AppData\Local\Temp\FabFilter - Total Bundle\Setup FabFilter Total Bundle v2018.02.22.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:444
- C:\Users\Admin\AppData\Local\Temp\is-0Q8EU.tmp\Setup FabFilter Total Bundle v2018.02.22.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-0Q8EU.tmp\Setup FabFilter Total Bundle v2018.02.22.tmp" /SL5="$90040,37093826,407040,C:\Users\Admin\AppData\Local\Temp\FabFilter - Total Bundle\Setup FabFilter Total Bundle v2018.02.22.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:3468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-0Q8EU.tmp\Setup FabFilter Total Bundle v2018.02.22.tmp

Filesize
1.4MB

MD5
efca76c8036622c459a97a29fb999a4e

SHA1
bf3f1aa664942f03fd8458f49a5fb92853ef836c

SHA256
ad1b2414bd9bb475b2b6bdfea72c9be4cca50544ecffdd7298e9b47a2a01ceff

SHA512
f051a1d32e0b39cac89d5de91802b70e81d5aba8e10601b0540f5bf0579b446f3080408cc39884508e390b58715c9a69b98e3575e9adc7ecde7e72b95b3c9636

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CNKN3.tmp\ISSKINU.DLL

Filesize
357KB

MD5
f30afccd6fafc1cad4567ada824c9358

SHA1
60a65b72f208563f90fba0da6af013a36707caa9

SHA256
e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d

SHA512
59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CNKN3.tmp\ISSKINU.DLL

Filesize
357KB

MD5
f30afccd6fafc1cad4567ada824c9358

SHA1
60a65b72f208563f90fba0da6af013a36707caa9

SHA256
e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d

SHA512
59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CNKN3.tmp\R2RINNO.dll

Filesize
5KB

MD5
08f9e8b09fe0026583d594930672f75a

SHA1
94d915e50530271012d44ec9dd3e61a134c850df

SHA256
bf4dc2bb82735324b74e8ccea434f3202ed106cc64f7baab261eb05865c161c6

SHA512
f7fa01e359880680aeb6117c74488be936eee54d9a88bc4b296a244af7103131cc1297cbcfc945bdd0229148747f38d4afe372cfb4797448a1ace633af1ebd65

Download Submit
memory/444-133-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/444-156-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/3468-146-0x0000000003200000-0x0000000003261000-memory.dmp

Filesize
388KB

Download
memory/3468-149-0x0000000003200000-0x0000000003261000-memory.dmp

Filesize
388KB

Download
memory/3468-150-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/3468-154-0x0000000000400000-0x0000000000572000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads