844f54c4acf1abbd51612cc9d4470e2e3a937106e5be69bc94bba7859fb748cd

Analysis

max time kernel
140s
max time network
134s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12-10-2023 02:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OBS-Studio-27.0.1-Full-Installer-x64.exe
Size

85.8MB
MD5

730cfe31b344ba77d87d0a896af710d4
SHA1

501f07ba462a0abdfae395c315c0c09700c3f0ed
SHA256

844f54c4acf1abbd51612cc9d4470e2e3a937106e5be69bc94bba7859fb748cd
SHA512

f6fd14c17f04537b8560df50f4832a3e8629e830d14ac15a9d0793ebba73b3bb2007f14a1b22449b00f867a5926ecfde34806475ea7c5611db77842da9a3357d
SSDEEP

1572864:d/nuo3sUzxWf/uIh8lZQC8OeTLRRQ+v2FwnT9GGpLLHV5mo6AnN3LfNR:d/u1AWf/YLQC8vUnFwnT9z3zm+3LV

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2736	OBS-Studio-27.0.1-Full-Installer-x64.exe
2736	OBS-Studio-27.0.1-Full-Installer-x64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2736	OBS-Studio-27.0.1-Full-Installer-x64.exe

C:\Users\Admin\AppData\Local\Temp\OBS-Studio-27.0.1-Full-Installer-x64.exe
"C:\Users\Admin\AppData\Local\Temp\OBS-Studio-27.0.1-Full-Installer-x64.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsjF559.tmp\InstallOptions.dll

Filesize
15KB

MD5
0a9fb96a7579b685ec36b17fc354e6a3

SHA1
355754104dd47d5fcf8918dee0dc2e2ee53390a6

SHA256
b34fb342f21d690aac024b6f48a597e78d15791ef480ac55159cd585d0f64af7

SHA512
67870206fa7f1e7df45c8c1bc2f51fb430f0a048a2bdb55a4a41525388ca3b50203784537f139169705a03db4bb13b591162a79a5d2df81a4d11fd849615c86b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjF559.tmp\ioSpecial.ini

Filesize
1KB

MD5
c3f59454f1214f3b6f6625e963766820

SHA1
2f43ad214c1f27b7ff098e1719995ad0d64d51d1

SHA256
e10e6d130047654adf24f1a9ac7a9acdf93f04a86d9da76e2dc31597f23b237e

SHA512
5e918187ca863ada46e16a21bc4b585e437a341de3433afea3e53c0ff8564cd44d3926ad0ca510efb3e5caeb4fa5e214dca66d748e80b222d97f968632d497f8

Download Submit
\Users\Admin\AppData\Local\Temp\nsjF559.tmp\InstallOptions.dll

Filesize
15KB

MD5
0a9fb96a7579b685ec36b17fc354e6a3

SHA1
355754104dd47d5fcf8918dee0dc2e2ee53390a6

SHA256
b34fb342f21d690aac024b6f48a597e78d15791ef480ac55159cd585d0f64af7

SHA512
67870206fa7f1e7df45c8c1bc2f51fb430f0a048a2bdb55a4a41525388ca3b50203784537f139169705a03db4bb13b591162a79a5d2df81a4d11fd849615c86b

Download Submit
\Users\Admin\AppData\Local\Temp\nsjF559.tmp\InstallOptions.dll

Filesize
15KB

MD5
0a9fb96a7579b685ec36b17fc354e6a3

SHA1
355754104dd47d5fcf8918dee0dc2e2ee53390a6

SHA256
b34fb342f21d690aac024b6f48a597e78d15791ef480ac55159cd585d0f64af7

SHA512
67870206fa7f1e7df45c8c1bc2f51fb430f0a048a2bdb55a4a41525388ca3b50203784537f139169705a03db4bb13b591162a79a5d2df81a4d11fd849615c86b

Download Submit