45a98ef3dd7deeb1482f9947478d1b3b0f557ac97da9daf07cdb178dc643574b

Analysis

max time kernel
365s
max time network
412s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
01/11/2023, 22:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ShareX-15.0.1.247-setup.exe
Size

38.0MB
MD5

c3e1ed2272cdee364ae9bc44416f9aaa
SHA1

f59dd715356962a6aecad106d98bf03d877dc363
SHA256

45a98ef3dd7deeb1482f9947478d1b3b0f557ac97da9daf07cdb178dc643574b
SHA512

f1f00247dc4016936591b1c3b829db7b5b178e570903cbe8c7f635a55d5af416f35ba3c8ff8358819d6d43c124accbe19514935c30d04d23adbab2d75c6dc14f
SSDEEP

786432:HBBChzrCK3e2DiJrchbvnFPPlbaYgBGjbl+wxvECCuW+R3pcKLmVuEb:HTYzrCWhbPFleYgBGjB+wZcuW+JpcWmn

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3000	ShareX-15.0.1.247-setup.tmp

Loads dropped DLL 1 IoCs

pid	Process
2608	ShareX-15.0.1.247-setup.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3000	ShareX-15.0.1.247-setup.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3000	ShareX-15.0.1.247-setup.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 3000	2608	ShareX-15.0.1.247-setup.exe	28
PID 2608 wrote to memory of 3000	2608	ShareX-15.0.1.247-setup.exe	28
PID 2608 wrote to memory of 3000	2608	ShareX-15.0.1.247-setup.exe	28
PID 2608 wrote to memory of 3000	2608	ShareX-15.0.1.247-setup.exe	28
PID 2608 wrote to memory of 3000	2608	ShareX-15.0.1.247-setup.exe	28
PID 2608 wrote to memory of 3000	2608	ShareX-15.0.1.247-setup.exe	28
PID 2608 wrote to memory of 3000	2608	ShareX-15.0.1.247-setup.exe	28

C:\Users\Admin\AppData\Local\Temp\ShareX-15.0.1.247-setup.exe
"C:\Users\Admin\AppData\Local\Temp\ShareX-15.0.1.247-setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Users\Admin\AppData\Local\Temp\is-4RE3K.tmp\ShareX-15.0.1.247-setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-4RE3K.tmp\ShareX-15.0.1.247-setup.tmp" /SL5="$B0158,39009769,832512,C:\Users\Admin\AppData\Local\Temp\ShareX-15.0.1.247-setup.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  PID:3000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Cab678B.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar681B.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4RE3K.tmp\ShareX-15.0.1.247-setup.tmp

Filesize
3.1MB

MD5
241e4352ea52a1b3bede8a71d9750f0c

SHA1
42d1531957d3c2547c73ca683e723bfc13d338fd

SHA256
fc904a2909a5699e7b4680f09ada00ac2bef124447e45b9db91e53a5e4636f36

SHA512
68fb9f533bb9cab81bf068291a1b40464fafc7b43e72a16232f07e81c7cb75b6c5ac40ec3a40dabfc88fd16732d102e7d14cfc1ac016cfccd24ccf1019295b4b

Download Submit
\Users\Admin\AppData\Local\Temp\is-4RE3K.tmp\ShareX-15.0.1.247-setup.tmp

Filesize
3.1MB

MD5
241e4352ea52a1b3bede8a71d9750f0c

SHA1
42d1531957d3c2547c73ca683e723bfc13d338fd

SHA256
fc904a2909a5699e7b4680f09ada00ac2bef124447e45b9db91e53a5e4636f36

SHA512
68fb9f533bb9cab81bf068291a1b40464fafc7b43e72a16232f07e81c7cb75b6c5ac40ec3a40dabfc88fd16732d102e7d14cfc1ac016cfccd24ccf1019295b4b

Download Submit
memory/2608-116-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2608-10-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2608-1-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3000-12-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/3000-30-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/3000-32-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/3000-28-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/3000-11-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/3000-112-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/3000-114-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/3000-8-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download