Overview

overview

7

Static

static

3

ShareX-15....up.exe

windows7-x64

7

ShareX-15....up.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    364s
  • max time network
    309s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-11-2023 22:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ShareX-15.0.1.247-setup.exe

  • Size

    38.0MB

  • MD5

    c3e1ed2272cdee364ae9bc44416f9aaa

  • SHA1

    f59dd715356962a6aecad106d98bf03d877dc363

  • SHA256

    45a98ef3dd7deeb1482f9947478d1b3b0f557ac97da9daf07cdb178dc643574b

  • SHA512

    f1f00247dc4016936591b1c3b829db7b5b178e570903cbe8c7f635a55d5af416f35ba3c8ff8358819d6d43c124accbe19514935c30d04d23adbab2d75c6dc14f

  • SSDEEP

    786432:HBBChzrCK3e2DiJrchbvnFPPlbaYgBGjbl+wxvECCuW+R3pcKLmVuEb:HTYzrCWhbPFleYgBGjB+wZcuW+JpcWmn

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ShareX-15.0.1.247-setup.exe
    "C:\Users\Admin\AppData\Local\Temp\ShareX-15.0.1.247-setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Users\Admin\AppData\Local\Temp\is-7TTGH.tmp\ShareX-15.0.1.247-setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-7TTGH.tmp\ShareX-15.0.1.247-setup.tmp" /SL5="$401F8,39009769,832512,C:\Users\Admin\AppData\Local\Temp\ShareX-15.0.1.247-setup.exe"
      2⤵
      • Executes dropped EXE
      PID:3648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-7TTGH.tmp\ShareX-15.0.1.247-setup.tmp
    Filesize

    3.1MB

    MD5

    241e4352ea52a1b3bede8a71d9750f0c

    SHA1

    42d1531957d3c2547c73ca683e723bfc13d338fd

    SHA256

    fc904a2909a5699e7b4680f09ada00ac2bef124447e45b9db91e53a5e4636f36

    SHA512

    68fb9f533bb9cab81bf068291a1b40464fafc7b43e72a16232f07e81c7cb75b6c5ac40ec3a40dabfc88fd16732d102e7d14cfc1ac016cfccd24ccf1019295b4b

    Download Submit

  • memory/2008-1-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/2008-8-0x0000000000400000-0x00000000004D8000-memory.dmp

    Filesize

    864KB

    Download

  • memory/3648-6-0x0000000002810000-0x0000000002811000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3648-9-0x0000000000400000-0x000000000071C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3648-10-0x0000000002810000-0x0000000002811000-memory.dmp

    Filesize

    4KB

    Download