3516daea39ccb9fead27e8ba5879375a08b20a428264a7c1be6db1be7765b0fe

Analysis

max time kernel
148s
max time network
72s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
22/11/2023, 05:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UVR_v5.6.0_setup.exe
Size

1615.3MB
MD5

448638eb178e28f925a9bb1e368ca4ea
SHA1

27420bdc9ae2ea6bd680523013e10a7ce5204815
SHA256

3516daea39ccb9fead27e8ba5879375a08b20a428264a7c1be6db1be7765b0fe
SHA512

61a3899b763dd91b0821c451c241d5b304f64cc239d5c09f1ea675483b410521184da1ad8c76ad9249bc904ed58a3798ad61adfc9b4dce1e35a63122513be61d
SSDEEP

50331648:T6kVP5utbj9gwCLULByDfnfR4bOeUjQMVgvwZt5l5Z:T6kVP5uVJRgmefSGQM6vwvj

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2800	UVR_v5.6.0_setup.tmp

Loads dropped DLL 1 IoCs

pid	Process
2736	UVR_v5.6.0_setup.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2800	UVR_v5.6.0_setup.tmp
2800	UVR_v5.6.0_setup.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2800	UVR_v5.6.0_setup.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 2800	2736	UVR_v5.6.0_setup.exe	30
PID 2736 wrote to memory of 2800	2736	UVR_v5.6.0_setup.exe	30
PID 2736 wrote to memory of 2800	2736	UVR_v5.6.0_setup.exe	30
PID 2736 wrote to memory of 2800	2736	UVR_v5.6.0_setup.exe	30
PID 2736 wrote to memory of 2800	2736	UVR_v5.6.0_setup.exe	30
PID 2736 wrote to memory of 2800	2736	UVR_v5.6.0_setup.exe	30
PID 2736 wrote to memory of 2800	2736	UVR_v5.6.0_setup.exe	30

C:\Users\Admin\AppData\Local\Temp\UVR_v5.6.0_setup.exe
"C:\Users\Admin\AppData\Local\Temp\UVR_v5.6.0_setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Users\Admin\AppData\Local\Temp\is-15GCF.tmp\UVR_v5.6.0_setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-15GCF.tmp\UVR_v5.6.0_setup.tmp" /SL5="$400F4,1692846395,1187328,C:\Users\Admin\AppData\Local\Temp\UVR_v5.6.0_setup.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:2800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\Ultimate Vocal Remover\gui_data\tkinterdnd2\tkdnd\win64\is-6RQK3.tmp

Filesize
20KB

MD5
d97e74d2564d9320b8155719aa20082b

SHA1
7e3d5a6662cb1ff689f789dcd897ef26c9926113

SHA256
16626177ea9b44c6926e1eed73ec5895f404781e80ada709bac979a32e6cf336

SHA512
2464e33235977ff1699fc3a622d1b22b1a0e1b86d1cfcbe960e63ff29a8586e607a996d4a8f14bd4cdd6ef9981d45e9e6994bb20aa0718275df85243ff5d4318

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ultimate Vocal Remover\gui_data\tkinterdnd2\tkdnd\win64\is-A7GRT.tmp

Filesize
30KB

MD5
762d876a00609f4f218f68d2341aa3a7

SHA1
0938611aafe8bea25a1f333cb0c9cbec07f05c7a

SHA256
58ae355597350fa0aed8cfc6e08a95a2a464f9646a1f09c4124c2aaecf2e39b3

SHA512
67295f99bf732cf044b7d55c683cfd0e2cd927faadfb7658f923dfa8810db1a19e9bfdceacc7919d2bccf860941dfd378ddc489fc8d62be4a9eed7c69ac1abfa

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ultimate Vocal Remover\gui_data\tkinterdnd2\tkdnd\win64\is-B9SKS.tmp

Filesize
6KB

MD5
77d2ba6c86d0076f5eb13b2ef72e01d5

SHA1
9bbf543f49daf012916481f4bdefc500037d79d1

SHA256
58b0aebd287df1d2cfe16231847b786ac9a3a2d18fff2a8a37955510221d10f5

SHA512
f86c4448008fd6457db24b5dd71e220b026c44f5102d53fb87d9e2444f9ec8e95b1ff810f0c66a340f1344cdffa925a58526a675eed3ba96764f46c2fe1f0a28

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ultimate Vocal Remover\gui_data\tkinterdnd2\tkdnd\win64\is-E6EAB.tmp

Filesize
15KB

MD5
289c3eebd678f7819d5a271d8dcecc03

SHA1
8db97c8a743455053ded9f0a021276f31aa95c61

SHA256
01b05381ac0c165cab784a91b298834bba54e70b011a3c3c2b65245fb8c00eca

SHA512
d94c9ec35479ba33348e1992dde8c77701ccc68eeb32953182557b1c06159bd31aa4710ff4b353895ecf760d3c5d13dbe55750aa07cfdd5177552e5ba53b1de9

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ultimate Vocal Remover\gui_data\tkinterdnd2\tkdnd\win64\is-G457U.tmp

Filesize
9KB

MD5
44f09e162057bb8aebf04ee4f322ef11

SHA1
c58121d9a6aa82e4cb768b99ea86b027acaaaadb

SHA256
42c2bf8fc2de73587f7d7e5136a2e6b2bff840b5652f835156fc09dc1e9af33c

SHA512
3d99a62b79d10ba8d06da5be5ded955de288340c46aa33d7ffb61d73fbe0329e99e938ca2e80ede8997f6216b595035b73e7f83362848e6d9f56354f591d4be6

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ultimate Vocal Remover\gui_data\tkinterdnd2\tkdnd\win64\is-NQ2UE.tmp

Filesize
7KB

MD5
ae5740477fda6bce131bdd5211e9dac2

SHA1
4b0cb13ba6779bb3621676d944fd85e9eb61a22e

SHA256
7b7b522a769fcb5d1484891685bc3c0ee4967899317caa0547ab0e8d1d6e808f

SHA512
253279fcbe6695c73c9a80356005aecc4de01bd38b0a025c18f54a642b7c7169318457e1b469de04d0be0e3a878bfd5d7e23074fe351b7e4f9e6823e755ba5b7

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ultimate Vocal Remover\gui_data\tkinterdnd2\tkdnd\win64\is-U2Q7B.tmp

Filesize
6KB

MD5
0c673498a2040d64ece20fface814458

SHA1
e249e8546fd545ddd4e968346361e704ead5aac1

SHA256
c8898c4ecd49b1145aea54190682f831bd54974d5d382f3df8fd2204f25aafad

SHA512
cbf91f9e9c91ee0baae02f6fdfe1feb9f312d4fc4158ff940b9e740e2b9c56fbb735af3fbf69320dd923689e60863717b711bc66306b6b9ce0e9c8db9b877396

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ultimate Vocal Remover\is-UKRJ9.tmp

Filesize
418KB

MD5
108f39237a3cc98d7ebf1f8a4230f8cb

SHA1
787e9a4a384f83415a02ec5c2665f16acf03dd13

SHA256
3692a6539c18b443e91fb18a932f29bfb3cbbccf8eb4151b06674656ee138a4d

SHA512
d0916385b37cd4107d71e300b7313630317a2c761fa7f4046cb201d5d68077b4ebaf87d75a40147fc8b87134b29332f388914f5dc9a301675d43147c297be4f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-15GCF.tmp\UVR_v5.6.0_setup.tmp

Filesize
3.4MB

MD5
cb917e494c99ad24fe6d7f1e4317b522

SHA1
60d9d175f23b0a6e6caefa4012c4f34a8d99e6e5

SHA256
dc8a688c932faa4d1163100675b4218de7b8a8eefa73d213cc09ca9ff9fdf9e0

SHA512
18cb9935f4cd75a4ef4a603ce6536e4f122b921c3ccddeb4d8fdaec95adafd015751551a92af1ff50ad157680b35c4a59159b13a9ae2cbcdfa422b88fed5d7fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-15GCF.tmp\UVR_v5.6.0_setup.tmp

Filesize
3.4MB

MD5
cb917e494c99ad24fe6d7f1e4317b522

SHA1
60d9d175f23b0a6e6caefa4012c4f34a8d99e6e5

SHA256
dc8a688c932faa4d1163100675b4218de7b8a8eefa73d213cc09ca9ff9fdf9e0

SHA512
18cb9935f4cd75a4ef4a603ce6536e4f122b921c3ccddeb4d8fdaec95adafd015751551a92af1ff50ad157680b35c4a59159b13a9ae2cbcdfa422b88fed5d7fd

Download Submit
\Users\Admin\AppData\Local\Temp\is-15GCF.tmp\UVR_v5.6.0_setup.tmp

Filesize
3.4MB

MD5
cb917e494c99ad24fe6d7f1e4317b522

SHA1
60d9d175f23b0a6e6caefa4012c4f34a8d99e6e5

SHA256
dc8a688c932faa4d1163100675b4218de7b8a8eefa73d213cc09ca9ff9fdf9e0

SHA512
18cb9935f4cd75a4ef4a603ce6536e4f122b921c3ccddeb4d8fdaec95adafd015751551a92af1ff50ad157680b35c4a59159b13a9ae2cbcdfa422b88fed5d7fd

Download Submit
memory/2736-9-0x0000000000400000-0x000000000052F000-memory.dmp

Filesize
1.2MB

Download
memory/2736-0-0x0000000000400000-0x000000000052F000-memory.dmp

Filesize
1.2MB

Download
memory/2800-13-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2800-10-0x0000000000400000-0x000000000076A000-memory.dmp

Filesize
3.4MB

Download
memory/2800-27-0x0000000000400000-0x000000000076A000-memory.dmp

Filesize
3.4MB

Download
memory/2800-7-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2800-30-0x0000000000400000-0x000000000076A000-memory.dmp

Filesize
3.4MB

Download
memory/2800-480-0x0000000000400000-0x000000000076A000-memory.dmp

Filesize
3.4MB

Download
memory/2800-486-0x0000000000400000-0x000000000076A000-memory.dmp

Filesize
3.4MB

Download
memory/2800-520-0x0000000000400000-0x000000000076A000-memory.dmp

Filesize
3.4MB

Download
memory/2800-574-0x0000000000400000-0x000000000076A000-memory.dmp

Filesize
3.4MB

Download