Overview

overview

3

Static

static

3

ha_VideoEd...er.exe

windows7-x64

1

ha_VideoEd...er.exe

windows10-2004-x64

3

ha_VideoEd...er.exe

windows7-x64

1

ha_VideoEd...er.exe

windows10-2004-x64

1

ha_VideoEd...��.url

windows7-x64

1

ha_VideoEd...��.url

windows10-2004-x64

1

ha_VideoEd...��.exe

windows7-x64

1

ha_VideoEd...��.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    214s
  • max time network
    230s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 03:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ha_VideoEditMaster-v1.8/VideoEditMaster.exe

  • Size

    506KB

  • MD5

    a8e214cd436eb75aa00475286cc89e19

  • SHA1

    903490eac03d4f0688b0ef3c90f3e58242aeec9f

  • SHA256

    a90c1d403639522f2b8e6efa43d1a61b0fe9e5c4c69ec9f4e1b58f903c83fa00

  • SHA512

    6517fe8e5e15523d5d9e975c2e49f88470c2a3dc4be0e5167781c3580c4577cb8bb26f06f231e18cabe6307b7803e4eda87caa8af589189f2a5bf35a69c8e240

  • SSDEEP

    6144:EFTHM/qgBGbSK70WAj/bNSkm48fYZycG0Dk1ayxYGv1zg3UqbXavRrEXqG+O:EFs/kb1nAj/5SZYpSY4g3UQKvRJG

Score
3/10

Malware Config

Signatures

  • Program crash 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ha_VideoEditMaster-v1.8\VideoEditMaster.exe
    "C:\Users\Admin\AppData\Local\Temp\ha_VideoEditMaster-v1.8\VideoEditMaster.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    PID:1132
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 224
      2⤵
      • Program crash
      PID:5088
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 632
      2⤵
      • Program crash
      PID:3580
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1132 -ip 1132
    1⤵
      PID:896
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 1132 -ip 1132
      1⤵
        PID:5060

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1132-0-0x0000000000400000-0x00000000004F6000-memory.dmp

        Filesize

        984KB

        Download

      • memory/1132-9-0x0000000000400000-0x00000000004F6000-memory.dmp

        Filesize

        984KB

        Download