f5dbc0ed5238807fd7a05f563e6f6c215708f2ef4f35b2b957659f88fbf52e60

Analysis

max time kernel
1792s
max time network
1600s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
06/03/2024, 19:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ThunderSoft Flash to Video Converter 5.2.0.exe
Size

16.6MB
MD5

23ba577cf7061da608cbcf5827dbfe13
SHA1

fe4fef8a84142c5138b3ac12e5df2fb182bc4c33
SHA256

f5dbc0ed5238807fd7a05f563e6f6c215708f2ef4f35b2b957659f88fbf52e60
SHA512

90a71b5cd44626cff146802adf644e0816eb9974850e726b1e7f8e66ae7d56d562459d48b9106f6f7b0182ff4513cdb783ae9a806583b9e6fbdd518e6f6d5e51
SSDEEP

393216:WIBjNqG0llTzhmldMp3dbtD1rzBx4Ol4l16Vh5MaW7vooZ9vVRB:PsDhml6p39thhxK16VE9voo3B

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp

Loads dropped DLL 4 IoCs

pid	Process
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp
2188	ThunderSoft Flash to Video Converter 5.2.0.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1208 wrote to memory of 2188	1208	ThunderSoft Flash to Video Converter 5.2.0.exe	73
PID 1208 wrote to memory of 2188	1208	ThunderSoft Flash to Video Converter 5.2.0.exe	73
PID 1208 wrote to memory of 2188	1208	ThunderSoft Flash to Video Converter 5.2.0.exe	73

C:\Users\Admin\AppData\Local\Temp\ThunderSoft Flash to Video Converter 5.2.0.exe
"C:\Users\Admin\AppData\Local\Temp\ThunderSoft Flash to Video Converter 5.2.0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Users\Admin\AppData\Local\Temp\is-4LBDK.tmp\ThunderSoft Flash to Video Converter 5.2.0.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-4LBDK.tmp\ThunderSoft Flash to Video Converter 5.2.0.tmp" /SL5="$300DE,17046573,67072,C:\Users\Admin\AppData\Local\Temp\ThunderSoft Flash to Video Converter 5.2.0.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-4LBDK.tmp\ThunderSoft Flash to Video Converter 5.2.0.tmp

Filesize
913KB

MD5
30571cb5b76edfa481dc52346ec8526c

SHA1
0f1ac53282a6adf0388ef65f45a967447e65b685

SHA256
d2713609b5c74e889b38a4ee7853da7b5a0dc99cab6c7011d592661cb0697212

SHA512
f690066f6526398c80b17c0e2d572a8b6e1a7d3e56279f5b23b72a030808bfae9dd756667e557aeb6313459e9c10836214acfda19de1aaf209bd92bf49be215c

Download Submit
\Users\Admin\AppData\Local\Temp\is-FKFOD.tmp\ISTask.dll

Filesize
66KB

MD5
86a1311d51c00b278cb7f27796ea442e

SHA1
ac08ac9d08f8f5380e2a9a65f4117862aa861a19

SHA256
e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d

SHA512
129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

Download Submit
\Users\Admin\AppData\Local\Temp\is-FKFOD.tmp\VclStylesInno.dll

Filesize
1.2MB

MD5
cd012a1d5ef9a1c5194207b1e4db1600

SHA1
60011ee2d2d14e80f1f1b9424f4cdb300a1e576b

SHA256
0f1243d11845464c45dc7b5dd8703af86c43d16d5dcce453868fd8163612fca1

SHA512
82686691d8820bddb04f6d10f13418a1d70a5097a01766105d348ed9a71089793a09ec3543061a38194cb8c4bc6c9d08481c6aea8a75a6f146cb57a296ec6139

Download Submit
\Users\Admin\AppData\Local\Temp\is-FKFOD.tmp\VclStylesInno.dll

Filesize
881KB

MD5
4cc2504f28ec6846a5a9c7bb7518dd8d

SHA1
b4a655e889d4ff23d028ac58371ce782481b6e29

SHA256
6ae75881457628fd5995a971a8b63bd6aee3df8f6e1be6b4e5a0eb85c4a6fb6d

SHA512
e14807e584a8dafcd9275fbff006219b28db9d05ddee1eca3a35236e7ce3e537abd4b45c9f824aaafc8a086e1e2be3c8cebf843f77af53be4f9047c9e8cdd5c0

Download Submit
memory/1208-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1208-2-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1208-95-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2188-51-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-57-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-52-0x00000000078B0000-0x00000000078B1000-memory.dmp

Filesize
4KB

Download
memory/2188-26-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-27-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-25-0x0000000007820000-0x0000000007821000-memory.dmp

Filesize
4KB

Download
memory/2188-28-0x0000000007830000-0x0000000007831000-memory.dmp

Filesize
4KB

Download
memory/2188-29-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-31-0x0000000007840000-0x0000000007841000-memory.dmp

Filesize
4KB

Download
memory/2188-30-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-32-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-33-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-34-0x0000000007850000-0x0000000007851000-memory.dmp

Filesize
4KB

Download
memory/2188-35-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-36-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-38-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-37-0x0000000007860000-0x0000000007861000-memory.dmp

Filesize
4KB

Download
memory/2188-39-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-41-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-40-0x0000000007870000-0x0000000007871000-memory.dmp

Filesize
4KB

Download
memory/2188-42-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-43-0x0000000007880000-0x0000000007881000-memory.dmp

Filesize
4KB

Download
memory/2188-45-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-44-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-47-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-46-0x0000000007890000-0x0000000007891000-memory.dmp

Filesize
4KB

Download
memory/2188-48-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-49-0x00000000078A0000-0x00000000078A1000-memory.dmp

Filesize
4KB

Download
memory/2188-50-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-7-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/2188-53-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-54-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-23-0x00000000073B0000-0x00000000076CA000-memory.dmp

Filesize
3.1MB

Download
memory/2188-17-0x0000000007180000-0x0000000007196000-memory.dmp

Filesize
88KB

Download
memory/2188-64-0x00000000078F0000-0x00000000078F1000-memory.dmp

Filesize
4KB

Download
memory/2188-55-0x00000000078C0000-0x00000000078C1000-memory.dmp

Filesize
4KB

Download
memory/2188-59-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-58-0x00000000078D0000-0x00000000078D1000-memory.dmp

Filesize
4KB

Download
memory/2188-62-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-60-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-63-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-56-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-61-0x00000000078E0000-0x00000000078E1000-memory.dmp

Filesize
4KB

Download
memory/2188-65-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-66-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-68-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-69-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-70-0x0000000007910000-0x0000000007911000-memory.dmp

Filesize
4KB

Download
memory/2188-67-0x0000000007900000-0x0000000007901000-memory.dmp

Filesize
4KB

Download
memory/2188-72-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-73-0x0000000007920000-0x0000000007921000-memory.dmp

Filesize
4KB

Download
memory/2188-74-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-75-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-71-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-77-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-76-0x0000000007930000-0x0000000007931000-memory.dmp

Filesize
4KB

Download
memory/2188-78-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-79-0x0000000007940000-0x0000000007941000-memory.dmp

Filesize
4KB

Download
memory/2188-80-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-81-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-82-0x0000000007950000-0x0000000007951000-memory.dmp

Filesize
4KB

Download
memory/2188-83-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-84-0x00000000076D0000-0x0000000007810000-memory.dmp

Filesize
1.2MB

Download
memory/2188-87-0x00000000072A0000-0x00000000072A1000-memory.dmp

Filesize
4KB

Download
memory/2188-99-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/2188-100-0x00000000072A0000-0x00000000072A1000-memory.dmp

Filesize
4KB

Download