f5dbc0ed5238807fd7a05f563e6f6c215708f2ef4f35b2b957659f88fbf52e60

Analysis

max time kernel
1795s
max time network
1806s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 19:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ThunderSoft Flash to Video Converter 5.2.0.exe
Size

16.6MB
MD5

23ba577cf7061da608cbcf5827dbfe13
SHA1

fe4fef8a84142c5138b3ac12e5df2fb182bc4c33
SHA256

f5dbc0ed5238807fd7a05f563e6f6c215708f2ef4f35b2b957659f88fbf52e60
SHA512

90a71b5cd44626cff146802adf644e0816eb9974850e726b1e7f8e66ae7d56d562459d48b9106f6f7b0182ff4513cdb783ae9a806583b9e6fbdd518e6f6d5e51
SSDEEP

393216:WIBjNqG0llTzhmldMp3dbtD1rzBx4Ol4l16Vh5MaW7vooZ9vVRB:PsDhml6p39thhxK16VE9voo3B

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp

Loads dropped DLL 4 IoCs

pid	Process
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp
4868	ThunderSoft Flash to Video Converter 5.2.0.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5056 wrote to memory of 4868	5056	ThunderSoft Flash to Video Converter 5.2.0.exe	95
PID 5056 wrote to memory of 4868	5056	ThunderSoft Flash to Video Converter 5.2.0.exe	95
PID 5056 wrote to memory of 4868	5056	ThunderSoft Flash to Video Converter 5.2.0.exe	95

C:\Users\Admin\AppData\Local\Temp\ThunderSoft Flash to Video Converter 5.2.0.exe
"C:\Users\Admin\AppData\Local\Temp\ThunderSoft Flash to Video Converter 5.2.0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5056
- C:\Users\Admin\AppData\Local\Temp\is-T98M6.tmp\ThunderSoft Flash to Video Converter 5.2.0.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-T98M6.tmp\ThunderSoft Flash to Video Converter 5.2.0.tmp" /SL5="$9020E,17046573,67072,C:\Users\Admin\AppData\Local\Temp\ThunderSoft Flash to Video Converter 5.2.0.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3688 --field-trial-handle=3112,i,1786399861560734457,5606877702857066305,262144 --variations-seed-version /prefetch:8
1⤵
PID:4908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1268 --field-trial-handle=3112,i,1786399861560734457,5606877702857066305,262144 --variations-seed-version /prefetch:8
1⤵
PID:3568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-3DTNR.tmp\ISTask.dll

Filesize
66KB

MD5
86a1311d51c00b278cb7f27796ea442e

SHA1
ac08ac9d08f8f5380e2a9a65f4117862aa861a19

SHA256
e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d

SHA512
129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3DTNR.tmp\VclStylesInno.dll

Filesize
3.0MB

MD5
b0ca93ceb050a2feff0b19e65072bbb5

SHA1
7ebbbbe2d2acd8fd516f824338d254a33b69f08d

SHA256
0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

SHA512
37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T98M6.tmp\ThunderSoft Flash to Video Converter 5.2.0.tmp

Filesize
913KB

MD5
30571cb5b76edfa481dc52346ec8526c

SHA1
0f1ac53282a6adf0388ef65f45a967447e65b685

SHA256
d2713609b5c74e889b38a4ee7853da7b5a0dc99cab6c7011d592661cb0697212

SHA512
f690066f6526398c80b17c0e2d572a8b6e1a7d3e56279f5b23b72a030808bfae9dd756667e557aeb6313459e9c10836214acfda19de1aaf209bd92bf49be215c

Download Submit
memory/4868-52-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-58-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-22-0x00000000074A0000-0x00000000077BA000-memory.dmp

Filesize
3.1MB

Download
memory/4868-24-0x0000000007910000-0x0000000007911000-memory.dmp

Filesize
4KB

Download
memory/4868-53-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-26-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-27-0x0000000007920000-0x0000000007921000-memory.dmp

Filesize
4KB

Download
memory/4868-28-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-29-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-30-0x0000000007930000-0x0000000007931000-memory.dmp

Filesize
4KB

Download
memory/4868-31-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-32-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-33-0x0000000007940000-0x0000000007941000-memory.dmp

Filesize
4KB

Download
memory/4868-34-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-35-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-36-0x0000000007950000-0x0000000007951000-memory.dmp

Filesize
4KB

Download
memory/4868-37-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-38-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-39-0x0000000007960000-0x0000000007961000-memory.dmp

Filesize
4KB

Download
memory/4868-40-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-41-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-43-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-44-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-46-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-45-0x0000000007980000-0x0000000007981000-memory.dmp

Filesize
4KB

Download
memory/4868-47-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-42-0x0000000007970000-0x0000000007971000-memory.dmp

Filesize
4KB

Download
memory/4868-48-0x0000000007990000-0x0000000007991000-memory.dmp

Filesize
4KB

Download
memory/4868-49-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-50-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-51-0x00000000079A0000-0x00000000079A1000-memory.dmp

Filesize
4KB

Download
memory/4868-8-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/4868-25-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-16-0x0000000007270000-0x0000000007286000-memory.dmp

Filesize
88KB

Download
memory/4868-78-0x0000000007A30000-0x0000000007A31000-memory.dmp

Filesize
4KB

Download
memory/4868-54-0x00000000079B0000-0x00000000079B1000-memory.dmp

Filesize
4KB

Download
memory/4868-57-0x00000000079C0000-0x00000000079C1000-memory.dmp

Filesize
4KB

Download
memory/4868-56-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-59-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-60-0x00000000079D0000-0x00000000079D1000-memory.dmp

Filesize
4KB

Download
memory/4868-61-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-62-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-63-0x00000000079E0000-0x00000000079E1000-memory.dmp

Filesize
4KB

Download
memory/4868-64-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-65-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-66-0x00000000079F0000-0x00000000079F1000-memory.dmp

Filesize
4KB

Download
memory/4868-67-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-68-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-70-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-71-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-72-0x0000000007A10000-0x0000000007A11000-memory.dmp

Filesize
4KB

Download
memory/4868-73-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-74-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-76-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-77-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-75-0x0000000007A20000-0x0000000007A21000-memory.dmp

Filesize
4KB

Download
memory/4868-69-0x0000000007A00000-0x0000000007A01000-memory.dmp

Filesize
4KB

Download
memory/4868-55-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-79-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-80-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-81-0x0000000007A40000-0x0000000007A41000-memory.dmp

Filesize
4KB

Download
memory/4868-82-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-83-0x00000000077C0000-0x0000000007900000-memory.dmp

Filesize
1.2MB

Download
memory/4868-86-0x0000000007390000-0x0000000007391000-memory.dmp

Filesize
4KB

Download
memory/4868-95-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/4868-99-0x0000000007390000-0x0000000007391000-memory.dmp

Filesize
4KB

Download
memory/5056-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/5056-93-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download