f5dbc0ed5238807fd7a05f563e6f6c215708f2ef4f35b2b957659f88fbf52e60

Analysis

max time kernel
1798s
max time network
1166s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
06/03/2024, 19:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ThunderSoft Flash to Video Converter 5.2.0.exe
Size

16.6MB
MD5

23ba577cf7061da608cbcf5827dbfe13
SHA1

fe4fef8a84142c5138b3ac12e5df2fb182bc4c33
SHA256

f5dbc0ed5238807fd7a05f563e6f6c215708f2ef4f35b2b957659f88fbf52e60
SHA512

90a71b5cd44626cff146802adf644e0816eb9974850e726b1e7f8e66ae7d56d562459d48b9106f6f7b0182ff4513cdb783ae9a806583b9e6fbdd518e6f6d5e51
SSDEEP

393216:WIBjNqG0llTzhmldMp3dbtD1rzBx4Ol4l16Vh5MaW7vooZ9vVRB:PsDhml6p39thhxK16VE9voo3B

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp

Loads dropped DLL 4 IoCs

pid	Process
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp
1180	ThunderSoft Flash to Video Converter 5.2.0.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 716 wrote to memory of 1180	716	ThunderSoft Flash to Video Converter 5.2.0.exe	83
PID 716 wrote to memory of 1180	716	ThunderSoft Flash to Video Converter 5.2.0.exe	83
PID 716 wrote to memory of 1180	716	ThunderSoft Flash to Video Converter 5.2.0.exe	83

C:\Users\Admin\AppData\Local\Temp\ThunderSoft Flash to Video Converter 5.2.0.exe
"C:\Users\Admin\AppData\Local\Temp\ThunderSoft Flash to Video Converter 5.2.0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:716
- C:\Users\Admin\AppData\Local\Temp\is-H8OMM.tmp\ThunderSoft Flash to Video Converter 5.2.0.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-H8OMM.tmp\ThunderSoft Flash to Video Converter 5.2.0.tmp" /SL5="$5023E,17046573,67072,C:\Users\Admin\AppData\Local\Temp\ThunderSoft Flash to Video Converter 5.2.0.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-H8OMM.tmp\ThunderSoft Flash to Video Converter 5.2.0.tmp

Filesize
913KB

MD5
30571cb5b76edfa481dc52346ec8526c

SHA1
0f1ac53282a6adf0388ef65f45a967447e65b685

SHA256
d2713609b5c74e889b38a4ee7853da7b5a0dc99cab6c7011d592661cb0697212

SHA512
f690066f6526398c80b17c0e2d572a8b6e1a7d3e56279f5b23b72a030808bfae9dd756667e557aeb6313459e9c10836214acfda19de1aaf209bd92bf49be215c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N95G9.tmp\ISTask.dll

Filesize
66KB

MD5
86a1311d51c00b278cb7f27796ea442e

SHA1
ac08ac9d08f8f5380e2a9a65f4117862aa861a19

SHA256
e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d

SHA512
129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N95G9.tmp\VclStylesInno.dll

Filesize
1.0MB

MD5
741f415de0d8f28cdb265e819b1a87f6

SHA1
99889d25ef796178e74b4d9cee4560fff3603d3d

SHA256
e02c1dcf16f6d6754013772735f6de7958112bee7f4e6161f39c456eab1b2692

SHA512
dff52964ff38789a685f182690c47a5507d29208ca4e78c9ef64209fb150673adde1f3ff383094c02d6e7a087840f731797e44e6774c7c9a312ea054d5742ae1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N95G9.tmp\VclStylesInno.dll

Filesize
960KB

MD5
b4298cd122707f31973ee1c9ad72bca5

SHA1
ad28c4b269f2894c8ef2c2be1ca386a9cec8d87a

SHA256
4f3ee54af5164033866bfbfe2156436856df7e943724564e64ecd3c544f42228

SHA512
fbfc6ba579300eb3e4f42b474843c508c1c8242407f20a7bd35caa4f7b8ed0bc97f36edbb307ed8142b28445fe57cc0f37b4e376f785f45e8b4d5b84fa56e1ab

Download Submit
memory/716-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/716-2-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/716-98-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1180-51-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-56-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-54-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-25-0x0000000007200000-0x0000000007201000-memory.dmp

Filesize
4KB

Download
memory/1180-26-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-27-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-28-0x0000000007210000-0x0000000007211000-memory.dmp

Filesize
4KB

Download
memory/1180-29-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-30-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-31-0x0000000007220000-0x0000000007221000-memory.dmp

Filesize
4KB

Download
memory/1180-32-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-33-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-34-0x0000000007230000-0x0000000007231000-memory.dmp

Filesize
4KB

Download
memory/1180-35-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-36-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-37-0x0000000007240000-0x0000000007241000-memory.dmp

Filesize
4KB

Download
memory/1180-38-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-39-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-41-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-40-0x0000000007250000-0x0000000007251000-memory.dmp

Filesize
4KB

Download
memory/1180-42-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-43-0x0000000007260000-0x0000000007261000-memory.dmp

Filesize
4KB

Download
memory/1180-44-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-45-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-46-0x0000000007270000-0x0000000007271000-memory.dmp

Filesize
4KB

Download
memory/1180-47-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-48-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-49-0x0000000007280000-0x0000000007281000-memory.dmp

Filesize
4KB

Download
memory/1180-50-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-6-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/1180-52-0x0000000007290000-0x0000000007291000-memory.dmp

Filesize
4KB

Download
memory/1180-53-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-23-0x0000000006DA0000-0x00000000070BA000-memory.dmp

Filesize
3.1MB

Download
memory/1180-17-0x0000000006B80000-0x0000000006B96000-memory.dmp

Filesize
88KB

Download
memory/1180-63-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-57-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-58-0x00000000072B0000-0x00000000072B1000-memory.dmp

Filesize
4KB

Download
memory/1180-59-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-60-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-61-0x00000000072C0000-0x00000000072C1000-memory.dmp

Filesize
4KB

Download
memory/1180-62-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-55-0x00000000072A0000-0x00000000072A1000-memory.dmp

Filesize
4KB

Download
memory/1180-64-0x00000000072D0000-0x00000000072D1000-memory.dmp

Filesize
4KB

Download
memory/1180-65-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-66-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-67-0x00000000072E0000-0x00000000072E1000-memory.dmp

Filesize
4KB

Download
memory/1180-68-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-69-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-70-0x00000000072F0000-0x00000000072F1000-memory.dmp

Filesize
4KB

Download
memory/1180-71-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-72-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-73-0x0000000007300000-0x0000000007301000-memory.dmp

Filesize
4KB

Download
memory/1180-74-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-75-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-76-0x0000000007310000-0x0000000007311000-memory.dmp

Filesize
4KB

Download
memory/1180-77-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-78-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-79-0x0000000007320000-0x0000000007321000-memory.dmp

Filesize
4KB

Download
memory/1180-80-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-81-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-82-0x0000000007330000-0x0000000007331000-memory.dmp

Filesize
4KB

Download
memory/1180-83-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-84-0x00000000070C0000-0x0000000007200000-memory.dmp

Filesize
1.2MB

Download
memory/1180-87-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/1180-99-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/1180-100-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download