58f945791eebe55a53946b6d90ee91ca14e962b0ec2cbd8e6fe9d7d76f806665

Analysis

max time kernel
164s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 21:58

Target

DVDStyler-1.8.4.1-win32.exe
Size

9.5MB
MD5

79f46030ea1303f370ebec179667615a
SHA1

35f6b9efd4ddccab295d101d587e56de0144404f
SHA256

3d2ee2c81be8439ce8ae9b29f5b622bf6ddb9616dd2ed1afd3826e454a590652
SHA512

c7c92e8901422ea931bb560461cfb7fc3a41200426e28b9765cd60a96651987debc8b84c828a5cc74ea97b3852cb9d8db3a908fb090cb8e631938208a1c3920f
SSDEEP

196608:iAzv1XSb9RJGIQ6lRbu1mYLh0ztiEjh96m3OchPNQSbvJS5:r1XURJlTCWjr6ivpNQca

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3928	DVDStyler-1.8.4.1-win32.tmp

Loads dropped DLL 2 IoCs

pid	Process
3928	DVDStyler-1.8.4.1-win32.tmp
524	RunDll32.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4656 wrote to memory of 3928	4656	DVDStyler-1.8.4.1-win32.exe	90
PID 4656 wrote to memory of 3928	4656	DVDStyler-1.8.4.1-win32.exe	90
PID 4656 wrote to memory of 3928	4656	DVDStyler-1.8.4.1-win32.exe	90
PID 3928 wrote to memory of 524	3928	DVDStyler-1.8.4.1-win32.tmp	91
PID 3928 wrote to memory of 524	3928	DVDStyler-1.8.4.1-win32.tmp	91
PID 3928 wrote to memory of 524	3928	DVDStyler-1.8.4.1-win32.tmp	91

C:\Users\Admin\AppData\Local\Temp\DVDStyler-1.8.4.1-win32.exe
"C:\Users\Admin\AppData\Local\Temp\DVDStyler-1.8.4.1-win32.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4656
- C:\Users\Admin\AppData\Local\Temp\is-HQJO8.tmp\DVDStyler-1.8.4.1-win32.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-HQJO8.tmp\DVDStyler-1.8.4.1-win32.tmp" /SL5="$301EE,9479119,140800,C:\Users\Admin\AppData\Local\Temp\DVDStyler-1.8.4.1-win32.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3928
- - C:\Windows\SysWOW64\RunDll32.exe
    RunDll32.exe "C:\Users\Admin\AppData\Local\Temp\is-ECCKV.tmp\OCSetupHlp.dll",_OCPRD547RunOpenCandyDLL@16 3928
    3⤵
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:524

C:\Users\Admin\AppData\Local\Temp\is-ECCKV.tmp\OCSetupHlp.dll

Filesize
750KB

MD5
99fd37e0fe1c15716ea1c350ef166137

SHA1
2bb9322ed67aa620a17cad9543845a473b243102

SHA256
5e1bb105be9bad56fe69c5789b653e69bc33642bb6e146a23f5f9f033395946d

SHA512
60168f873ef3b44bac9f13d9c9e5b73d260bd94c6ba5bb7f93ceb674ec3876b33afa7afa9b5600eba28e2353e024e44189242d0760d75a6d71306edda47e82ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HQJO8.tmp\DVDStyler-1.8.4.1-win32.tmp

Filesize
1.1MB

MD5
394289faec0a43faea574588cb367018

SHA1
b02982a816782c3c16ad5a321dce0a79cab124a2

SHA256
89c8d27247ff86f189ebba01e27c47daa184a04c5f002130f9d336ca80d71202

SHA512
e99977ed9b3ea6607d347fe3e339cff40e70166db6a93443046cb7e0bc2a6f7c598503a55030f7d9ae0e8ede8b706bb4bd682bbdadf215641247b96bae0d09f4

Download Submit
memory/524-18-0x0000000000EE0000-0x0000000000EE1000-memory.dmp

Filesize
4KB

Download
memory/524-24-0x0000000000EE0000-0x0000000000EE1000-memory.dmp

Filesize
4KB

Download
memory/3928-6-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/3928-20-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/3928-23-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4656-0-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/4656-19-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download