8fdc9cc3e13b782f2c8e1bab4d04fccce7f2780b4cc7c933cbf720cd8df0bb25

Analysis

max time kernel
136s
max time network
147s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
19/04/2024, 19:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OpenShot-v3.1.1-x86_64.exe
Size

188.3MB
MD5

0e04b074498775335e6be5ec6f6466a0
SHA1

4bdfe5c520c941277e89530940fc267cc5689daa
SHA256

8fdc9cc3e13b782f2c8e1bab4d04fccce7f2780b4cc7c933cbf720cd8df0bb25
SHA512

b91ab1d3e8ab361246329cb1c2296647d81dd828e845139fb4861e4fe51583d72ac33ead9dd5344d4131e22afa86b48662d0127a9c42acc3cc5d63119e54901a
SSDEEP

3145728:m0RjPuUa3o4Q7SKJw3ORgtz8UmoUfJRRdi+yhptmMIW6NiCLlIbCEMzsi07WseAY:mAPJvSR3tVDUDHivtmMIxsCzsi0739b

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3192	OpenShot-v3.1.1-x86_64.tmp

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\OpenShot Video Editor\emojis\color\svg\is-H5T5P.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-3KRU6.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\emojis\color\svg\is-7AD0Q.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-EAUBD.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-54DE3.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\emojis\color\svg\is-1UV2E.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-9S1IE.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-90GGM.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-KUNUM.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-RIOQV.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-3GNCM.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\emojis\color\svg\is-2J464.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-V5PJV.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-THTDQ.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-KP8B8.tmp	OpenShot-v3.1.1-x86_64.tmp
File opened for modification	C:\Program Files\OpenShot Video Editor\lib\PyQt5\Qt5Sensors.dll	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\emojis\color\svg\is-E2EHP.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\emojis\color\svg\is-KT3EH.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\emojis\color\svg\is-DGD47.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-INI61.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-HVHKG.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-TAQ87.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-R3OAF.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-JU7SH.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-UC4VG.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-2MBDI.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\emojis\color\svg\is-LR7H5.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\emojis\color\svg\is-33HE9.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-MS4VF.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-RKUBP.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-D9H56.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-52S50.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-CTVSK.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-P9MEE.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-U6DGT.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\emojis\color\svg\is-VQGFJ.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\emojis\color\svg\is-1DOS5.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-7CT5E.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-NA16E.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\effects\icons\is-H0LQE.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-DSUUU.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-DD1BS.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-6TJ0G.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-ABF6S.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-OONBB.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-26IMN.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-APRHN.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-6MAAR.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\emojis\color\svg\is-NF4NN.tmp	OpenShot-v3.1.1-x86_64.tmp
File opened for modification	C:\Program Files\OpenShot Video Editor\lib\zmq\backend\cython\_device-cpython-38.dll	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-LNF4G.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\emojis\color\svg\is-DDD2Q.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\emojis\color\svg\is-FP7KH.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-DHPAE.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-OVO9R.tmp	OpenShot-v3.1.1-x86_64.tmp
File opened for modification	C:\Program Files\OpenShot Video Editor\lib\PyQt5\Qt5Quick3DUtils.dll	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\blender\icons\is-1ESRA.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\emojis\color\svg\is-67S0E.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\emojis\color\svg\is-P52OE.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-BKQRA.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-EHVFB.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-M6IVU.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\images\cache\is-RIDA9.tmp	OpenShot-v3.1.1-x86_64.tmp
File created	C:\Program Files\OpenShot Video Editor\emojis\color\svg\is-7HDKJ.tmp	OpenShot-v3.1.1-x86_64.tmp

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3192	OpenShot-v3.1.1-x86_64.tmp
3192	OpenShot-v3.1.1-x86_64.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3192	OpenShot-v3.1.1-x86_64.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4524 wrote to memory of 3192	4524	OpenShot-v3.1.1-x86_64.exe	74
PID 4524 wrote to memory of 3192	4524	OpenShot-v3.1.1-x86_64.exe	74
PID 4524 wrote to memory of 3192	4524	OpenShot-v3.1.1-x86_64.exe	74

C:\Users\Admin\AppData\Local\Temp\OpenShot-v3.1.1-x86_64.exe
"C:\Users\Admin\AppData\Local\Temp\OpenShot-v3.1.1-x86_64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4524
- C:\Users\Admin\AppData\Local\Temp\is-4U2HL.tmp\OpenShot-v3.1.1-x86_64.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-4U2HL.tmp\OpenShot-v3.1.1-x86_64.tmp" /SL5="$901EC,195989626,994304,C:\Users\Admin\AppData\Local\Temp\OpenShot-v3.1.1-x86_64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:3192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\OpenShot Video Editor\images\cache\is-7LP8L.tmp

Filesize
3KB

MD5
496c96bd5f719cb3bf1c409ac651e528

SHA1
b0001a0191e1b7286939eada2b4d676425a912e4

SHA256
6d4b5fc59bf2b7d34155cb98efa24901c3819846fff125305859b48653f9e317

SHA512
37a5c9488ca22a0b0f8ab5bd9cf3626e9c99df0ca0e186d42f9a053f476e103c0002b49e70bdcfb78ce5e6c1e7690133281ddeacf7ad9b1c161fd2d7bd5a7737

Download Submit
C:\Program Files\OpenShot Video Editor\images\cache\is-CJ1FL.tmp

Filesize
5KB

MD5
f36f78ef02ae2f1b270d006c8b5b3455

SHA1
0cc9b6a405d787191e74ab3d1c477c30f73dfcdd

SHA256
d4b0eac63de6ba08ad5c1cda752ffb675e0dfd2b86617509da0447ad3c186820

SHA512
397a06143cf659d8ca77b7a4a7466f98d18375706281c2c25b24bcdd47bb99ba10cdf9796504f76feab8ee55efbbc7901800b9b30275c432e98d98787313b9fc

Download Submit
C:\Program Files\OpenShot Video Editor\images\cache\is-F97ND.tmp

Filesize
2KB

MD5
d0a225c8dba29311326cef4863be8ec3

SHA1
0b97497fe7cd52c95c6dd167bc944f562fab0b98

SHA256
6c4c8305adda7c581486c92f05d469d12884ed9ed2d15c9e414f063486313517

SHA512
53cbfdb79e0ef8a5e8a3514455a658e1d0fdae7093c6f635d7b3be55270980ba122979872ce954070d7768001f7642de35f3f5e4aaaf3bd419c24851b6ef1716

Download Submit
C:\Program Files\OpenShot Video Editor\images\cache\is-P69KU.tmp

Filesize
713B

MD5
73d225c9ef507c4ffb7f311ce6cd8dde

SHA1
56dfeeabf96f074641d519ec93179a61d696fab7

SHA256
ed021f037e74645c7751ae67ad0be40051d98f4e96e1e6031218d9ef6c16efb4

SHA512
98efb2b096cc234e40edab4e586e2bcdb39e3989cd0b458cd6a32e70b14219bd6f44f9fa13b26a8868a6f9fa97deb144a5409dd83416a648c4d1bb595679c4b5

Download Submit
C:\Program Files\OpenShot Video Editor\images\cache\is-SC64T.tmp

Filesize
2KB

MD5
7fd022d1370ac250b517b7dd0e789ce4

SHA1
1a3ba2db2a0ca67a3bb069a09b5505b5da3b22da

SHA256
b0673b2357a07738795941eb1f5e165ebee327c79468f30f49f0912ce7cf6d8c

SHA512
e9df33568b8fc41b25232a0c39bb1fb44d9cb17e1a01df79cb326895b284504e4f7e3c6b2c8043833b155eec123f972a0231a8b8bd0ef15165fb843fcc6eb614

Download Submit
C:\Program Files\OpenShot Video Editor\images\cache\is-VPA19.tmp

Filesize
1KB

MD5
79923367c9f462ede447b5f1db9e93a6

SHA1
b87cadcaecbea6c6909652e98d78ba13419effc5

SHA256
21f906c5dd2ff3af45c1365d2964066f54908b3508877704af16d45a6999116b

SHA512
9ddbac133e323c246f332d0e590abfa00ec9f2dd43af704aff0619dcbc062c6ce648c3dbb5738c198231dd42320213e05651089fd5e3ab7933d4e1c3093b7b6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4U2HL.tmp\OpenShot-v3.1.1-x86_64.tmp

Filesize
2.7MB

MD5
9d9e1ba85c679259e1db65a5dd93c87e

SHA1
b3e6bf2d921b917d223f91f5b78d1454f40ed655

SHA256
3349a54bd56a19ed6149f6791fd498bba6e2fa0d89484affc970aed9322da1a6

SHA512
662c17ba04c652687459f5b07bc292f09c71d25efefd54376cde67fb1274cf88f1750fe01e868672fc2945d4b8dba374f3813027c939386e0aa5c59415587566

Download Submit
memory/3192-400-0x0000000000400000-0x00000000006BB000-memory.dmp

Filesize
2.7MB

Download
memory/3192-11-0x0000000000710000-0x0000000000711000-memory.dmp

Filesize
4KB

Download
memory/3192-7-0x0000000000400000-0x00000000006BB000-memory.dmp

Filesize
2.7MB

Download
memory/3192-19-0x0000000000400000-0x00000000006BB000-memory.dmp

Filesize
2.7MB

Download
memory/3192-6932-0x0000000000400000-0x00000000006BB000-memory.dmp

Filesize
2.7MB

Download
memory/3192-5-0x0000000000710000-0x0000000000711000-memory.dmp

Filesize
4KB

Download
memory/3192-13-0x0000000000400000-0x00000000006BB000-memory.dmp

Filesize
2.7MB

Download
memory/3192-9588-0x0000000000400000-0x00000000006BB000-memory.dmp

Filesize
2.7MB

Download
memory/3192-14377-0x0000000000400000-0x00000000006BB000-memory.dmp

Filesize
2.7MB

Download
memory/3192-14379-0x0000000000400000-0x00000000006BB000-memory.dmp

Filesize
2.7MB

Download
memory/4524-0-0x0000000000400000-0x0000000000500000-memory.dmp

Filesize
1024KB

Download
memory/4524-6-0x0000000000400000-0x0000000000500000-memory.dmp

Filesize
1024KB

Download
memory/4524-14380-0x0000000000400000-0x0000000000500000-memory.dmp

Filesize
1024KB

Download