de0ebeb8ffd82d0540c948dc01780f9b8242a8f971beb83c0d0f0bad38467a30

Analysis

max time kernel
122s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 12:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Red Giant Magic Bullet Suite 2024.0 Win x64/Red Giant Magic Bullet Suite 2024.0 Win x64/Red Giant Ma.exe
Size

36.1MB
MD5

60abaff7aadffb7a6b794859dd39f8fd
SHA1

abec95384036d9d99d94d00c4c2b1db452afd9c9
SHA256

760560b03a07975649da6a74ca9cc46f5ce5b7c9d38b10f6daaa6fcefae77efb
SHA512

9b23560fa7be23c2d059365c953f354bbc9780f11eeca1c5924441019a964dfb631c388715371ef5a3a383d10f968591100482d8204f8c0e07526ebe68b82641
SSDEEP

786432:8rlCtr6sONLZTThFbSt9BP7RAGcstx0RIc/18WcvSPT1DRDPiKLo:BtrCfuxP721stx0RV/18h+1Za+o

Score

5^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation	Red Giant Ma.exe

Executes dropped EXE 1 IoCs

pid	Process
4592	Maxon App Installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4592	Maxon App Installer.exe
4592	Maxon App Installer.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4592	Maxon App Installer.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3912 wrote to memory of 4592	3912	Red Giant Ma.exe	86
PID 3912 wrote to memory of 4592	3912	Red Giant Ma.exe	86

C:\Users\Admin\AppData\Local\Temp\Red Giant Magic Bullet Suite 2024.0 Win x64\Red Giant Magic Bullet Suite 2024.0 Win x64\Red Giant Ma.exe
"C:\Users\Admin\AppData\Local\Temp\Red Giant Magic Bullet Suite 2024.0 Win x64\Red Giant Magic Bullet Suite 2024.0 Win x64\Red Giant Ma.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3912
- C:\Users\Admin\AppData\Local\Temp\7zS84F12077\Maxon App Installer.exe
  "C:\Users\Admin\AppData\Local\Temp\7zS84F12077\Maxon App Installer.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS84F12077\Maxon App Installer.exe

Filesize
2.7MB

MD5
3f2bd91f5599fc8fd1cde587a04043a1

SHA1
aadf112495df0f4943df7ff068eaa2c6d851cea9

SHA256
93b519d27ce74f48279c5a79e5854bc5b715bcb2da878fe84e2ac781e657faf4

SHA512
4353e462e5baa9a6e541df38e6d71976e71a1ec9d5def67b94d8f00a1436894bbcec146a0a065f81ef54f0c7159695049e52780e6a6856e4df71c50e452c85cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84F12077\packages\com.redgiant.app.zip

Filesize
7.6MB

MD5
eb7b62227fe7e580f45d8053482e03e0

SHA1
29108a3661e9d60d216b201f6015efb2faa06a06

SHA256
b8d5a92404144fd6a7cdc23dd8a43763a4d99101906daa1fd582d4047e6d4e0c

SHA512
dbc9896522f2ba976f5d35a82e4b146dc52c6c97dafc6cf2e9e54caaa808db0fc5604ebff849b69e906327b0790e1ac3d2cffa039e9a27f8076ee417ea051c61

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84F12077\packages\com.redgiant.rguninstaller.zip

Filesize
308KB

MD5
e4140afe17992f0ea15af49ce4d66ab4

SHA1
44f779594d6b14c44402b90369d269a95d7caead

SHA256
a790b38e30d6a95f90ee128123ac456d1e983992af468bb1bbbe448f15e73e97

SHA512
71bfa6b480cd5733b9c78d4372c8e5aa30caf9e6beac840396dcc8b4ad8874159570cef6703e56380dfd43344c98c19ef1e5b25d00a98aade72a83185dfa947f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84F12077\packages\com.redgiant.service.zip

Filesize
5.8MB

MD5
9106431ef779b6a7535bb6d7ffbed648

SHA1
30676650227027c8660f449af17914e206e23991

SHA256
9feac96364f1f620c9354a533a54f8b76852c3e2c40f14e3f1cd9806bb599462

SHA512
004692f533e7b81647b110fbef968e092108dccf0a31a14d449de3c648e782bc61808f5dc6d984f7db712d73d7f85b6d605859dfe19a5a0569557d98451f8293

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84F12077\packages\com.redgiant.vcredist-x64-2012.zip

Filesize
6.7MB

MD5
aeb14989912373ca03240f5a602698d3

SHA1
8a38a68263ad15b94e6c51bb2b6a6b395a7ea53c

SHA256
e731ced39949bea3631b4d765248051190f52140d1e9dcf50c3265406d71969d

SHA512
20bdd9add6fbc73e6b720d9f277862431d4d44e2a1d4b593e75ceb4d2294a7585ff846612ffccda0e9e49c6ee36f57979a79dcc348994c9c65f21f6e30872a7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84F12077\packages\com.redgiant.vcredist-x64-2019.zip

Filesize
14.0MB

MD5
fc8bb9bd7715fe146a04c058a72f3958

SHA1
7b770f0e63b86a67dd5cc78c3e9903b403cd18e4

SHA256
be75aec2f9bcadd75be44aa89069427f51fe2ddeb0374db6818fbb332fc65275

SHA512
628de889d581625ad76b9c545715615736f1f0e7e9ac6910d7e0c2d8fa5b979469ba8dee72248d1dcf02fda4a5565631d2863752066a21c9bc5ddd10b9aebf4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84F12077\packages\net.maxon.app.json

Filesize
354B

MD5
7a2a04830f74027c386c971c5bfe5bd1

SHA1
190d98f779d0cfa398e8fbb4e2b8f508da339553

SHA256
0d67cee1656cdf3789f4aae55f5a83b1acbb60c6668c86dcf4d83d9665bd260f

SHA512
ac2656624bd206e034d87fce090ef1a0a58ff21f6f56d12f99eed3f2b136a906bff7b0a4cb429391a2f0d2268949e415793db8c0367fd7b07fee9ddd9695077f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84F12077\packages\net.maxon.mxnotify.zip

Filesize
409KB

MD5
c0be78971c747d08c55e747296f407f1

SHA1
4f48e6c64cb532db1d18563298e23214eba7ea73

SHA256
e7c232c2dc3f2f62300adcd008ddf3936d155624bd2795d03a9adfd8aa84618e

SHA512
b55bf05bf9bba41b01cda4d7845a7a481dc0499f8ca8b951c7b2f3ee71bc8aceee6fcf917872a51e5dc0cadae888d3070884842cb17497189f69ae6049ba1a1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84F12077\packages\net.maxon.mxredirect.zip

Filesize
314KB

MD5
0b29f9c5f816c884b266079f7437fdc8

SHA1
581190c1a3f0b497e5d7e0a93c878e40342c947b

SHA256
5f60528ce0bd72496606c2f141b85998a876834fd17ad8dc039db47959913503

SHA512
9c71f408f42cb858771ccd5734362498903345afff103cb0512144f741b4e85b2b09586f5dfb363d02fb72356a23e8774d5d956ef8ee8b3b60acad904969add2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS84F12077\packages\net.maxon.neutrino.mswebview.installer.zip

Filesize
1.6MB

MD5
bd9922ec6c8389b55d8879dfb915c40f

SHA1
b4d77cde12d82833d5fcaa472be9293c7d05e1ef

SHA256
fab3b2ed7c4f6f67c1ec33a6c724e2f7e5ef2a7bc05cd9d3de50a2a1472bbb5a

SHA512
abc0bfe127325cf4b6093470c8450553a70bc66c03145029db7986d70e1e137904321c6b96934148a7c8f19e8e4f65acd3267a831a38c03ae80b2abd8c66f1cd

Download Submit