Overview

overview

7

Static

static

3

HandBrake-...UI.exe

windows10-2004-x64

5

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

HandBrake.Worker.exe

windows10-2004-x64

1

HandBrake.exe

windows10-2004-x64

7

hb.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    590s
  • max time network
    488s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-05-2024 21:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HandBrake.exe

  • Size

    35.6MB

  • MD5

    ee3cbf592c24b1bf04d906ded5c7d1a9

  • SHA1

    1931bdd5d120635c357b3000dff08ec9110ce1e3

  • SHA256

    ee818fe194c29f1f31d6edffeb8256405618dab251f3765bbbacfb91ea666336

  • SHA512

    97b52abf6cab8540bb7e6467eddaf02199c34fb40eb561ee022e626f9976e9a6d5b1006d053f2f1234c4a8760d686a6dfece1c5fd25483ff2d67bae43e38d8ac

  • SSDEEP

    196608:cGSU8sdauO4miemcjYXCe5njhhKt39VxwgTluwKqVWyAAh:1SybLnJX/9jhhKtNDwgTluwKo5

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HandBrake.exe
    "C:\Users\Admin\AppData\Local\Temp\HandBrake.exe"
    1⤵
    • Checks computer location settings
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2152

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\HandBrake\settings.json
    Filesize

    738B

    MD5

    96b0fc2d81b2ae22ae594b5ee4741d20

    SHA1

    132eea92564cd698ab04762bc082a74d7edfbb59

    SHA256

    2917a52fd698e5f581fab42864ca689940bcf88500012deee53f0da2840c46a6

    SHA512

    63f0e7dd5a1b0de21e3d66ff5a44d1c343d5695fd1bf36fa20cfc3a23d0b63a4fc2a0108f93cd670a6f0c801ecfb58c5f17c11e6022a498ca2209b45cd9f9d3d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\HandBrake\settings.json
    Filesize

    1KB

    MD5

    8f8151a716966f32359f7bb817752506

    SHA1

    e2dba7c8eb2c36ae961b93978db114458840384b

    SHA256

    713d7d9da0ea0a341db00f07122e9d84a43f6772cce369a876ced4f9cc924d13

    SHA512

    b9e5462a6f5a18dbe0415c105964a2c28f72cf9dfafa0bb0b6d73cb07433e8df9bf24330f51974a6da5113d14582c90a4c3f32db4df3d911db87a20ac16e909f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\HandBrake\settings.json
    Filesize

    2KB

    MD5

    063d0db1c826db64c3be43076716a337

    SHA1

    5a85005122be24d89eee7d2bf6b6bbadfce97374

    SHA256

    4c4e4a1c00fb81bea1ee4600096d263d1388565ae7d5d3b6b2c6d16a066f4a21

    SHA512

    cdbdaef0e89e8bd8941eab7407f5edfc9a766e373a79f1bcc5d254dac75be8c7c26fb609e534f55c64753285ebfb549e7b5f7e6ef2f926f7f7afeb9a05a7fb57

    Download Submit

  • C:\Users\Admin\AppData\Roaming\HandBrake\settings.json
    Filesize

    2KB

    MD5

    e0bce32dc57ae8e70a0fce87e117608b

    SHA1

    3bf77ba7020ae7cc223d8323ffce67c8d6fe022a

    SHA256

    4973318738366f182ba3e97d0c63d39e2e938e5111d655c9e7da021e6b947bfa

    SHA512

    5bfda5d4c6ce03daa1f80ddce48c38ae494bde33a04ea58a52bdbbfcb92e7be9e93de7b3e9a378df706a0537184fc60eddcf068bf094811d20a672fb067b1353

    Download Submit

  • memory/2152-13-0x0000021CE8AD0000-0x0000021CE8B2A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/2152-89-0x0000021CEB720000-0x0000021CEB7EE000-memory.dmp

    Filesize

    824KB

    Download

  • memory/2152-16-0x0000021CC8590000-0x0000021CC859D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2152-0-0x00007FFE2B47B000-0x00007FFE2B47C000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2152-7-0x0000021CE8B40000-0x0000021CE8C12000-memory.dmp

    Filesize

    840KB

    Download

  • memory/2152-4-0x0000021CEACC0000-0x0000021CEB100000-memory.dmp

    Filesize

    4.2MB

    Download

  • memory/2152-1-0x0000000180000000-0x00000001802B4000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2152-10-0x0000021CC8540000-0x0000021CC8583000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2152-92-0x0000021CEBDF0000-0x0000021CEBE43000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2152-96-0x0000021CC8440000-0x0000021CC8493000-memory.dmp

    Filesize

    332KB

    Download

  • memory/2152-99-0x0000021CEC040000-0x0000021CEC0C8000-memory.dmp

    Filesize

    544KB

    Download

  • memory/2152-103-0x0000021CEBE50000-0x0000021CEC036000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2152-102-0x00007FFE1CAE0000-0x00007FFE224A9000-memory.dmp

    Filesize

    89.8MB

    Download

  • memory/2152-106-0x00007FFE2B47B000-0x00007FFE2B47C000-memory.dmp

    Filesize

    4KB

    Download