fc51aa662126e720bafab907b75294da6a73458ada4b5260468dad4cb8173691

Resubmissions

11/06/2024, 19:30

240611-x7y18sydlf 7

11/06/2024, 19:26

240611-x5srfaycmb 7

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/06/2024, 19:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MovaviVideoConverterSetupF_Waiydjd_.exe
Size

4.9MB
MD5

6a609b304936946690a18fb199408ad1
SHA1

f9f82ee1be0cec184af8986db23fcd30cfb4872b
SHA256

fc51aa662126e720bafab907b75294da6a73458ada4b5260468dad4cb8173691
SHA512

0fab962d1238f337365249ec4fb26712fa7d25f8808bda7bf44e53d19389bf3b7560580c1e365c7aded1dff82fe5ac025d6e14c491346f9acb8095bb70b2abbf
SSDEEP

98304:R5vYx2QfQ4yFtA366WV3jdxP1PsmeNRDJkQMPE3:Rix2QfbItA366g3ZjbURmQMPE

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3040	installer.exe

Loads dropped DLL 20 IoCs

pid	Process
3040	installer.exe
3040	installer.exe
3040	installer.exe
3040	installer.exe
3040	installer.exe
3040	installer.exe
3040	installer.exe
3040	installer.exe
3040	installer.exe
3040	installer.exe
3040	installer.exe
3040	installer.exe
3040	installer.exe
3040	installer.exe
3040	installer.exe
3040	installer.exe
3040	installer.exe
3040	installer.exe
3040	installer.exe
3040	installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 3040	2264	MovaviVideoConverterSetupF_Waiydjd_.exe	85
PID 2264 wrote to memory of 3040	2264	MovaviVideoConverterSetupF_Waiydjd_.exe	85

C:\Users\Admin\AppData\Local\Temp\MovaviVideoConverterSetupF_Waiydjd_.exe
"C:\Users\Admin\AppData\Local\Temp\MovaviVideoConverterSetupF_Waiydjd_.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Users\Admin\AppData\Local\Temp\Movavi-installer-2a058818-fdd3-4f36-bc54-d96643bac3d2\installer.exe
  C:\Users\Admin\AppData\Local\Temp\Movavi-installer-2a058818-fdd3-4f36-bc54-d96643bac3d2\installer.exe "--distrib-name=C:\Users\Admin\AppData\Local\Temp\MovaviVideoConverterSetupF_Waiydjd_.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-2a058818-fdd3-4f36-bc54-d96643bac3d2\FndAppLocations.dll

Filesize
39KB

MD5
7c6ffb7ab4bb41e3b1c5d1b512a94b3b

SHA1
eada7a9463b8610c32b908b7f8188dc95b6f154e

SHA256
5b8dfb4a7e76415d22297555a229b80e92371e230c4e308886cf6f3316b301f7

SHA512
886f5bb34b1c56c418bfd60930e55836aede6dbcce873ec88edf2a9acc69b7043c850467beaef46081fc32f2ffee40d550c1669e83c1edd1c6810145cedeec27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-2a058818-fdd3-4f36-bc54-d96643bac3d2\FndCrashHandler.dll

Filesize
485KB

MD5
b922b0b3bbb0a8be66a72a89df59bc17

SHA1
40d7d21f3b9c1094e30280945742dcce4bdd5f74

SHA256
ece382389cc3c22c16c0decde4db94cf207fd21a3341e93307fe5a9c84bbf6f4

SHA512
7ff5b2127d49bd518ff37351995ae13ba98a9ba54d6f053f2ca9a7892412a909e2a2c4d069e09c1e2ce29989d6e69d11d50e68cd416375fcaa3e77160c4a4e6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-2a058818-fdd3-4f36-bc54-d96643bac3d2\FndException.dll

Filesize
111KB

MD5
1a43ff924ab33f572b8b0cda2f018342

SHA1
1658cec0645e60676d0bd450147fa7efb23bf7c2

SHA256
29ea5ea242d09c57cd32309ef6688c46cef291674b86a0ecd2e3d667d3c93317

SHA512
8c6b9aa0c65b4da5a09db49d989f7d6fdc7caa851a57895fab44b6cb7ec3f65966d91a2c022acd42210562a509bb79dc7692444b9b46f543d4263f3fb1db9ec0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-2a058818-fdd3-4f36-bc54-d96643bac3d2\FndFilesystem.dll

Filesize
289KB

MD5
a58a5aa828b66da232c4b7fdbdd11ded

SHA1
6bbb4a6f37c557d36be961fad0bf1498bc6e6d37

SHA256
e5c3a12f6e2e17efe7bc3c6a3902b421dace99bbd18c8bdb8931ae0dcd461664

SHA512
77afda9778788cc13d577a4eacffa1b164aa9f3443dfc333e7d86e29eb39c89f2b9c1f8e79e8314fb7e41f6589a387fe0c74fe18d5e6ae9f363878f549b74fa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-2a058818-fdd3-4f36-bc54-d96643bac3d2\FndHash.dll

Filesize
90KB

MD5
ca9e771e207878f191a13200577380e7

SHA1
b45ab49abc01197070f1536c9b2dc50de2547a47

SHA256
a69f509557fe37ead0a2a7fd4d0805f8be498842074bc846dbd72daaed877fc1

SHA512
9772577775599ae1ff09548aefddf864690e79fb99624237983646f6ac40772edb9db820906149a0250d7a12a9992b0ddc1226860026af8de7dd85307b6b196b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-2a058818-fdd3-4f36-bc54-d96643bac3d2\FndNetworking.dll

Filesize
3.9MB

MD5
e47d121af76b56a5a40086aafbd6af12

SHA1
7cdec2f4a6c3d93d62621ba34bbfbfc953ac43af

SHA256
1955de75384fb4905de4573617cd7289b9a639a5f3fc7c82a3649b6f511e8c60

SHA512
c84b616cb3deae883e504ca0d4f6a97f6d66f855ae2b1a55474bfdac9bc87e6c5b0a824c23473791186798d3ae64a435a462d762b5d14bda5d151a67d111b812

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-2a058818-fdd3-4f36-bc54-d96643bac3d2\FndOS.dll

Filesize
177KB

MD5
965b682dbdb6ee9cf1ca98ae7dfc8899

SHA1
b52cc23ba8b662289807bc742491f0d4dfc0a5be

SHA256
f331601772740676aff8ee6680c36533221c42ab4e96007758589c4315686ceb

SHA512
d8fa15cee155d1ec592d44860b3888a0bb5072392fcf2462d24866d1458c8e7083837b00eedc2df72f85805fe177204fbf6d63dfed3da06440bb70a5dfe0f959

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-2a058818-fdd3-4f36-bc54-d96643bac3d2\FndPointer.dll

Filesize
24KB

MD5
776dd4b0563958557e9d9f613f686fc2

SHA1
65df9882c2eb15aabc7e74315f03d7d963e9b7a9

SHA256
f9c38cfb5056020b56e845c810bb60fbe134e482ae7161947d7620fc7bcbca2c

SHA512
739aec8a6f3b17fec522cdaa2f66c5c66d168bc26caa4de3a9ae662dce3bf500ff2a4c384d7b4749af766f2a48b1bb060d4de8b48181dd4d4dabbe84bd3c6758

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-2a058818-fdd3-4f36-bc54-d96643bac3d2\FndString.dll

Filesize
43KB

MD5
ba2b39e7a44ceb25c7c43e9a66ff6d29

SHA1
c2ec7647a44ea4e2693e3fc7cb21a9248d02af13

SHA256
69ea4556c681d9c9a7f6ec0a95aa4768789e7ed8da1b1fb69b1bf23b9f225dc2

SHA512
8b9604238b91919179a2ae4a496ce703625b4387a75463c0ff2f89f823ac1af9b08a184bc64fc1445f5ae52eab077fb2e00b1f94b0e5d6aa2822ff5750a7f397

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-2a058818-fdd3-4f36-bc54-d96643bac3d2\FndTime.dll

Filesize
63KB

MD5
81276566e7b184646f1039f97e024aa6

SHA1
0bf46b761a45883f2a33bd6905c4620a383bb3ad

SHA256
6cce42d8ff4f4014a6d4ee72acabee9288b7bbe657d151aa8c7127852b679621

SHA512
5506e7a37f2fb420f6ea8962e7a8a3845c04b7daed4e77f3d254a623475922240aefcbaa0b22c596bb210e2158f7f91ed6e50088f2fd8ed9625f4e8496485ec3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-2a058818-fdd3-4f36-bc54-d96643bac3d2\FndVersion.dll

Filesize
66KB

MD5
a94b00e249dcc4981539230562f68664

SHA1
e22f240c6d13c666db857589017c63cf67e1921d

SHA256
f039ba4041efc7729e5e3a0cd8e838eb3f3812ed72a281323ca74a1dc40cf6af

SHA512
25c6dcd15a5d1babe10e98845c23fe37e62ac06f907d7ab3cf511eba2d0a9b956b885ea4a2d1511062a2b480c4d9be2719579624eb5f652f9e7c4166e6d53c3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-2a058818-fdd3-4f36-bc54-d96643bac3d2\VCRUNTIME140_1.dll

Filesize
36KB

MD5
d8d1a08176ba2542c58669c1c04da1b7

SHA1
e0d0059baf23fb5e1d2dadedc12e2f53c930256d

SHA256
26c29d01df73a8e35d32e430c892d925abb6e4ad62d3630ae42b69daacba1a0d

SHA512
5308790fbcf6348e87e7d5b9235ed66942527326f7ba556c910d68d94617bdd247a4ed540b4b9f8d4e73d15cf4a7204c0a57d4fd348ec26e53f39b91be8617fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-2a058818-fdd3-4f36-bc54-d96643bac3d2\WebUid.dll

Filesize
3.4MB

MD5
af34e1143b5705ffa14db4586300bf59

SHA1
949897267703de78080dac5e7d40bde5bc27f4ac

SHA256
8c85dcdf098ec1c2bdf8dd3f21314a37e4277245462d303e1ac2b2fe09fe6c4c

SHA512
02178baf6e4c8dd8c817d6c615a32ae5503571b824fe44fe136804d6801b0e24b5af1b015c188b7311e8ca29a034419511237e622c6893f3a80a2aaa2ec2804e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-2a058818-fdd3-4f36-bc54-d96643bac3d2\boost_filesystem-mt-x64.dll

Filesize
149KB

MD5
637295ea72ff3d061c3d28876dc07c4e

SHA1
ce849ec0dd84ad2d2457ddba1cec314eb5729bce

SHA256
a93c88163a53734c64ffe264df5ff2a6417d297d723c9055a7b9cd69bd48641c

SHA512
0ba7cc6b5b430017d1d12169c43865d7f388b4cfd642a3195b007c1779ee567c327e5e52630d005c0a6fad8c07e2a2a0b4055e807795cadb1ef3cb1ae464fa83

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-2a058818-fdd3-4f36-bc54-d96643bac3d2\cpr.dll

Filesize
2.9MB

MD5
adc27e13f85749787f277835d7347964

SHA1
337bec9a0f7fe599dd664d20e0e2e62a27274017

SHA256
3bc5eae91f061e05caf469ac3ce333cba19b4f29a5225c1a257bb30440b18316

SHA512
4c287fcbe2ff1abd9755235a2d73f053b98641611097536a5a48cb7541b0b9e37dcd6c3dfda7dbfe0f8c5110bea603aa10ba44378ac63399d760f416863d2749

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-2a058818-fdd3-4f36-bc54-d96643bac3d2\glog.dll

Filesize
135KB

MD5
f05e289b6681637a0873d04e82b3a3fa

SHA1
97ec307cf6b6e2a25c2786ddfe6cf87e92c25da1

SHA256
b8ed47e7493d2015f5db385671e443bf3fcafec02191a858bcae261ae4ec7b20

SHA512
dfe563c6e822f2072b2e0c000c0a1719ce7e260c2bcdf91d90eb8df249ac48b69cf7e3b3ca158aac066b58963c7f944f72009486abb365d974bc3fd5cf32462c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-2a058818-fdd3-4f36-bc54-d96643bac3d2\installer.exe

Filesize
4.2MB

MD5
5e0553996135c9a5ebd3d62df375fb49

SHA1
fee28f6e3227b8b8a3a4c7697d52dc3655ec7662

SHA256
a510e7a8646bf8af6cedb43f2ef67253b0e6c40cd8fa50c62fcd7fde66c428fb

SHA512
c4ea12f2afb793d02f6488f9256e5ee8f8514a7c5637338d476177fa1049a68a68bcb81e6a1b188df4c6d71656eb703f34f4994790a53c75cf022b3292b59a96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-2a058818-fdd3-4f36-bc54-d96643bac3d2\msvcp140.dll

Filesize
552KB

MD5
29c6c243cfb1cec96b4a1008274f9600

SHA1
c54b10ef6305cc3814c68e6c8fd6daecbb27622a

SHA256
44a5af24f8d5f9c50a9e5a200a0486100afb6a0e86377e2e3e622a7bbb57cb04

SHA512
39c34554ea7b6d433c2aecfdeff87959e625e943bf7a446ebca8e5878eaf24198c1b188359a0343fb78478f2bc8b986ca4d0e69d39bac6ff80cb901fe4f113ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-2a058818-fdd3-4f36-bc54-d96643bac3d2\vcruntime140.dll

Filesize
94KB

MD5
02794a29811ba0a78e9687a0010c37ce

SHA1
97b5701d18bd5e25537851614099e2ffce25d6d8

SHA256
1729421a22585823493d5a125cd43a470889b952a2422f48a7bc8193f5c23b0f

SHA512
caf2a478e9c78c8e93dd2288ed98a9261fcf2b7e807df84f2e4d76f8130c2e503eb2470c947a678ac63e59d7d54f74e80e743d635428aa874ec2d06df68d0272

Download Submit