Overview

overview

4

Static

static

1

drfone_set...99.exe

windows7-x64

4

drfone_set...99.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2024, 19:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    drfone_setup_full3399.exe

  • Size

    2.4MB

  • MD5

    b0378a2362f896a18dea96cfb3f69576

  • SHA1

    75305b372597eec67ce0e7e06682e8f32123ca3f

  • SHA256

    4b12c0bdd99b709a9d64b049a77c8c20decaea52ea3b0492c68a4aa96fa7a9db

  • SHA512

    439ad92e737b1c1de945fb4212239ba78360c0da55fe50508dc1cb51e10c03b00e2b0dc75f15664b801401dc22f0346425da9b085d0345c1f491b329c15955e2

  • SSDEEP

    49152:rvSzkJnOyQpABa+VsNbwzPZTAY+6Y0fxfNrB0f0uzkfh:rqzkbkbhwzT+b0fxfNrV

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Modifies Control Panel 1 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\drfone_setup_full3399.exe
    "C:\Users\Admin\AppData\Local\Temp\drfone_setup_full3399.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Control Panel
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1980
    • C:\Users\Public\Documents\Wondershare\NFWCHK.exe
      C:\Users\Public\Documents\Wondershare\NFWCHK.exe
      2⤵
      • Executes dropped EXE
      PID:2484

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    1KB

    MD5

    0ac91c13dcb2b1350abf95953dabe099

    SHA1

    c9681d444b73de4011ba1d65f4f0c5a270c65465

    SHA256

    8cf12cef59f19efdcadd83e78b3546a3c1c0223da88d0e7f3f2eaba34be20a45

    SHA512

    dd903c8026f2e1fb4177ae49ed0294520b6b8ebba4af690ab695d7e6d53c135aa1ce5035f1ff8c5f9f8661e6e5d085f19de37426e1cf8121907648dd9d86b527

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    4KB

    MD5

    4512dab6a6ca1d9d6adc322b3d7692dc

    SHA1

    8ce60b65c3c8db645cf43c1ba3deb4cbe4de70f7

    SHA256

    6b73fa53b6d7d945621041bd4aa7481d3b3792502553ce818f58be7e07e13557

    SHA512

    21385e5ddb46cc185d60efa41416fcac2ef1109cb385d38febb7f678daa1c4ea76df388f449a9b27b0d301fbd19c769d01573f450e6524e9db37b28570e775fa

    Download Submit

  • C:\Users\Public\Documents\Wondershare\NFWCHK.exe.config
    Filesize

    223B

    MD5

    5babf2a106c883a8e216f768db99ad51

    SHA1

    f39e84a226dbf563ba983c6f352e68d561523c8e

    SHA256

    9e676a617eb0d0535ac05a67c0ae0c0e12d4e998ab55ac786a031bfc25e28300

    SHA512

    d4596b0aafe03673083eef12f01413b139940269255d10256cf535853225348752499325a5def803fa1189e639f4a2966a0fbb18e32fe8d27e11c81c9e19a0bb

    Download Submit

  • \Users\Public\Documents\Wondershare\NFWCHK.exe
    Filesize

    7KB

    MD5

    27cfb3990872caa5930fa69d57aefe7b

    SHA1

    5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

    SHA256

    43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

    SHA512

    a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

    Download Submit