4b12c0bdd99b709a9d64b049a77c8c20decaea52ea3b0492c68a4aa96fa7a9db

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 19:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

drfone_setup_full3399.exe
Size

2.4MB
MD5

b0378a2362f896a18dea96cfb3f69576
SHA1

75305b372597eec67ce0e7e06682e8f32123ca3f
SHA256

4b12c0bdd99b709a9d64b049a77c8c20decaea52ea3b0492c68a4aa96fa7a9db
SHA512

439ad92e737b1c1de945fb4212239ba78360c0da55fe50508dc1cb51e10c03b00e2b0dc75f15664b801401dc22f0346425da9b085d0345c1f491b329c15955e2
SSDEEP

49152:rvSzkJnOyQpABa+VsNbwzPZTAY+6Y0fxfNrB0f0uzkfh:rqzkbkbhwzT+b0fxfNrV

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4848	NFWCHK.exe

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\Desktop\MuiCached	drfone_setup_full3399.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4324	drfone_setup_full3399.exe
4324	drfone_setup_full3399.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4324 wrote to memory of 4848	4324	drfone_setup_full3399.exe	89
PID 4324 wrote to memory of 4848	4324	drfone_setup_full3399.exe	89

C:\Users\Admin\AppData\Local\Temp\drfone_setup_full3399.exe
"C:\Users\Admin\AppData\Local\Temp\drfone_setup_full3399.exe"
1⤵
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4324
- C:\Users\Public\Documents\Wondershare\NFWCHK.exe
  C:\Users\Public\Documents\Wondershare\NFWCHK.exe
  2⤵
  - Executes dropped EXE
  PID:4848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Wondershare\WAE\wsWAE.log

Filesize
2KB

MD5
d775a0882a9c10ad2e6f17cd381f35c2

SHA1
956a1551875c78abe3f0085c0952d6e44d59dc00

SHA256
bea03418a6f7c60f00bdde56e5c783ea3daddba76947796b2085eec366206032

SHA512
2c11328ef48ec6a36882b96ab0b129df491fab01f3b949fb0edecbce57251e0e5a25e29aa2e507b87bb25e68a73fdaf778aecfa78684c21282e9eb4428bbb4d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Wondershare\WAE\wsWAE.log

Filesize
555B

MD5
537dc50ea7e337654018331324478c28

SHA1
7d36eec335a7b1b1dd2e81821b4013bfcf2dc2c2

SHA256
d3bc29c6687a2fd89c5fa3d6daab1139b06e6204dc3bf3c3f59584d20bdd9aec

SHA512
bab633c082efcfe4dddff926d865ef8ffefc52834c8c4e8ca3863c9ccf04886c8e0c9b3018b014602eb1e03a9b3f3139a1ddebac5b02b2d483e021ec1a662572

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsduilib.log

Filesize
5KB

MD5
2089fe3f063f72a0dc2452d67357321f

SHA1
bf26026e2253a087c6445646a65b8e280a910cf6

SHA256
b8d1d14000ebd10e805e92999099cc06b1855d7666fafcbbe73a7d79b8949ae0

SHA512
5a3d6d8fd241b759a8ce78539a782895e31da93768653b4ea91cf49089accc182ecef6e95a7fdac06e33928869f6bf359090df420d932e886dc563282d37b60c

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsduilib.log

Filesize
10KB

MD5
5e81daa9ee77dbdaff4344ee0fb539ec

SHA1
e029ba549ab4be1d15c96bf60f6c266187273e1a

SHA256
ffc381ad9d6e70dd5628f1d47d3619d18f136af106e9c6a12a76492573b67844

SHA512
a3cea24504ff2c53022ca3e3c18affc635e05d56888b3ffc80b59d92134ac4aaf5f52ec7ab97a75e51fc41bb6b752cba87025161227a40a870a7b8d19c1693b5

Download Submit
C:\Users\Public\Documents\Wondershare\NFWCHK.exe

Filesize
7KB

MD5
27cfb3990872caa5930fa69d57aefe7b

SHA1
5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

SHA256
43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

SHA512
a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

Download Submit
C:\Users\Public\Documents\Wondershare\NFWCHK.exe.config

Filesize
223B

MD5
5babf2a106c883a8e216f768db99ad51

SHA1
f39e84a226dbf563ba983c6f352e68d561523c8e

SHA256
9e676a617eb0d0535ac05a67c0ae0c0e12d4e998ab55ac786a031bfc25e28300

SHA512
d4596b0aafe03673083eef12f01413b139940269255d10256cf535853225348752499325a5def803fa1189e639f4a2966a0fbb18e32fe8d27e11c81c9e19a0bb

Download Submit
memory/4848-1140-0x00007FFDEE6E0000-0x00007FFDEF081000-memory.dmp

Filesize
9.6MB

Download
memory/4848-1143-0x000000001BB90000-0x000000001BBF2000-memory.dmp

Filesize
392KB

Download
memory/4848-1138-0x000000001B300000-0x000000001B320000-memory.dmp

Filesize
128KB

Download
memory/4848-1139-0x00007FFDEE6E0000-0x00007FFDEF081000-memory.dmp

Filesize
9.6MB

Download
memory/4848-1136-0x0000000000F40000-0x0000000000F64000-memory.dmp

Filesize
144KB

Download
memory/4848-1141-0x000000001B320000-0x000000001B62E000-memory.dmp

Filesize
3.1MB

Download
memory/4848-1142-0x000000001BAD0000-0x000000001BB19000-memory.dmp

Filesize
292KB

Download
memory/4848-1137-0x0000000000F70000-0x0000000000F88000-memory.dmp

Filesize
96KB

Download
memory/4848-1144-0x000000001C0D0000-0x000000001C59E000-memory.dmp

Filesize
4.8MB

Download
memory/4848-1145-0x000000001C640000-0x000000001C6DC000-memory.dmp

Filesize
624KB

Download
memory/4848-1146-0x000000001BA60000-0x000000001BA68000-memory.dmp

Filesize
32KB

Download
memory/4848-1147-0x000000001CA50000-0x000000001CA8E000-memory.dmp

Filesize
248KB

Download
memory/4848-1149-0x00007FFDEE6E0000-0x00007FFDEF081000-memory.dmp

Filesize
9.6MB

Download
memory/4848-1135-0x00007FFDEE995000-0x00007FFDEE996000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads