cc276d5da0d5426558098afe87ae7b358403adc9160ff48cc7d7ab85d7588f73

Analysis

max time kernel
96s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc276d5da0d5426558098afe87ae7b358403adc9160ff48cc7d7ab85d7588f73.exe
Size

2.4MB
MD5

3873375a0aaeafebc8f2e0b037cab4ca
SHA1

31ad239193b130c04540c514bf1f125775b942a8
SHA256

cc276d5da0d5426558098afe87ae7b358403adc9160ff48cc7d7ab85d7588f73
SHA512

fe966dab5f9eb8309c2223ab8b1b59bd3d93ad258ce7cdd3d27e52048498ea7326c82da180829dccc8aa8f0ec572921d8648c90718234ed69fc6a85f41f054d8
SSDEEP

49152:1FwWwzOx2YlkXEYTy0iTvTEaMKCTZQgX6Y0fxfNrBygi6+:XPwzOPD0cEaYXb0fxfNr2

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3480	NFWCHK.exe

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\Desktop\MuiCached	cc276d5da0d5426558098afe87ae7b358403adc9160ff48cc7d7ab85d7588f73.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4056	cc276d5da0d5426558098afe87ae7b358403adc9160ff48cc7d7ab85d7588f73.exe
4056	cc276d5da0d5426558098afe87ae7b358403adc9160ff48cc7d7ab85d7588f73.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4056 wrote to memory of 3480	4056	cc276d5da0d5426558098afe87ae7b358403adc9160ff48cc7d7ab85d7588f73.exe	84
PID 4056 wrote to memory of 3480	4056	cc276d5da0d5426558098afe87ae7b358403adc9160ff48cc7d7ab85d7588f73.exe	84

C:\Users\Admin\AppData\Local\Temp\cc276d5da0d5426558098afe87ae7b358403adc9160ff48cc7d7ab85d7588f73.exe
"C:\Users\Admin\AppData\Local\Temp\cc276d5da0d5426558098afe87ae7b358403adc9160ff48cc7d7ab85d7588f73.exe"
1⤵
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4056
- C:\Users\Public\Documents\Wondershare\NFWCHK.exe
  C:\Users\Public\Documents\Wondershare\NFWCHK.exe
  2⤵
  - Executes dropped EXE
  PID:3480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Wondershare\WAE\wsWAE.log

Filesize
2KB

MD5
26f1276b4cbb297af7fc40ba95bef89a

SHA1
b048387e0be2939bf0e2086ec13abfc33755a053

SHA256
3a6480fc891f583fe2ecbecf7dcad6d20063a2ed5cf57d19f0a5d1341e798bc6

SHA512
366cf137e119efeaed6d16c98355252dab4ce067a759ea0b14c7e47bbf6ed8c812f37d17fe4e02d4bd77c4790fe3ee4fa8b4b1329122714aa0e079f44e23b5f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsduilib.log

Filesize
433B

MD5
515209097fc104aee0179d6c667510d8

SHA1
3c7036d4eadf928e7ade750e752179767245900d

SHA256
d5f51f77b37b7dc550032bb136fb9dc08c997027219d59034df14de2188709c6

SHA512
809f7fd348f184af1f8e848bd72b552818fbf9767b79c11418cbd373e69366ddd77a58bbdc6e93b9e58950e684647e639363bd01a6ba2506c356f890e4f537ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsduilib.log

Filesize
2KB

MD5
729ec2a028697b60af0fa64e2221e31c

SHA1
a7b38a895d9d55a49f99cbfb2658dbdf0792f621

SHA256
58d57000d37d56a87697ef9d433c949e97b8dab17dccbd09dae19786d0197db5

SHA512
c74fd1adf5c84ad6453c283c325326eb6002dc0d172fda8e129eb4e908462a2831acb0d05056892295fbe902356e5b9f4a84a5900200d5d52540dcf892575db0

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsduilib.log

Filesize
6KB

MD5
f0b52bde2b35e03a3673ef3f8289368a

SHA1
671006b944c64ae251d6e22f994093f3489052b0

SHA256
c08533ac051f4a27861cadb97d98fc3aa976374a112da54723f3d499baeb4016

SHA512
76f945cb37d74d490ee5247e25229cbcfe9801ba6b7c7eb674141fa91a3d5790816918db8f4b3649c283bba6062f4327bf686131a0eea0583e5ff20f6f7655f5

Download Submit
C:\Users\Public\Documents\Wondershare\NFWCHK.exe

Filesize
7KB

MD5
27cfb3990872caa5930fa69d57aefe7b

SHA1
5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

SHA256
43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

SHA512
a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

Download Submit
C:\Users\Public\Documents\Wondershare\NFWCHK.exe.config

Filesize
223B

MD5
5babf2a106c883a8e216f768db99ad51

SHA1
f39e84a226dbf563ba983c6f352e68d561523c8e

SHA256
9e676a617eb0d0535ac05a67c0ae0c0e12d4e998ab55ac786a031bfc25e28300

SHA512
d4596b0aafe03673083eef12f01413b139940269255d10256cf535853225348752499325a5def803fa1189e639f4a2966a0fbb18e32fe8d27e11c81c9e19a0bb

Download Submit
memory/3480-1154-0x00007FFE879B0000-0x00007FFE88351000-memory.dmp

Filesize
9.6MB

Download
memory/3480-1157-0x000000001B930000-0x000000001B992000-memory.dmp

Filesize
392KB

Download
memory/3480-1152-0x0000000000BB0000-0x0000000000BD0000-memory.dmp

Filesize
128KB

Download
memory/3480-1153-0x00007FFE879B0000-0x00007FFE88351000-memory.dmp

Filesize
9.6MB

Download
memory/3480-1150-0x0000000000B20000-0x0000000000B44000-memory.dmp

Filesize
144KB

Download
memory/3480-1155-0x000000001B110000-0x000000001B41E000-memory.dmp

Filesize
3.1MB

Download
memory/3480-1156-0x000000001B870000-0x000000001B8B9000-memory.dmp

Filesize
292KB

Download
memory/3480-1151-0x0000000000B70000-0x0000000000B88000-memory.dmp

Filesize
96KB

Download
memory/3480-1158-0x000000001BE70000-0x000000001C33E000-memory.dmp

Filesize
4.8MB

Download
memory/3480-1159-0x000000001C3E0000-0x000000001C47C000-memory.dmp

Filesize
624KB

Download
memory/3480-1160-0x0000000000D20000-0x0000000000D28000-memory.dmp

Filesize
32KB

Download
memory/3480-1161-0x000000001C7B0000-0x000000001C7EE000-memory.dmp

Filesize
248KB

Download
memory/3480-1163-0x00007FFE879B0000-0x00007FFE88351000-memory.dmp

Filesize
9.6MB

Download
memory/3480-1149-0x00007FFE87C65000-0x00007FFE87C66000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads