Overview

overview

7

Static

static

1

Windscribe...16.exe

windows10-2004-x64

7

Windscribe...16.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-07-2024 14:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Windscribe_2.10.16.exe

  • Size

    24.6MB

  • MD5

    a586ee9407d50f3f26b0c65b967a2a77

  • SHA1

    c2977fc7d039c0eda6c816477415a257e85037ca

  • SHA256

    36d8428d1e2f8116f288aed6a3466144d81c8a922cb589416ec3fae9a533f1ea

  • SHA512

    146bec0b9a0b0d8ab94b76c322e5e0e80131c276d6b53199e9413347bed11fd5b12d6622717f0f8497a0aab0cba428f393ffa93203e98f7527a4801baf7f8fd6

  • SSDEEP

    393216:SntmQlURIlyJLsE/sYj0bKFGvzlfgwgJnOF3e+dLTnJ5oqR7hu9dmUKXzn:SthwIlasS4eFuzlTgJOA6V5jFu9d+

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 18 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Windscribe_2.10.16.exe
    "C:\Users\Admin\AppData\Local\Temp\Windscribe_2.10.16.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1040
    • C:\Windows\Temp\WindscribeInstaller12447\Windscribe_2.10.16.exe
      "C:\Windows\Temp\WindscribeInstaller12447\Windscribe_2.10.16.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of FindShellTrayWindow
      PID:1628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\WindscribeInstaller12447\Qt6Core.dll
    Filesize

    5.5MB

    MD5

    970df5d767e87c18ebed28381b0f4adc

    SHA1

    7526a65c6de1ef8971076395655aa7a82f18a6e0

    SHA256

    238b6dad34d40eb3e1c4999ecd224be2ef0fff3cc7b2587d6b4d9dd260effa49

    SHA512

    01d7942bcc808a924b881cc9e12add558a70166472e446d787bad0881d69b1802dce4a2e9ab7e17bd33129c5b66528756045dfc189332391a4de49f894e235f5

    Download Submit

  • C:\Windows\Temp\WindscribeInstaller12447\Qt6Gui.dll
    Filesize

    7.4MB

    MD5

    0ab8efed44e94227d814f456e51f0b57

    SHA1

    22a55fa81689d7314424083e515f9c8819c9cf17

    SHA256

    1c7b79a164335b8c43d7267fa8a0ee43a2bdeb957aef167b38bfedda21cff825

    SHA512

    95cf380fa921f127deb40da22788b1b41c0a47f8a31d7656e02c11ba69d360609527b6b9ff7ec236bec139cea59453634e845058d06adfe9fbce0dd82bd36b23

    Download Submit

  • C:\Windows\Temp\WindscribeInstaller12447\Qt6Svg.dll
    Filesize

    355KB

    MD5

    8699b8bada8fec14462321757e89cf9a

    SHA1

    d5b7e1d0e96d3f73f65221a625e4d5f6033cfcfc

    SHA256

    70bd4c4cdf70865645e86a0b1dea58eff111a1d588f6654a972a137c000b87e1

    SHA512

    395e9efbe2e992e15a7a89424b86f394e32c19563a5da2dbc1afd14f1f453cfd72ae76754c475075e7b7f99b4a88a23cf8f2d5330ec211e44c4eee1623b900bd

    Download Submit

  • C:\Windows\Temp\WindscribeInstaller12447\Qt6Widgets.dll
    Filesize

    5.8MB

    MD5

    fe5d94996b8128747762cf0fdcab1f82

    SHA1

    3cb1bc591d55c4e5f76be53c3993eaab7e67541c

    SHA256

    05362dfd5ce0ab18988d878240f1daec2c505fb60cfb85636444c1843692e4a3

    SHA512

    c91be91786e38341ad83eb38ba27e4110d18c24b03f088aced46b32eb3fe9d81bf89c5bec4b8da1b84252fe78d3294dee1230ff79bd9308e979d0b9b219eab53

    Download Submit

  • C:\Windows\Temp\WindscribeInstaller12447\Windscribe_2.10.16.exe
    Filesize

    17.9MB

    MD5

    0ca29f00b9b47a8fcdb0620dd1e2c231

    SHA1

    0687f47c1d5f84fa81fddc4681c4b07ea5dfcf6f

    SHA256

    117a55a1707ec125444e825cf0ad9be9c99836541343c0e6e5c1ae5faf47c218

    SHA512

    2f49d06786c2843417374719555bb69fe61f4a5cb17ec9c75a18f68ec5f3b8721840e4d063b21219b48d34778548932b3d52124f53357dadc1b01f62aa98b74b

    Download Submit

  • C:\Windows\Temp\WindscribeInstaller12447\imageformats\qgif.dll
    Filesize

    47KB

    MD5

    26574147ca3f4b70e868cd717e69a58f

    SHA1

    fd3f725c56c4d2baa2d831b077a9ce2f101e2689

    SHA256

    ce34841b2350a0fcfc9250203c81192ea4babca587375ec9fac2e55267a6fcf3

    SHA512

    8b75a6afb0ccd50f5a1cbbc16f0a04e170263e7629980e8fc7406dfa6f4e074d33317a4a3c8c6f9e201faf14ebfcbe99a7584a88351d3786b4e2dbf31ca41911

    Download Submit

  • C:\Windows\Temp\WindscribeInstaller12447\imageformats\qico.dll
    Filesize

    46KB

    MD5

    3db1047b43a8eab09b9789529889341d

    SHA1

    4604eb1d86c6bb1561d1f2fb75ef61c3f959a1c3

    SHA256

    7d689613ff4784dd8afd3ee4429027c46432119b25786691d7da67f24b7ebd6d

    SHA512

    6490788dcc4b8f071d52dbcb12967ea37e4dda930f2fa548621f88e28ae096b084ada0822676a3ba6157b802fe0b40d9185cf3715efe5d78cbcfb830e3f104da

    Download Submit

  • C:\Windows\Temp\WindscribeInstaller12447\imageformats\qjpeg.dll
    Filesize

    445KB

    MD5

    ee879fe49a874af52b6abf9076ae8fe9

    SHA1

    7bc23a9615bdf2ff32e961faae1d0223e40d5fdf

    SHA256

    3e1d675563585303e4c3276baa3915a88d540af2a22d04fcda43f4645d1c05e6

    SHA512

    f3e9cbdbf9fef3e9014c5fc3edb6bd8e001b6575b263d43dc8df7281e6104f88a8bf7ad25657183b91368e6fd8a8c6da608b7dbdf3f8fee393c4a1a9ac8722a6

    Download Submit

  • C:\Windows\Temp\WindscribeInstaller12447\imageformats\qsvg.dll
    Filesize

    39KB

    MD5

    5bee238b2ca3eca6ab04aa9a61ce3224

    SHA1

    097a4273e0ca8d1f29f78e9fbbfdb95a4894a1b1

    SHA256

    c540dc238325fdc9b183efc6f95639b58df4400dc4074e43e43588e3eb3d2451

    SHA512

    aaf32a8bded590c711c292fdf6d7382d818460033f730a67376ed475226a0989b0941d54067e44ae4138ba0f4b487b32a7e7311059afdfb7c6e0ca1f2324d4df

    Download Submit

  • C:\Windows\Temp\WindscribeInstaller12447\msvcp140.dll
    Filesize

    554KB

    MD5

    0d89995cc45c7eb40e5a7e287506c1e9

    SHA1

    096c27b06ee7fff2bcd290af0264cdafd04cded9

    SHA256

    e0a22a594e148fa55ceef3e49969bfa77011a801267a0bd7805b681b593c9d0b

    SHA512

    3497c2957d10fcddeec8f312fb15c53f82d770dcc3e771a94daf4f4435c3ddf323ecd33310baaf1ad56673bac7c6268a9ef921d5f32cf7e4a7c9dcb0d8aafa63

    Download Submit

  • C:\Windows\Temp\WindscribeInstaller12447\msvcp140_1.dll
    Filesize

    24KB

    MD5

    c060bb176a671f068362db2673a08c5e

    SHA1

    1d6b4ae5e778f1daf3573d4817777a51c35cbac4

    SHA256

    768e0829decea713afb35a7de07e276f051581c8ff2c17e1bae9b07dd1445dd0

    SHA512

    78a6c8f76d3ebd8db9c784d7775ec44647c4776fcb11d0b32ae2b3a6f2837c0b3be12f053ef6a25811a68da17d0eea83077521f496e238757f5539b445a58a7d

    Download Submit

  • C:\Windows\Temp\WindscribeInstaller12447\msvcp140_2.dll
    Filesize

    182KB

    MD5

    94bc7a22ec7308f851cc58fd6de90b2d

    SHA1

    cb4d8dcd2c8e9bbf049c1628246cb12cdd34b353

    SHA256

    5c12eaef6db18b168f712bff9b55793e0effddf15b89552e7f5ca4f8f1887b9b

    SHA512

    87791e992ccb43c833ea6ef2b0fa146031e0fd26305c93d77bc693473292f5b54d36516f3294edcc1c253d2decc166fdd1767c659f65e7d7e447cd8c318b7c96

    Download Submit

  • C:\Windows\Temp\WindscribeInstaller12447\platforms\qwindows.dll
    Filesize

    823KB

    MD5

    b282a6b3a3e4ed8c42f4419a9db87e41

    SHA1

    4a39e285182a5c5c311efe0c04ac8ab5f0e5dfdb

    SHA256

    5918f2fdbe3be8410d8c255f7174a92e407e299ba8f66616b52f75fe25fda618

    SHA512

    e1b9cc8108102dff6c98818787f5921e4cf6f4cba26d1b24a443c5c58129be2e9d533d7026125ab19238af05fd7854a8b3399ecda643f48824b51e6ab7b523b5

    Download Submit

  • C:\Windows\Temp\WindscribeInstaller12447\styles\qwindowsvistastyle.dll
    Filesize

    138KB

    MD5

    a9ea33827f593d4ff121eb27da14017c

    SHA1

    2b45c65e083b05559ddd27f23d61c359b9b527d4

    SHA256

    f605cf01582c022a21f0c2faffd13e4f46d596727806793a708eaaa1ec3f7859

    SHA512

    586f11f2899b1ed8f2257d0e9cc433bcaede5c64c0e702981483b059a12c5899e972bea9fcbfc638e13d9659562b4f3a735b6ff9a0507f141b7405afab8caeac

    Download Submit

  • C:\Windows\Temp\WindscribeInstaller12447\vcruntime140.dll
    Filesize

    96KB

    MD5

    a4cf5c1f71c540c69371c861abe57726

    SHA1

    f272b34182db8a78ffc71755b46a57a253fcd384

    SHA256

    c179d8914ba8e57b2f8f4d6c101c2c550c7c6712a7f0f9920a97db340f9d9574

    SHA512

    f2b53f28a6369f76b22e99fddfb86730f3d33e87c68dae7aa3d05808223693bb86ade263cccb99d5462cf98eeeaa6a6f1cfe5ea3aa1739f8ad6eb624caff1045

    Download Submit

  • C:\Windows\Temp\WindscribeInstaller12447\vcruntime140_1.dll
    Filesize

    37KB

    MD5

    9f4eac207cb58e8d110477e7fd19d565

    SHA1

    687051b863f7a7178cabf9c06ab3b534b1e23dd3

    SHA256

    7cf38d20d00b6640d510eab70171e1c6f8fa2e42040832e17c7433ab61d94a8e

    SHA512

    9c5c4499adfc7b61751510f52a1288ff386dd1c1aaf8e8a9660990194813394329f8123f38e026ea10c6e30b4a5506625b9060329d524db68e48f36ab2691a05

    Download Submit

  • memory/1628-48-0x00007FFC784E0000-0x00007FFC78AA6000-memory.dmp

    Filesize

    5.8MB

    Download