e494e421470fd9fc68fc842c3bf6d6b27bf86ca033217659eb4dd9596498926a

Resubmissions

01/09/2024, 23:06

240901-23w4asvaqn 7

01/09/2024, 23:06

240901-23dxqavfmf 7

Analysis

max time kernel
95s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2024, 23:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

MovaviVideoConverterSetupC_W8fbkfk_.exe
Size

5.0MB
MD5

c8d53fe5ad2dc573ba45daf8956b33bf
SHA1

56d3c06aca68be0ae379e790f0ce32186da9e2cf
SHA256

e494e421470fd9fc68fc842c3bf6d6b27bf86ca033217659eb4dd9596498926a
SHA512

a746f84efb524818246b2504568e575c724ff364824ba1c6e801007c062e9b3824d5e537d1e3580af7c2751010d7c41365c606f1b3fc198dd0111b3a62e88062
SSDEEP

98304:gqsDtGsBPiybKXjynAz39exNbSPaE1z8aQ2VfZ9LqgQoq:gqTs1iybKm0ENWP1w7U92gxq

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1444	installer.exe

Loads dropped DLL 21 IoCs

pid	Process
1444	installer.exe
1444	installer.exe
1444	installer.exe
1444	installer.exe
1444	installer.exe
1444	installer.exe
1444	installer.exe
1444	installer.exe
1444	installer.exe
1444	installer.exe
1444	installer.exe
1444	installer.exe
1444	installer.exe
1444	installer.exe
1444	installer.exe
1444	installer.exe
1444	installer.exe
1444	installer.exe
1444	installer.exe
1444	installer.exe
1444	installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 1444	2036	MovaviVideoConverterSetupC_W8fbkfk_.exe	85
PID 2036 wrote to memory of 1444	2036	MovaviVideoConverterSetupC_W8fbkfk_.exe	85

C:\Users\Admin\AppData\Local\Temp\MovaviVideoConverterSetupC_W8fbkfk_.exe
"C:\Users\Admin\AppData\Local\Temp\MovaviVideoConverterSetupC_W8fbkfk_.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Users\Admin\AppData\Local\Temp\Movavi-installer-606d84d1-f117-4e89-beb0-cdf3772b2aaa\installer.exe
  C:\Users\Admin\AppData\Local\Temp\Movavi-installer-606d84d1-f117-4e89-beb0-cdf3772b2aaa\installer.exe "--distrib-name=C:\Users\Admin\AppData\Local\Temp\MovaviVideoConverterSetupC_W8fbkfk_.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-606d84d1-f117-4e89-beb0-cdf3772b2aaa\FndAppLocations.dll

Filesize
39KB

MD5
714c281d735775db48971b44c5d0ee2b

SHA1
a50343cdb2091a942225a8bbe8e3bbbfcee8675d

SHA256
0ad5b1125068dda35e178213a9d2b428e4540ddbc4cfeab7f27c44b31e93071c

SHA512
98e7e102b09890da11296e3f7d322cded0face56fd5877192b149722354cc5214c32e2b14f1c9a98c00de1a86bc19dedeca4dc2a187df9b0fb63bb1f2effd73c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-606d84d1-f117-4e89-beb0-cdf3772b2aaa\FndCrashHandler.dll

Filesize
679KB

MD5
d47fefae63f4e057e9133c9f73d06f09

SHA1
b9b22078868ad76c736b38d91e725e260096a591

SHA256
20643e31bfd7013c463886fc16e834ad00bd17274e6d6844efb195488b52e90b

SHA512
a823b0f85dd0208e170376a4c58b5c563b29e081ca6aa37f88e324f624b2ce3a180a3081170a3ec288c5beb7c80e090e20ae1934459cf0ac0c0fb789c9c28bcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-606d84d1-f117-4e89-beb0-cdf3772b2aaa\FndException.dll

Filesize
107KB

MD5
f046225de9c0495cac00d00b0ff7842e

SHA1
7ecf145e2884c0d1d2d08f5c27d1ee5765bd8975

SHA256
27df7dbe035b24e1ca82b4dcc4037381ee4c68a4f50543062aa17abd5be6b31a

SHA512
7912a1ada56f5cf09617a879ce740d5dcfe98788b52a3656b31747dd2291c0e1eccca98099915421c49aa21c4fe25f62db5de6bcfc91334ec97ed9da85439f3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-606d84d1-f117-4e89-beb0-cdf3772b2aaa\FndFilesystem.dll

Filesize
289KB

MD5
aaf5a3eb8d4b9f0bf8f5c32b4ed2a2af

SHA1
fced5431476f3dd6cb18a1e02ccf2a1855e89672

SHA256
a0cff41f6fd7e5b104538b76ee41087e88c02745c6a0365e3d1ba3dc36f75403

SHA512
9ff1f5939d4fc766481a9a53ccf31645e12badca6b9b365487c50d04fd9b7e458ad619165dfb16a02bc730a5ec9e5ddb5067d3e4154acebfa586af4a38e06277

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-606d84d1-f117-4e89-beb0-cdf3772b2aaa\FndHash.dll

Filesize
90KB

MD5
d76fabe5f54211a08542f91614042e54

SHA1
45d49266d254ce57154c01fa0a32d5926d536238

SHA256
79d65304dcc5b217012d93b57666402a9dd90f4246d3cc307f2457ba198b1847

SHA512
26703c21ec0607b7e0a838a4c0fc129f5f323dad857d97fa282d18cfad6cbbe189535ec3201f9f19c0e2b185de0f19e9344f896629ca5be3717049862ba23014

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-606d84d1-f117-4e89-beb0-cdf3772b2aaa\FndNetworking.dll

Filesize
4.0MB

MD5
6d32303b81e61adc8c87efd8afe3d3af

SHA1
bbe14c126a4e63498a2ddc03219db6e6ad52bb9b

SHA256
843e184afa40f85f75642cc6aafe4d6b323c86bb5e1bb5afe5a48f508111667e

SHA512
3fd2f7ee7de3fb08dd324cd890b9cef780f08bbf9018910407bf4cb51d34522fda613c98c4065561e2dc0b772a56b7549a784be2651b93d903c30dece0d37bf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-606d84d1-f117-4e89-beb0-cdf3772b2aaa\FndOS.dll

Filesize
179KB

MD5
df35e832d29aafd33e7d540133bb51e4

SHA1
b0b1436b4e6dc3c0a828fda5d994fd4d5820b547

SHA256
aa86005c5530712db8a91612f8d247806106ebfb77cad1758c47e41a20b7f943

SHA512
b0fafa4289a8bf8d51b69c57533b4af62b20b40c07712e32aeb984016a335bde4aee451a9a96b30c369c2d7655908764afd78e873dd34e8bdb37c956c9ee51b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-606d84d1-f117-4e89-beb0-cdf3772b2aaa\FndPointer.dll

Filesize
24KB

MD5
2d180f2de924ece89b15cfe51285fa09

SHA1
91168137d7be26f4953946b62027f49002cdbc87

SHA256
9d75a0d11d2893e0665354c4d38d58bf2288dc97734895e6b1971da5114958bb

SHA512
f7e057c244823a936bff292af678930b0ae0d743e9c51209373a456436a5b39e065659f242be8603077cc31a022c28cbf05d472db10a608cc213c238ea8a417b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-606d84d1-f117-4e89-beb0-cdf3772b2aaa\FndString.dll

Filesize
43KB

MD5
05a071fe19649da585a5376412f190a4

SHA1
fd8c48b6a2eb2cbfc29ebfcf1d2425537dd7d864

SHA256
32007a1946001967115c04e381dd8e48ba58dc60c57f038083fedbcccfda8465

SHA512
72de491a940465a922a5c929409fb451c2cd571b2e346cdb0aa60c0a2d55096e0a415e0fcd3198096be1db26a08668ed8709a08582f972d85be8e1ce2eb4bba5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-606d84d1-f117-4e89-beb0-cdf3772b2aaa\FndTime.dll

Filesize
63KB

MD5
e7c91ff13b9ae364d382f44b2ec95d32

SHA1
7b431da499866bf642e9cae676c93be9ac98017d

SHA256
35b3e5ddaae74ff36b95eb0300fd7b23d337260156e1a7af8f76a975f4d73fd7

SHA512
906478d2debe7cebcfe0dc103371f8186bd68fd41bcdf937e7a553f1503a04406d4689e056beffb98b5057d8dc55ab2b08e62225e14b866b5c3d17c86a24a373

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-606d84d1-f117-4e89-beb0-cdf3772b2aaa\FndVersion.dll

Filesize
66KB

MD5
9253c004046aa8598be5e71a1d1a1de6

SHA1
75110f1a25e811d83d9bdfe10827b4dcf69f123c

SHA256
ca61619692c864ab79c9218f8f72fe559e1caf6ac12a503974151ff528f999a0

SHA512
9029c40c6fa15bd12195ff4bb2bde9e1bc44fde836db51e3e4a24be0d55065e918f94d4d5506a2347ea48d9c9ce4a5f1712b4691a1f10b54833d87b0ca287d8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-606d84d1-f117-4e89-beb0-cdf3772b2aaa\WebUid.dll

Filesize
3.5MB

MD5
4291af0f96592aa83c16a3b6d39d9ab3

SHA1
d4fbd74bc8458eafdeb43f7f986cc957b72efc8a

SHA256
465dec58e18c48f8db2fb49914af48f38feba428484467fd699b7f9ae7761c36

SHA512
4ddbf42a1884e46870bc551adedcf7eaf1fe65ffd07aed9eb8876a39422ef4130e5f8c00e415b18baf00884c0569b2882c91c0c7576a3318d6abf81e7263bdc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-606d84d1-f117-4e89-beb0-cdf3772b2aaa\boost_filesystem-mt-x64.dll

Filesize
149KB

MD5
ba22aa95ff577c57ddbb3d70b55161fd

SHA1
ed30f95f8eb6f98e80a1dfa2ac1e2ab6048b6e28

SHA256
6c0acecd9b02cd2fd3f3fc1b51ab6ed3e7d3150c85b92654de21f8363426cff9

SHA512
27d7b608b9bc8b5cd85ced0530d326e29b2ec8cdc5a3854dd831bf7b01af0b5fec290bb2d0cbc6f84ecd70dc1784bd2082e7cfa57ff890244c89ef307a48731c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-606d84d1-f117-4e89-beb0-cdf3772b2aaa\cpr.dll

Filesize
3.0MB

MD5
900dfc1c48416e33f105673c2f82da0e

SHA1
db87fc3cc11b6344c7879325ebcbd978f9d92fb5

SHA256
b5ced3e321f4112a8d86e8c5650349b236835b9361a23ace34a0df6cae287567

SHA512
37b04eee4628e67b28aa151663288a40a0959809a48db8d52b018a5649e4c7ad28d3c356ae713cafcbd1a283e721b82672ad61beb7dbd73825ddfcd504ccca3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-606d84d1-f117-4e89-beb0-cdf3772b2aaa\glog.dll

Filesize
135KB

MD5
90566194f4a5c5ee360f31f1942e673b

SHA1
60fe9840941831eef262c7688eb9ffad85d35eb8

SHA256
82e29b2226cdf681b198046eb555bc4c64a66f4ce7f1abd54937d2f1d7245b76

SHA512
2c1cb31f16a33f71c7926981c8b4439934b35788d1475c08ef94e56e51be02f8bcc31447a1cc0559f98419b97ba8d4beccad3dc048ef8155c702622b84640994

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-606d84d1-f117-4e89-beb0-cdf3772b2aaa\installer.exe

Filesize
4.3MB

MD5
431c375d80e1c102463bf9a3410c75e7

SHA1
49dbc500791a351879e9d602327699ea58978456

SHA256
852d1f3d3525e1cf3ff795454d1ffb4613284ee0def2aecb96983cdbaabae3ee

SHA512
1a6d25ec1594249ea1a2219beb8f77d7994467d6184e0217a8599687ab8a2a1f797a643fa204328d64694f532cd9e59db1af504cf43a84f2168272476f85d33a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-606d84d1-f117-4e89-beb0-cdf3772b2aaa\msvcp140.dll

Filesize
552KB

MD5
29c6c243cfb1cec96b4a1008274f9600

SHA1
c54b10ef6305cc3814c68e6c8fd6daecbb27622a

SHA256
44a5af24f8d5f9c50a9e5a200a0486100afb6a0e86377e2e3e622a7bbb57cb04

SHA512
39c34554ea7b6d433c2aecfdeff87959e625e943bf7a446ebca8e5878eaf24198c1b188359a0343fb78478f2bc8b986ca4d0e69d39bac6ff80cb901fe4f113ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-606d84d1-f117-4e89-beb0-cdf3772b2aaa\vcruntime140.dll

Filesize
94KB

MD5
02794a29811ba0a78e9687a0010c37ce

SHA1
97b5701d18bd5e25537851614099e2ffce25d6d8

SHA256
1729421a22585823493d5a125cd43a470889b952a2422f48a7bc8193f5c23b0f

SHA512
caf2a478e9c78c8e93dd2288ed98a9261fcf2b7e807df84f2e4d76f8130c2e503eb2470c947a678ac63e59d7d54f74e80e743d635428aa874ec2d06df68d0272

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-606d84d1-f117-4e89-beb0-cdf3772b2aaa\vcruntime140_1.dll

Filesize
36KB

MD5
d8d1a08176ba2542c58669c1c04da1b7

SHA1
e0d0059baf23fb5e1d2dadedc12e2f53c930256d

SHA256
26c29d01df73a8e35d32e430c892d925abb6e4ad62d3630ae42b69daacba1a0d

SHA512
5308790fbcf6348e87e7d5b9235ed66942527326f7ba556c910d68d94617bdd247a4ed540b4b9f8d4e73d15cf4a7204c0a57d4fd348ec26e53f39b91be8617fb

Download Submit