84bd980446e63d8941f42d7391bcce405fe4f5fd3f9b222879e0e05a8ee43041

Analysis

max time kernel
120s
max time network
129s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 20:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Freemake Video Converter/!)FreemakeVideoConverterPorable.exe
Size

86KB
MD5

9f944459a20f6c2e9744e14175682cde
SHA1

099da6ce23b5759077b82df111d2a84ae5837c0b
SHA256

ce93eae2d75810fb771ad01806542f19f08b56b67d6e24cc20ef76981c0fe4a4
SHA512

42e8b90f8c965359f777956cbdd95175348df8480de9cbc67d765dd67aae58d36c0e453b3ae8b05209b07af03dc8dcc55773aaa20f19192ab94f09ce685f404b
SSDEEP

1536:ig4AcOV5uuE0rud09u277yf3Q7ypK0F9h/F8CY6yFxpWZREX19K/+:TcOVRVru27mf3Q7y80tpyvPjK/+

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2292	!)FreemakeVideoConverterPorable.exe
2292	!)FreemakeVideoConverterPorable.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	!)FreemakeVideoConverterPorable.exe

C:\Users\Admin\AppData\Local\Temp\Freemake Video Converter\!)FreemakeVideoConverterPorable.exe
"C:\Users\Admin\AppData\Local\Temp\Freemake Video Converter\!)FreemakeVideoConverterPorable.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsoA94C.tmp\Freemake Video Converter.ini

Filesize
1KB

MD5
9adea18bd44e39eb3bb82e5b0faddc8c

SHA1
5c2a7d4944580fe06c3fbcd331a4b88aacfeeed6

SHA256
bd25bd8f22beaeda4aa5b1ed6da0352716d5baa044f6b921bb670344487b66cd

SHA512
6f334b712d606c1b133fb9e459ebbc2c472769995a6238cd9f7652e8deb7dfc864089d38368cb08822eefa8c875b0f2714542468900c088175a642e775e37dff

Download Submit
\Users\Admin\AppData\Local\Temp\nsoA94C.tmp\InstallOptions.dll

Filesize
15KB

MD5
786110d3394edf4bb5c14e3e9a49f9e6

SHA1
4adf64a5999a1a41870fedefba22f67840f36f3a

SHA256
3ccb4385cd22b5c69bc2583e181da4085477906c193f04eb5a400801e00dbcd5

SHA512
e85e49b492a04188c46c90fef6ba5b177f85c670848f902748ec1540839ffb2f5d88563c14026328dd2100a48979ff8e67e7af1eee70fea0eb477c78db4d9524

Download Submit
\Users\Admin\AppData\Local\Temp\nsoA94C.tmp\System.dll

Filesize
11KB

MD5
301a9c8739ed3ed955a1bdc472d26f32

SHA1
a830ab9ae6e8d046b7ab2611bea7a0a681f29a43

SHA256
6ec9fde89f067b1807325b05089c3ae4822ce7640d78e6f32dbe52f582de1d92

SHA512
41d88489ecb5ec64191493a1ed2ed7095678955d9fa72cccea2ae76dd794e62e7b5bd3aa2c313fb4bdf41c2f89f29e4cafe43d564ecad80fce1bf0a240b1e094

Download Submit