84bd980446e63d8941f42d7391bcce405fe4f5fd3f9b222879e0e05a8ee43041

Analysis

max time kernel
94s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-09-2024 20:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Freemake Video Converter/!)FreemakeVideoConverterPorable.exe
Size

86KB
MD5

9f944459a20f6c2e9744e14175682cde
SHA1

099da6ce23b5759077b82df111d2a84ae5837c0b
SHA256

ce93eae2d75810fb771ad01806542f19f08b56b67d6e24cc20ef76981c0fe4a4
SHA512

42e8b90f8c965359f777956cbdd95175348df8480de9cbc67d765dd67aae58d36c0e453b3ae8b05209b07af03dc8dcc55773aaa20f19192ab94f09ce685f404b
SSDEEP

1536:ig4AcOV5uuE0rud09u277yf3Q7ypK0F9h/F8CY6yFxpWZREX19K/+:TcOVRVru27mf3Q7y80tpyvPjK/+

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
4816	!)FreemakeVideoConverterPorable.exe
4816	!)FreemakeVideoConverterPorable.exe
4816	!)FreemakeVideoConverterPorable.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	!)FreemakeVideoConverterPorable.exe

C:\Users\Admin\AppData\Local\Temp\Freemake Video Converter\!)FreemakeVideoConverterPorable.exe
"C:\Users\Admin\AppData\Local\Temp\Freemake Video Converter\!)FreemakeVideoConverterPorable.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsp7987.tmp\Freemake Video Converter.ini

Filesize
1KB

MD5
c7d905013000c5eb7f37d3a608ecc5c8

SHA1
0e67490e919bb3c29919cafb78d23cdb98a12fec

SHA256
7900989d0314bd95f95eb45bb925bc56927d28436dfdb3851190c79a2e151eb0

SHA512
8e0fc6a1d716ceb82c57055c63795b6c5f990ed22e0d13bb96109f7f1d18c247fb07ad8b43d57fe0c5a9998db289d086161c107c669deab43f21f3d741b4990e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp7987.tmp\InstallOptions.dll

Filesize
15KB

MD5
786110d3394edf4bb5c14e3e9a49f9e6

SHA1
4adf64a5999a1a41870fedefba22f67840f36f3a

SHA256
3ccb4385cd22b5c69bc2583e181da4085477906c193f04eb5a400801e00dbcd5

SHA512
e85e49b492a04188c46c90fef6ba5b177f85c670848f902748ec1540839ffb2f5d88563c14026328dd2100a48979ff8e67e7af1eee70fea0eb477c78db4d9524

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp7987.tmp\System.dll

Filesize
11KB

MD5
301a9c8739ed3ed955a1bdc472d26f32

SHA1
a830ab9ae6e8d046b7ab2611bea7a0a681f29a43

SHA256
6ec9fde89f067b1807325b05089c3ae4822ce7640d78e6f32dbe52f582de1d92

SHA512
41d88489ecb5ec64191493a1ed2ed7095678955d9fa72cccea2ae76dd794e62e7b5bd3aa2c313fb4bdf41c2f89f29e4cafe43d564ecad80fce1bf0a240b1e094

Download Submit