78ad6d17821093424c88de5276d25564c17b34b56d6e1e9e2f3229d51bfd634c

Resubmissions

27/09/2024, 17:34

240927-v5jsessglr 7

27/09/2024, 17:26

240927-vz93essfnl 7

Analysis

max time kernel
67s
max time network
83s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
27/09/2024, 17:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

VideoAI.exe
Size

681.8MB
MD5

864ef2e418544826bbb7cb6bf436cf74
SHA1

11dff2f09b0bbf9bedbd3bcec822edfc3a43a62f
SHA256

78ad6d17821093424c88de5276d25564c17b34b56d6e1e9e2f3229d51bfd634c
SHA512

0892e487d3e1195bb278785a33aa575a7bd8b88f4e14c23b9a8d96c91d617ce27ab339fb803cdd53e4fbd224c985c2e01334099f4a66e5c7d0e4d65f583bf794
SSDEEP

12582912:n65VSjVaaeHXiRuXg3gYgZGr98eJFrJ3ctZPKGr0MsdkF99RLaYsGas1k:nakalisXgOZmd3ct1CkF990YsGK

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5028	Topaz Video AI.exe

Loads dropped DLL 4 IoCs

pid	Process
5028	Topaz Video AI.exe
5028	Topaz Video AI.exe
5028	Topaz Video AI.exe
5028	Topaz Video AI.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
5028	Topaz Video AI.exe
5028	Topaz Video AI.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3564 wrote to memory of 5028	3564	VideoAI.exe	78
PID 3564 wrote to memory of 5028	3564	VideoAI.exe	78
PID 3564 wrote to memory of 5028	3564	VideoAI.exe	78
PID 3564 wrote to memory of 5028	3564	VideoAI.exe	78

C:\Users\Admin\AppData\Local\Temp\VideoAI.exe
"C:\Users\Admin\AppData\Local\Temp\VideoAI.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3564
- C:\Users\Admin\AppData\Local\Temp\VideoAI\local\stubexe\0x45F5F02E027FD0D5\Topaz Video AI.exe
  萠Q
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of UnmapMainImage
  PID:5028

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:6048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\VideoAI\local\meta\@APPDATALOCALLOW@.__meta__.__tmp__

Filesize
32B

MD5
7eded22d09271be56edf368af94e55ab

SHA1
9b574ee3c866e0b325246611fc5c412b8b959806

SHA256
e6e210fa821463797d690682617069c89bf858451534ae49dacb2176207da32f

SHA512
33a65406df4f1318d8b2ba0c53a4c9f0464c5f5c6cd187a6513beb2bc64cd9fba4c8b0d0344dc0f9025fd5a0bb68fe7c7fe4425ec84a3175ae8ca731ab95fb95

Download Submit
C:\Users\Admin\AppData\Local\Temp\VideoAI\local\meta\@PROGRAMFILES@\Topaz Labs LLC\Topaz Video AI\Topaz Video AI.exe.__meta__

Filesize
32B

MD5
d0e956f8f6589f637cbadcdef2d9ee0d

SHA1
0e7e5445fa732263e7d418d0697b18f7653af04f

SHA256
19c45b2f4f1ba3077650ddeb3b4374c3d973384ffcb893bd14f33f8d46a60df2

SHA512
43e4ced3d9356bd5f6d15e3922c5386f960e8f1d4c451c3cacc55686a48849184e1bf2b8d7c4969a4140e0f6a10100bdfec8f25cd28a84684dfe1163a6666fcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\VideoAI\local\modified\@APPDATALOCALLOW@\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
338B

MD5
d26218bdf552d2ed6fbcbe0581420743

SHA1
d98e8beeb4e95dec5869cea7fddd697800da07d9

SHA256
d96d09b71cbf74b096cdd123ed12dfba0b2dc05bb18adfab831835e5c8cfbb8b

SHA512
7dacd85581fac6f72892535fdc9eb0ee9c95216d25b59473690b4831ddf1ac7b01e79389de91d93f46951546684b888b3d25a39daaab718479f0e625f2cc6f9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\VideoAI\local\modified\@PROGRAMFILES@\Topaz Labs LLC\Topaz Video AI\QWKCore.dll

Filesize
111KB

MD5
61119e74335ec6c141a27565e0126eb9

SHA1
d3de28bacea3b921365b42d7aa2c714d949ed7ed

SHA256
6a053c0cd8768acee34c74f6fdda4f9fc8929dab0453e3c168079e142a4556fd

SHA512
9d611908520965d30e55f2568d3f2c323776c368c41a3c9acee1d2ff945a9f838eab6a6a5d4a16093052fc8347fd1a96203bd977a1781b9ab646abf584d552d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\VideoAI\local\modified\@PROGRAMFILES@\Topaz Labs LLC\Topaz Video AI\QWKQuick.dll

Filesize
47KB

MD5
0651f5c2e41ef0213ff8f4abb3fd2dbd

SHA1
d73f1bd6db8112fc1f1da5020888516d4129cb14

SHA256
78b51e3a35fdba5f3f6cf544bdab767991528dc432181209823be7ad245e5381

SHA512
6ec59bb926dce24d404e8138ce755a00575ff90e6e110a273d77872afd952ae4ceb384001fa33e2b4cbc008b224e17f00ff69089dca841e0d255eb050e074530

Download Submit
C:\Users\Admin\AppData\Local\Temp\VideoAI\local\modified\@PROGRAMFILES@\Topaz Labs LLC\Topaz Video AI\Qt6Gui.dll

Filesize
8.5MB

MD5
8e273e9071d0e1d351a4879493c0d266

SHA1
bce41ded0109a42dd52bc81bc3a507c95a5db8b5

SHA256
3b9b409655b99587ba3cd1bf624b9b38eaa177549c82ee4ef27dc8b7076ac83c

SHA512
07684d4105685e6417946e99b6e8a1f7557c8713793ddc00957ce4994df77f17d2590c7d5951826a285dbab006705b442a1fa1c251a81e0ac085f4f53ba7406b

Download Submit
C:\Users\Admin\AppData\Local\Temp\VideoAI\local\modified\@PROGRAMFILES@\Topaz Labs LLC\Topaz Video AI\Topaz Video AI.exe

Filesize
12.0MB

MD5
953f38176b045bac19b1881ab2d26868

SHA1
2644de39cc86a48581c8c44ba92dde4e532ff98d

SHA256
b6bdbdcdae76a2d977c304940b1a1c032f3cbdc518ed6654da540e7970542747

SHA512
39aad2fe0ecd0304c852e35d9d862bf8065c44ff10dfe7672c79e5937bca5d483db6f298ecd4155173d774a35f00da9da9cd673d2e7e1e44dd6a54fd1da49a6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\VideoAI\local\stubexe\0x45F5F02E027FD0D5\Topaz Video AI.exe

Filesize
36KB

MD5
50091d2271ccdd5174036175492b6cda

SHA1
5e12a371697e99e21a793e657c157a5e795f6937

SHA256
a4ba488089a7fff2cdaa0143b3691de5e5c22546de278a25ee850f0a180e8104

SHA512
f289ec93264a154990b02b54128d031008a29e0ba9b381892cfbb9d12be78d7ccf79cd262087115c75f409ea05c7a3bcb6401be4019a9313d9e338eb5af5b394

Download Submit
C:\Users\Admin\AppData\Local\Temp\VideoAI\local\temp\@WINDIR@\XSxS\Manifests\Qt6Gui.dll_0x8e273e9071d0e1d351a4879493c0d266.2.manifest

Filesize
483B

MD5
fa0f49c8e87d262b31bf6f76fe4ccc18

SHA1
c334489baa5b87d26a2cae13698b0f2c3848bddd

SHA256
9073b41d5b9f30b135c3b34d4774d387d1e37a3e4c2ef1c7e1407a01f72612f0

SHA512
9a9875b0c97308287cb4fc4002cb4a69baeecd154ffbabbd837b23fb8d1cb35c9f04bbf7c1d27343bc4af70b54cd9d49d3bea06d997215696b03d71fe6b2b0d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\VideoAI\local\temp\@WINDIR@\XSxS\Manifests\Topaz Video AI.exe_0x953f38176b045bac19b1881ab2d26868.1.manifest

Filesize
474B

MD5
682b97691fa5bde1c04cc88d492a2871

SHA1
72e4273bd0dae6d2ee336458153272c072aa71c7

SHA256
961bc29bba78a11a2b3e650e46f338ddfcab44499669d370719fae9f6e9eaa99

SHA512
bdca34f93f7c889677d8206890861caa4d8ca6b96fbd9bcc279c2b361c110d0c6f88a7a4e871368637c034a602d84e789167d04b0990a443c4a8ad3ab31bbc76

Download Submit
C:\Users\Admin\AppData\Local\Temp\VideoAI\xsandbox.bin

Filesize
16B

MD5
ec3d19e8e9b05d025cb56c2a98ead8e7

SHA1
748532edeb86496c8efe5e2327501d89ec1f13df

SHA256
edb7be3ef6098a1e24d0c72bbc6f968dea773951a0dd07b63bad6d9009ae3bf4

SHA512
175fb8432472b6795bb5db0eba61bc7b57331720825df5b048f3086815ba844df4f7e83e42ff9e8fe5ab01700675a774cb916677953d6e0088ffbf1fa2775349

Download Submit
memory/3564-11-0x00007FFB00500000-0x00007FFB00502000-memory.dmp

Filesize
8KB

Download
memory/3564-4-0x00007FFB01844000-0x00007FFB01845000-memory.dmp

Filesize
4KB

Download
memory/3564-33-0x00007FFB017A0000-0x00007FFB019A9000-memory.dmp

Filesize
2.0MB

Download
memory/3564-32-0x00007FFB017A0000-0x00007FFB019A9000-memory.dmp

Filesize
2.0MB

Download
memory/3564-31-0x0000000003530000-0x00000000035CB000-memory.dmp

Filesize
620KB

Download
memory/3564-30-0x0000000003530000-0x00000000035CB000-memory.dmp

Filesize
620KB

Download
memory/3564-29-0x00007FFB017A0000-0x00007FFB019A9000-memory.dmp

Filesize
2.0MB

Download
memory/3564-15-0x0000000003530000-0x00000000035CB000-memory.dmp

Filesize
620KB

Download
memory/3564-38-0x00007FFB017A0000-0x00007FFB019A9000-memory.dmp

Filesize
2.0MB

Download
memory/3564-39-0x00007FFB017A0000-0x00007FFB019A9000-memory.dmp

Filesize
2.0MB

Download
memory/3564-41-0x00007FFB017A0000-0x00007FFB019A9000-memory.dmp

Filesize
2.0MB

Download
memory/3564-40-0x00007FFB017A0000-0x00007FFB019A9000-memory.dmp

Filesize
2.0MB

Download
memory/3564-42-0x00007FFB017A0000-0x00007FFB019A9000-memory.dmp

Filesize
2.0MB

Download
memory/3564-6-0x00007FFB019B0000-0x00007FFB019B2000-memory.dmp

Filesize
8KB

Download
memory/3564-28-0x0000000003530000-0x00000000035CB000-memory.dmp

Filesize
620KB

Download
memory/3564-9-0x00007FFB00500000-0x00007FFB00502000-memory.dmp

Filesize
8KB

Download
memory/3564-648-0x00007FFB017A0000-0x00007FFB019A9000-memory.dmp

Filesize
2.0MB

Download
memory/3564-649-0x0000000000690000-0x0000000001028000-memory.dmp

Filesize
9.6MB

Download
memory/3564-12-0x00007FFB00500000-0x00007FFB00502000-memory.dmp

Filesize
8KB

Download
memory/3564-647-0x0000000004650000-0x00000000046B7000-memory.dmp

Filesize
412KB

Download
memory/3564-646-0x00000000036D0000-0x000000000374F000-memory.dmp

Filesize
508KB

Download
memory/3564-639-0x0000000003530000-0x00000000035CB000-memory.dmp

Filesize
620KB

Download
memory/3564-10-0x00007FFB00500000-0x00007FFB00502000-memory.dmp

Filesize
8KB

Download
memory/3564-638-0x0000000003530000-0x00000000035CB000-memory.dmp

Filesize
620KB

Download
memory/3564-3-0x0000000000690000-0x0000000001028000-memory.dmp

Filesize
9.6MB

Download
memory/3564-7-0x00007FFAFF820000-0x00007FFAFF822000-memory.dmp

Filesize
8KB

Download
memory/3564-5-0x00007FFB019B0000-0x00007FFB019B2000-memory.dmp

Filesize
8KB

Download
memory/3564-8-0x00007FFAFF820000-0x00007FFAFF822000-memory.dmp

Filesize
8KB

Download
memory/3564-22-0x0000000003530000-0x00000000035CB000-memory.dmp

Filesize
620KB

Download
memory/3564-13-0x00007FFB00500000-0x00007FFB00502000-memory.dmp

Filesize
8KB

Download
memory/3564-14-0x00007FFB00500000-0x00007FFB00502000-memory.dmp

Filesize
8KB

Download
memory/5028-564-0x00007FFB00500000-0x00007FFB00502000-memory.dmp

Filesize
8KB

Download
memory/5028-590-0x00000000005B0000-0x00000000005B2000-memory.dmp

Filesize
8KB

Download
memory/5028-600-0x00000000005C0000-0x00000000005C2000-memory.dmp

Filesize
8KB

Download
memory/5028-560-0x00007FFB019B0000-0x00007FFB019B2000-memory.dmp

Filesize
8KB

Download
memory/5028-608-0x0000000001070000-0x0000000001072000-memory.dmp

Filesize
8KB

Download
memory/5028-561-0x00007FFAFF820000-0x00007FFAFF822000-memory.dmp

Filesize
8KB

Download
memory/5028-576-0x0000000003580000-0x000000000361B000-memory.dmp

Filesize
620KB

Download
memory/5028-582-0x0000000003580000-0x000000000361B000-memory.dmp

Filesize
620KB

Download
memory/5028-562-0x00007FFAFF820000-0x00007FFAFF822000-memory.dmp

Filesize
8KB

Download
memory/5028-563-0x00007FFB00500000-0x00007FFB00502000-memory.dmp

Filesize
8KB

Download
memory/5028-565-0x00007FFB00500000-0x00007FFB00502000-memory.dmp

Filesize
8KB

Download
memory/5028-643-0x0000000003720000-0x000000000379F000-memory.dmp

Filesize
508KB

Download
memory/5028-566-0x00007FFB00500000-0x00007FFB00502000-memory.dmp

Filesize
8KB

Download
memory/5028-567-0x00007FFB00500000-0x00007FFB00502000-memory.dmp

Filesize
8KB

Download
memory/5028-568-0x00007FFB00500000-0x00007FFB00502000-memory.dmp

Filesize
8KB

Download
memory/5028-559-0x00007FFB019B0000-0x00007FFB019B2000-memory.dmp

Filesize
8KB

Download