Overview

overview

7

Static

static

3

Inviska_MK...p2.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    49s
  • max time network
    24s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12/10/2024, 19:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Inviska_MKV_Extract_11.0_x86-64_Setup2.exe

  • Size

    7.0MB

  • MD5

    23e27a207f0ea6522a4d69cd71894003

  • SHA1

    dab506d4c3f89c97fa17472ae8189a278ba165db

  • SHA256

    30a65194beb3c3c7d60b3eeec2cde4cb5e7d4d4d9d2b397fb62dee1bccdd4de7

  • SHA512

    e1e8a7d9397e11a7b71f2d8696d4fa6ebbaba01c6406cb163088bf77bcbf96b0940f2e644f21908ee873c4a87588624866b6c6a6fe7ff2b0525cac4a2ba37bfa

  • SSDEEP

    196608:yQEWH+De6OiFyejkqyXIYromkDLlYgRJBlG9Hb8XKgBTLe/Qs0HcGR:yXhWi8eYPro31lRJBlGFMxsccGR

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Inviska_MKV_Extract_11.0_x86-64_Setup2.exe
    "C:\Users\Admin\AppData\Local\Temp\Inviska_MKV_Extract_11.0_x86-64_Setup2.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4652
    • C:\Users\Admin\AppData\Local\Temp\is-3BDN0.tmp\Inviska_MKV_Extract_11.0_x86-64_Setup2.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-3BDN0.tmp\Inviska_MKV_Extract_11.0_x86-64_Setup2.tmp" /SL5="$50264,6841586,133632,C:\Users\Admin\AppData\Local\Temp\Inviska_MKV_Extract_11.0_x86-64_Setup2.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:848
      • C:\Program Files\Inviska MKV Extract\InviskaMKVExtract.exe
        "C:\Program Files\Inviska MKV Extract\InviskaMKVExtract.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:4316

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Inviska MKV Extract\InviskaMKVExtract.exe
    Filesize

    19.1MB

    MD5

    e3e80e7190f56958553e623549e1a403

    SHA1

    839aa388e000d7ded38a6300e0869572834f88e1

    SHA256

    f68dd538ea29744378c9c4d7d654cf0893de049723e8f0d807e7f1cd9d6c9791

    SHA512

    fc3ef3b5ab1d248015f380ffcc1f5ec33c2719e5b9398b1464ab3405efe8097cf9d2b1975a2aebf61fe6e7502d3a699c6def37357e8a957f335e5263d83e420d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-3BDN0.tmp\Inviska_MKV_Extract_11.0_x86-64_Setup2.tmp
    Filesize

    1.1MB

    MD5

    311f922f51862f6eff8bb70696c69428

    SHA1

    d80eb414ff9d9f00db66ebec1686c6e25f277f23

    SHA256

    003e4ae7eb30ed5e4b195f3ea24c57978a5a608ae7c0421bb8041bd2ef4182cd

    SHA512

    a44c1f0a199ae737d9ff8038f4e76a71dbdb67496c2d52ffc14e485127df56b12e9ff31d7efca8657414a3e2879b9aa08ffc79535ce66059c9fbf8d9a7f3c5ed

    Download Submit

  • memory/848-6-0x0000000000400000-0x0000000000531000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/848-10-0x0000000000400000-0x0000000000531000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/848-31-0x0000000000400000-0x0000000000531000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4316-43-0x0000000000400000-0x0000000001718000-memory.dmp

    Filesize

    19.1MB

    Download

  • memory/4316-44-0x0000000000400000-0x0000000001718000-memory.dmp

    Filesize

    19.1MB

    Download

  • memory/4316-45-0x0000000000400000-0x0000000001718000-memory.dmp

    Filesize

    19.1MB

    Download

  • memory/4652-0-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4652-2-0x0000000000401000-0x0000000000412000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4652-8-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/4652-32-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download