cb9f9ee5546079c0b341871c5e4a6dddfe3a155c0c92f62a9865c9761d32410d

General

Target

_Getintopc.com_Wondershare_UniConverter_15.0.10.8.rar
Size

252.1MB
Sample

241130-pzrcesylcp
MD5

ca9d14e49e97f1c080fbb1d0ca1ee3aa
SHA1

928a65e6ee4dfab200e103fbb80519bba842ad14
SHA256

cb9f9ee5546079c0b341871c5e4a6dddfe3a155c0c92f62a9865c9761d32410d
SHA512

4c37c871bed7c183c66b752f123c0e598c2c967530496b9a278850f275fc969f202619d9156b0ce546a4292ad22bde53a7eddd9c6b5cd812b0d8e99769d41125
SSDEEP

3145728:v1+p1QYsduSv3NVE1xa6fJThGYm0pAGrFzUZ59CNFDLqUry35HckVEKoCWAcGpOe:v4cvwa6DGYEZofqUrG8kqKoIM/VP4

Score

10^/10

Malware Config

Targets

- Target
  
  _Getintopc.com_Wondershare_UniConverter_15.0.10.8.rar
- Size
  
  252.1MB
- MD5
  
  ca9d14e49e97f1c080fbb1d0ca1ee3aa
- SHA1
  
  928a65e6ee4dfab200e103fbb80519bba842ad14
- SHA256
  
  cb9f9ee5546079c0b341871c5e4a6dddfe3a155c0c92f62a9865c9761d32410d
- SHA512
  
  4c37c871bed7c183c66b752f123c0e598c2c967530496b9a278850f275fc969f202619d9156b0ce546a4292ad22bde53a7eddd9c6b5cd812b0d8e99769d41125
- SSDEEP
  
  3145728:v1+p1QYsduSv3NVE1xa6fJThGYm0pAGrFzUZ59CNFDLqUry35HckVEKoCWAcGpOe:v4cvwa6DGYEZofqUrG8kqKoIM/VP4
Score

10^/10

discovery evasion execution persistence privilege_escalation
- Disables service(s)
  evasion execution
- Modifies Windows Firewall
  evasion
- Stops running service(s)
  evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
behavioral1
- Target
  
  Wondershare_UniConverter_15.0.10.8/Crack/Patch.exe
- Size
  
  967KB
- MD5
  
  88e327c6334e000c263494ec1ae20e80
- SHA1
  
  00026c728c5efe6b4ddf351951438385b770ecc6
- SHA256
  
  3d194b6a5cfa5313459457abc0cba035468ba34d9b5edcb80a96921794fa2438
- SHA512
  
  2180498224325ef2a1153cc942b44760ef073ef015bd9c6930dc17dcbf6c655c2a0ecdf3ad61ae2dbd24f985f5e4d444791b818239453412a975c4df12a62018
- SSDEEP
  
  12288:hm0LCEjeoyvU7s+GZeS1PeG/D4BtxoUvTuNifvHx4gDUa/VBPuS/K9P0icesURZd:kpz1VZeGW64v+BknxHlNBPfURZurGF
Score

7^/10

discovery
- Loads dropped DLL
behavioral2
- Target
  
  Wondershare_UniConverter_15.0.10.8/Crack/Readme.txt
- Size
  
  201B
- MD5
  
  6a0fd87e2e318895760bdcc8f1b2c37c
- SHA1
  
  ffbfb9899d2cdf738e0414a12bd51fdcb3e919bc
- SHA256
  
  34cb28816c3e8c49d8e3614e3b26d699e9ade83b6dbc9e4ae4aed6c1ee738504
- SHA512
  
  33733b86f8430299e2f87b3648425c222fd929d5f9a57f4861f4248f7c5bf26be4872f531e645c419606a3afb790a1414470902d6ebe3a7a8b802bd4de8ce03b
Score

1^/10
behavioral3
- Target
  
  Wondershare_UniConverter_15.0.10.8/Crack/Wondershare hosts blocker.bat
- Size
  
  5KB
- MD5
  
  1badb991805bba70d8cf2961df21a758
- SHA1
  
  ec15fdc9b882ab0c10e6084d41eb33c031479281
- SHA256
  
  e7abe9cba625863dc43d9aa7c12f4a422d59bdb60cee67904d54b122365af89d
- SHA512
  
  6caaca7aa7ef76b6128424fa3a9bda97b57fbcc79d5fcbeba6819e81608a91653b831d12d62fc3492fb8306abcc07fe9f9fc37dd9e92b6187a73f50796a0dc29
- SSDEEP
  
  96:iGXNE4YsQvMyHMIoMrmKYg8Kx84Lm6E47bBZUImpog8iyK03AYt0sOeg0KGa25vJ:ip4YsQv9HvoQmKYg8Kx84Lm6E4frUIsk
Score

8^/10

defense_evasion discovery exploit
- Drops file in Drivers directory
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
- File and Directory Permissions Modification: Windows File and Directory Permissions Modification
  defense_evasion
behavioral4
- Target
  
  Wondershare_UniConverter_15.0.10.8/uniconverter15_64bit_full14204.exe
- Size
  
  251.0MB
- MD5
  
  a82aef6cc605b1854a54d8a5e142957c
- SHA1
  
  f0613a7f3de506d074190a1382e232d414e39ff4
- SHA256
  
  5fdc7fe68965ab56e5be55a5edb718dd93791e75eb6b856274a3e7cf947d9090
- SHA512
  
  fc67641e2216aa5bb05b56a7a8b7703427b8689e633185d4c01a71736e79565aff2e14c5639dac59023fdcbaee5e2a23a10bc46105b2b4534020a7e178b9030d
- SSDEEP
  
  6291456:YEkYRSNlO1EOM1n5jv8OgVef1seM5yKBj:lNSNlOWOM1nNfeefo8KZ
Score

6^/10

discovery evasion persistence privilege_escalation
- Adds Run key to start application
  persistence
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral5