cb9f9ee5546079c0b341871c5e4a6dddfe3a155c0c92f62a9865c9761d32410d

Analysis

max time kernel
504s
max time network
1146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-11-2024 12:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Wondershare_UniConverter_15.0.10.8/Crack/Patch.exe
Size

967KB
MD5

88e327c6334e000c263494ec1ae20e80
SHA1

00026c728c5efe6b4ddf351951438385b770ecc6
SHA256

3d194b6a5cfa5313459457abc0cba035468ba34d9b5edcb80a96921794fa2438
SHA512

2180498224325ef2a1153cc942b44760ef073ef015bd9c6930dc17dcbf6c655c2a0ecdf3ad61ae2dbd24f985f5e4d444791b818239453412a975c4df12a62018
SSDEEP

12288:hm0LCEjeoyvU7s+GZeS1PeG/D4BtxoUvTuNifvHx4gDUa/VBPuS/K9P0icesURZd:kpz1VZeGW64v+BknxHlNBPfURZurGF

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3304	Patch.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Patch.exe

C:\Users\Admin\AppData\Local\Temp\Wondershare_UniConverter_15.0.10.8\Crack\Patch.exe
"C:\Users\Admin\AppData\Local\Temp\Wondershare_UniConverter_15.0.10.8\Crack\Patch.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\dup2patcher.dll

Filesize
879KB

MD5
c030204614acf37528aa716939e3fbd8

SHA1
794a95b3b7c717dcb021df0fe0f1569fd4fb6d48

SHA256
f93a03df515c11aa343f7dc346a5df6a9539f386fd529c40fb7e9147cd2c81ba

SHA512
a42b4d93418e08cc91b77fb9969c45df8611e90eb81b308f6442ace153398f5758ab9441c411ece8eaf63e813fc67da472754bb40735db654c17912267c90aa4

Download Submit
memory/3304-2-0x00000000752F0000-0x00000000753E4000-memory.dmp

Filesize
976KB

Download
memory/3304-5-0x00000000752F0000-0x00000000753E4000-memory.dmp

Filesize
976KB

Download