e6e0b0f8e5e10da103f9e7403e61226c646bc33d6099e34c1a9358716a6b24a0

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-12-2024 12:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MovaviVideoEditorPlusSetupF_Wsk684a_(1).exe
Size

5.2MB
MD5

88065d90d2e4922ed918462de8e7a6f5
SHA1

e214b15adc2ec75806117bd227fc06233230941b
SHA256

e6e0b0f8e5e10da103f9e7403e61226c646bc33d6099e34c1a9358716a6b24a0
SHA512

e9523faa7c39d769ed3523208374c9d8cf77d7a3e69288b2752e27db95851d51fdb24722947756fd1cb1f84e90d162cabf5053c6ce066a168049ad0e14e13e7d
SSDEEP

98304:BqsDtGsL+3HXYLr9FqjrhC5o7OjNks3+XUAGT7WD/Jh/xmid/lYtbFa3pd:BqTsq3Eqjl3K+q+kf7kBJsiqbFYpd

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2684	installer.exe

Loads dropped DLL 21 IoCs

pid	Process
2684	installer.exe
2684	installer.exe
2684	installer.exe
2684	installer.exe
2684	installer.exe
2684	installer.exe
2684	installer.exe
2684	installer.exe
2684	installer.exe
2684	installer.exe
2684	installer.exe
2684	installer.exe
2684	installer.exe
2684	installer.exe
2684	installer.exe
2684	installer.exe
2684	installer.exe
2684	installer.exe
2684	installer.exe
2684	installer.exe
2684	installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2684	2672	MovaviVideoEditorPlusSetupF_Wsk684a_(1).exe	82
PID 2672 wrote to memory of 2684	2672	MovaviVideoEditorPlusSetupF_Wsk684a_(1).exe	82

C:\Users\Admin\AppData\Local\Temp\MovaviVideoEditorPlusSetupF_Wsk684a_(1).exe
"C:\Users\Admin\AppData\Local\Temp\MovaviVideoEditorPlusSetupF_Wsk684a_(1).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Users\Admin\AppData\Local\Temp\Movavi-installer-de9c9d52-65cc-4524-8297-68fda80b0379\installer.exe
  C:\Users\Admin\AppData\Local\Temp\Movavi-installer-de9c9d52-65cc-4524-8297-68fda80b0379\installer.exe "--distrib-name=C:\Users\Admin\AppData\Local\Temp\MovaviVideoEditorPlusSetupF_Wsk684a_(1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-de9c9d52-65cc-4524-8297-68fda80b0379\FndAppLocations.dll

Filesize
45KB

MD5
796399bd60ac6321d4745abf7a0802c6

SHA1
1fa7b82ef5c30e206e66db17c8a8303fa8ea500e

SHA256
971504f367f5a445c7be52a4f2bf7754b01afcdb7cfe89c50557d59f90fa7e13

SHA512
f54469e7b35b0f828295fb3bace7d45d3e73a7cb5c2dd7e4201b970a9f64e7734b64d24ecec2ca9699b899bc42f91ddaa2bb211d2d9e74eae0d9c545e9c60642

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-de9c9d52-65cc-4524-8297-68fda80b0379\FndCrashHandler.dll

Filesize
679KB

MD5
d8f8136c700177739251d9e6ae63fe7e

SHA1
3c58b0f568cd8f087ff98e3fb22b775122cebf56

SHA256
fb96d40b97e03213b7055b89250262e69bef594330185b2e80b7871c6986ed5a

SHA512
e4bc9778d41e2f1e5743733d169fb3530e35755575b0190431ee8b842e85cff9f79a019e6f4441e94794d680d11be63c77bc9f291e8695419b8a771f9f4faa89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-de9c9d52-65cc-4524-8297-68fda80b0379\FndException.dll

Filesize
107KB

MD5
57048dc823ab4870ed7e5dff1dce5efa

SHA1
bacb0352381ccef9d7fbe9dbad245000bf50de3e

SHA256
b74adb14fae5ef3b2ba4412d3466dc861023a8d78e6243230184f4ed82e46554

SHA512
f6d7dd06366eba5fe93053b69b419dcda2713f2b93ba36c07f2958a26bdb0ee9784803f6f0b74f9c423bd9db1381b55a7f42b76f4795b24effa4bfe96b9fd41e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-de9c9d52-65cc-4524-8297-68fda80b0379\FndFilesystem.dll

Filesize
291KB

MD5
f692a8ea00203828b1f5e7062206a24f

SHA1
9212982ce8d70765b304fbcbba2d020eeae8e148

SHA256
9c14af3a8d05bb9e14615ef187a6d7bcd57c7cb38beb19fb7e2358d71d82d55c

SHA512
6b7b6b1952c60bbec5038266020eaff3f6d5389301d0acbb20b76ef8dc8b456d4db93c2cba7b2db61f2c25d7d0bba08660c020139e1f20a0e9027f95d539cf91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-de9c9d52-65cc-4524-8297-68fda80b0379\FndHash.dll

Filesize
90KB

MD5
c239ccdc54913a907d2f8878bde3ec7a

SHA1
b451de652485202732763789d1f401d255b3b977

SHA256
aa20a44dd95ec030ac0db499f2d269121b56de40baea12a2859d46c8626fbf82

SHA512
cce34fc6883c0156ae7371bf4e252d386bb70f61eb8e197d17ea835e4d5140383bab7a6210c6f16412818a7390ce135dea4ff591107e6f3a17c1c019b42a0392

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-de9c9d52-65cc-4524-8297-68fda80b0379\FndNetworking.dll

Filesize
4.0MB

MD5
59f25867dabb6b288ea18c5c82398655

SHA1
c537ef25d177220550fd008ddd27285d277a6292

SHA256
b0ab50b56136e881a86a05d4da872352cb6d97d473bbc3205df08c1e0e7f8284

SHA512
9594e020e8c639dcfa5448ac46ccf8486c88523412c8a4397e768330aef9e16b5d26a61bb6b2b4caa66df981fd032c772bae477fd1731b0a1992f5297f1c62da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-de9c9d52-65cc-4524-8297-68fda80b0379\FndOS.dll

Filesize
179KB

MD5
a660f30191c525019c152f910dbc5e08

SHA1
a933163422c4e00b4633c152ae97e854263a4b1e

SHA256
e1a6194068c4a52b2c25b306bfbe15737ba257591e57b6326a1d253dee8e1d7f

SHA512
9fd810765109a31b3c9b713c7196e5ae1828b35f6ca9c19efd18defa8f21db79bbcb452c5e71eb18ab10c62b269b0087c5d37918b56dd1379ad0744760970c4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-de9c9d52-65cc-4524-8297-68fda80b0379\FndPointer.dll

Filesize
24KB

MD5
4696e3256a966d1ef481ca21bf7de26d

SHA1
4c186bc4e3f980bca0b4eaef1e25ab6fd6d8ae4d

SHA256
4890ca47ee41118310293866287779c2df06b5c204519acbd6342728ecf1cf36

SHA512
dfcd56f93392943964c14a113043b237926fd13647509d2f9746d1c09ca1a39533449b87ea8a23446ac7f4a8af3bfc8476081d2007ba2b297bb0da050a3157f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-de9c9d52-65cc-4524-8297-68fda80b0379\FndString.dll

Filesize
43KB

MD5
aad9516dc5fffbd75c04487e941235e1

SHA1
f1f9998b15f953b44a98edb3bb3865bb07503779

SHA256
362276915d9927b71c6dd4910108e6a2f1d5d82e74c2d855e2c7429dc4473165

SHA512
80d0d7ea91195109bb180a01545e38a93c44a64dee797b284538da207f7b458ff8fb29b03696c2adc2feb4c15803d7fd6bf2bb427c0575966d11abf03e95cd97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-de9c9d52-65cc-4524-8297-68fda80b0379\FndTime.dll

Filesize
63KB

MD5
c645edaf7f1f1e57dd4290a8e2b1bd8c

SHA1
bf64811dbad57c045d83a0e66d8a99a4782f1839

SHA256
12d2a4de91523f54ba6cc9cd16e2edbf25b9b30b4a9e62daaa5c682e6008dd73

SHA512
5226fa2fb6dc5bef5cc377a1aac7c7a2c3d5ded1a04fec81de22ae704075ebc4136d9a4ac694a2c934bb455836bccb1da93030134d23b5d8dc88f615c144c03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-de9c9d52-65cc-4524-8297-68fda80b0379\FndVersion.dll

Filesize
66KB

MD5
f016c83edead4e7c7f5a47adec8a9596

SHA1
991565e3e1fb4a4d8a582f291a44805adf701b82

SHA256
bb7d9e719269ab70215da5f28e1360b7c6b02defd83b03a8a7178ef0969b467c

SHA512
053a39ff93e7d267e200a83fabc8e0b8efe2fac652a32c0c46f24264a04ce6db24430c94dc6e549cd76f5ed43885b74a7190f88fa1e905e9cbdf14367d0d38fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-de9c9d52-65cc-4524-8297-68fda80b0379\WebUid.dll

Filesize
3.5MB

MD5
fa0618b0f7e5d86e10296174d7d479e1

SHA1
b5c2b2233f1d216182c3494ef3445b8b7b20e675

SHA256
abeb43db61694d701ce7c3929216ef6d9d68063ace79d62b1e62b4d9aa28e84b

SHA512
638e1f8f3dc3046922be2ba046eead82f5d217170f878126383569ce196681ff4463e61635b64c69ce030f9b864bc162586b4e13b6aa62d883768b0274cbd226

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-de9c9d52-65cc-4524-8297-68fda80b0379\boost_filesystem-mt-x64.dll

Filesize
149KB

MD5
2f2e0dddd859a3181210b8cf4af1cfd1

SHA1
dbc6ad5d58440ca49f2ba4f76eb2a6c68d0e1914

SHA256
bca94e8d7c999225df115e89f9c92bb9950b1d58039c1844fd5a55c2cf86f72c

SHA512
f276b3d7384bdbfa68204bc45e46ba8b41bbc107c2386bacc7f8d345445797a77b0f835a4c2d36b4c5ddafbc92c381302da7566530d6e08b841751f374841277

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-de9c9d52-65cc-4524-8297-68fda80b0379\cpr.dll

Filesize
3.0MB

MD5
f2515527d013393aba3cbd86cb30ac6c

SHA1
26128c6482d5fffd09bfbc7aa1e1182d1f5b4c64

SHA256
83ccb57868e5780108834c529b98f952121cd09caf410f1f6494cc348f79e76a

SHA512
0b6322f6a03cf25a67d76b8d7130af610e59e86841b2c81293cb543239b01ec4d09b1e745603c3e49bf343c8cdee846530e1b30474da6c614f2eba8e12051a58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-de9c9d52-65cc-4524-8297-68fda80b0379\glog.dll

Filesize
135KB

MD5
57b8afbec7618ebd7d53756f96654b76

SHA1
144ecb9eefab77e985e9e8f30dda24597443b40f

SHA256
da02659d29e815726bf02d01890671c46465650e778cb4cd0605a6676f61f783

SHA512
741ddc187083645977e4c35c22fc39c28ae73fc9589b7506808026405fedcdc0c9e0ef1d8e1138391535f677006334a31082570997892e231a95c66bbde8b3b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-de9c9d52-65cc-4524-8297-68fda80b0379\installer.exe

Filesize
5.1MB

MD5
b020a1fef0573f7434782d58680ab088

SHA1
07b7eb35845ceaae6af1739389dd5d44e2932c8e

SHA256
e715ed9878c89fb7673e6ca905633ada19f7de7969958ede88ef38c723f00b13

SHA512
b79fcbb0ff1bb152976f5e4be56721c2e61feffe91b1f850e583c1b64c90d4997fe9b00e42242dd9b9654768aaaca12a5d758d0c02bbee9491871a24d1efb8ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-de9c9d52-65cc-4524-8297-68fda80b0379\msvcp140.dll

Filesize
552KB

MD5
29c6c243cfb1cec96b4a1008274f9600

SHA1
c54b10ef6305cc3814c68e6c8fd6daecbb27622a

SHA256
44a5af24f8d5f9c50a9e5a200a0486100afb6a0e86377e2e3e622a7bbb57cb04

SHA512
39c34554ea7b6d433c2aecfdeff87959e625e943bf7a446ebca8e5878eaf24198c1b188359a0343fb78478f2bc8b986ca4d0e69d39bac6ff80cb901fe4f113ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-de9c9d52-65cc-4524-8297-68fda80b0379\vcruntime140.dll

Filesize
94KB

MD5
02794a29811ba0a78e9687a0010c37ce

SHA1
97b5701d18bd5e25537851614099e2ffce25d6d8

SHA256
1729421a22585823493d5a125cd43a470889b952a2422f48a7bc8193f5c23b0f

SHA512
caf2a478e9c78c8e93dd2288ed98a9261fcf2b7e807df84f2e4d76f8130c2e503eb2470c947a678ac63e59d7d54f74e80e743d635428aa874ec2d06df68d0272

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-de9c9d52-65cc-4524-8297-68fda80b0379\vcruntime140_1.dll

Filesize
36KB

MD5
d8d1a08176ba2542c58669c1c04da1b7

SHA1
e0d0059baf23fb5e1d2dadedc12e2f53c930256d

SHA256
26c29d01df73a8e35d32e430c892d925abb6e4ad62d3630ae42b69daacba1a0d

SHA512
5308790fbcf6348e87e7d5b9235ed66942527326f7ba556c910d68d94617bdd247a4ed540b4b9f8d4e73d15cf4a7204c0a57d4fd348ec26e53f39b91be8617fb

Download Submit