45bd2a14ac56f7a71d9c8b358cc0769972b5477edd1744e1f2085961558040a8

Analysis

max time kernel
70s
max time network
52s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25-08-2022 06:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoClicker (1).exe
Size

854KB
MD5

c500a7318204cc39a9e4b544fbf4f4ff
SHA1

f35013967cb5ff638491edb409eee863c5f8ada0
SHA256

45bd2a14ac56f7a71d9c8b358cc0769972b5477edd1744e1f2085961558040a8
SHA512

f57d2c6ad185bff1824ddfcdd1f8fea9da6a832c6ef421cbd8645b7ac78a9d5b4d0d321ebbf6559729d470c05ef579020bb2411fa361e9b0acf51e640e4e1580
SSDEEP

12288:maWzgMg7v3qnCiWErQohh0F49CJ8lnybQg9BFg9UmTRHlvh:haHMv6CGrjBnybQg+mmhJh

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 47 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\LogicalViewMode = "1"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0c00000050000000a66a63283d95d211b5d600c04fd918d00b0000007800000030f125b7ef471a10a5f102608c9eebac0e00000078000000	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	vlc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_FolderType = "{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}"	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Sort = 000000000000000000000000000000000200000030f125b7ef471a10a5f102608c9eebac0a0000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_Classes\Local Settings	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\IconSize = "16"	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f4225481e03947bc34db131e946b44c8dd50000	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 9e0000001a00eebbfe23000010007db10d7bd29c934a973346cc89022e7c00002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbe7e47b3fbe4c93b4ba2bad3f5d3cd46f98207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_TopViewVersion = "0"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	vlc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Mode = "4"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1092616193"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlot = "2"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	vlc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	vlc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}"	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	vlc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	vlc.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1400	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1400	vlc.exe
1708	AutoClicker (1).exe

Suspicious use of FindShellTrayWindow 24 IoCs

pid	Process
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe

Suspicious use of SendNotifyMessage 23 IoCs

pid	Process
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1400	vlc.exe
1400	vlc.exe
1400	vlc.exe

C:\Users\Admin\AppData\Local\Temp\AutoClicker (1).exe
"C:\Users\Admin\AppData\Local\Temp\AutoClicker (1).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1708

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ReadNew.avi"
1⤵
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1400

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1400-55-0x000007FEFC2B1000-0x000007FEFC2B3000-memory.dmp

Filesize
8KB

Download
memory/1400-56-0x000007FEEFC00000-0x000007FEEFD43000-memory.dmp

Filesize
1.3MB

Download
memory/1400-57-0x000007FF57DD0000-0x000007FF57DDA000-memory.dmp

Filesize
40KB

Download
memory/1708-54-0x00000000768D1000-0x00000000768D3000-memory.dmp

Filesize
8KB

Download