Overview

overview

1

Static

static

1

Exploit.v.1.3.1.exe

windows7-x64

1

Exploit.v.1.3.1.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    210s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    15/03/2023, 17:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Exploit.v.1.3.1.exe

  • Size

    11.3MB

  • MD5

    c2b847517de04602830dfb2efe16410c

  • SHA1

    2b3e151e2a636cf4c390eccd42cddc36fffb737b

  • SHA256

    2a831cb5d80e8ad44291551e52970c8ceec4a9cb1a90c85d5b1938cb51635926

  • SHA512

    c7246d1d43073a238dc50e956b0239159741ac014ee4382512b711aaac40c92873e2532ef96ed8adfb6e6dcb07c09ca5b367af4fa28a6b9ea987239daa3fd9f4

  • SSDEEP

    196608:oJQ57GdhPfko4wvg/Ov6axqWfMqP7JyRVXl2/l7uhCeMjQI4mF8y7Q4IWk9qnxFQ:oJGSLPfko4uHfMqP7JyRVXlbPv74V7KH

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 45 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Exploit.v.1.3.1.exe
    "C:\Users\Admin\AppData\Local\Temp\Exploit.v.1.3.1.exe"
    1⤵
      PID:1236
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SearchApprove.3gpp"
      1⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2044
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Suspicious use of WriteProcessMemory
      PID:940
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6899758,0x7fef6899768,0x7fef6899778
        2⤵
          PID:1932
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1248,i,5373187469546019754,14088745317094546265,131072 /prefetch:2
          2⤵
            PID:620
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1248,i,5373187469546019754,14088745317094546265,131072 /prefetch:8
            2⤵
              PID:1656
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1668 --field-trial-handle=1248,i,5373187469546019754,14088745317094546265,131072 /prefetch:8
              2⤵
                PID:920

            Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Roaming\vlc\vlcrc.2044
              Filesize

              93KB

              MD5

              478a4a09f4f74e97335cd4d5e9da7ab5

              SHA1

              3c4f1dc52a293f079095d0b0370428ec8e8f9315

              SHA256

              884b59950669842f3c45e6da3480cd9a553538b951fb155b435b48ff38683974

              SHA512

              e96719663cd264132a8e1ea8c3f8a148c778a0c68caa2468ba47629393605b197dd9e00efad91f389de9fcc77b04981a0cf87f785f3c645cdc9e4ebd98060ca1

              Download Submit

            • memory/2044-61-0x000000013F0E0000-0x000000013F1D8000-memory.dmp

              Filesize

              992KB

              Download

            • memory/2044-62-0x000007FEFB3D0000-0x000007FEFB404000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2044-63-0x000007FEF67C0000-0x000007FEF6A74000-memory.dmp

              Filesize

              2.7MB

              Download

            • memory/2044-76-0x000000013F0E0000-0x000000013F1D8000-memory.dmp

              Filesize

              992KB

              Download

            • memory/2044-78-0x000007FEFB3D0000-0x000007FEFB404000-memory.dmp

              Filesize

              208KB

              Download

            • memory/2044-82-0x000007FEF5220000-0x000007FEF62CB000-memory.dmp

              Filesize

              16.7MB

              Download

            • memory/2044-86-0x000007FEF4680000-0x000007FEF4792000-memory.dmp

              Filesize

              1.1MB

              Download