f6e85a09d34fee8569e913af2a11addf2a6a640e22f2a92e691576bbc89de411

Analysis

max time kernel
142s
max time network
35s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
18-03-2023 00:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Undertale/mus_xpart_a.ogg
Size

691KB
MD5

41edfcd54486f4873191f24eb3046e78
SHA1

db56c6fd3c5bd054aca9ea1c6a0c57871119a756
SHA256

5322645e70772c950cdb3bd6978640cc116abfda863f8878d2c8b8f48b452431
SHA512

1c12e7d1c470734a29021988e4e23024dd6a2391daf880e7424367ea5987c13f739df97b80ef01dd666c5279e3580a43ffb87f440804858b3182efbb812a3cd4
SSDEEP

12288:ksW4unEss2lhpdmlQDdAjiCczRjLqios6lDmIfM7l4A0E4Gq2IwuoHLX8OhP/JC:EvjXTOlrczlLFospGAIGqQXLdhP/JC

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2016	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2016	vlc.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: 33	1368	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1368	AUDIODG.EXE
Token: 33	1368	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1368	AUDIODG.EXE
Token: 33	2016	vlc.exe
Token: SeIncBasePriorityPrivilege	2016	vlc.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
2016	vlc.exe
2016	vlc.exe
2016	vlc.exe
2016	vlc.exe
2016	vlc.exe
2016	vlc.exe
2016	vlc.exe
2016	vlc.exe
2016	vlc.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
2016	vlc.exe
2016	vlc.exe
2016	vlc.exe
2016	vlc.exe
2016	vlc.exe
2016	vlc.exe
2016	vlc.exe
2016	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2016	vlc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Undertale\mus_xpart_a.ogg"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2016

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xc4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2016-59-0x000000013F7C0000-0x000000013F8B8000-memory.dmp

Filesize
992KB

Download
memory/2016-60-0x000007FEFAD00000-0x000007FEFAD34000-memory.dmp

Filesize
208KB

Download
memory/2016-61-0x000007FEF6140000-0x000007FEF63F4000-memory.dmp

Filesize
2.7MB

Download
memory/2016-63-0x000007FEFACE0000-0x000007FEFACF7000-memory.dmp

Filesize
92KB

Download
memory/2016-62-0x000007FEFB020000-0x000007FEFB038000-memory.dmp

Filesize
96KB

Download
memory/2016-65-0x000007FEFACA0000-0x000007FEFACB7000-memory.dmp

Filesize
92KB

Download
memory/2016-64-0x000007FEFACC0000-0x000007FEFACD1000-memory.dmp

Filesize
68KB

Download
memory/2016-66-0x000007FEFAC80000-0x000007FEFAC91000-memory.dmp

Filesize
68KB

Download
memory/2016-67-0x000007FEFAAA0000-0x000007FEFAABD000-memory.dmp

Filesize
116KB

Download
memory/2016-68-0x000007FEF5EC0000-0x000007FEF60C0000-memory.dmp

Filesize
2.0MB

Download
memory/2016-69-0x000007FEFAA80000-0x000007FEFAA91000-memory.dmp

Filesize
68KB

Download
memory/2016-70-0x000007FEFAA40000-0x000007FEFAA7F000-memory.dmp

Filesize
252KB

Download
memory/2016-71-0x000007FEFAA10000-0x000007FEFAA31000-memory.dmp

Filesize
132KB

Download
memory/2016-72-0x000007FEFA9F0000-0x000007FEFAA08000-memory.dmp

Filesize
96KB

Download
memory/2016-73-0x000007FEF4E10000-0x000007FEF5EBB000-memory.dmp

Filesize
16.7MB

Download
memory/2016-74-0x000007FEF66C0000-0x000007FEF66D1000-memory.dmp

Filesize
68KB

Download
memory/2016-75-0x000007FEF6690000-0x000007FEF66A1000-memory.dmp

Filesize
68KB

Download
memory/2016-76-0x000007FEF6670000-0x000007FEF6681000-memory.dmp

Filesize
68KB

Download
memory/2016-77-0x000007FEF6650000-0x000007FEF666B000-memory.dmp

Filesize
108KB

Download
memory/2016-78-0x000007FEF6630000-0x000007FEF6641000-memory.dmp

Filesize
68KB

Download
memory/2016-79-0x000007FEF6610000-0x000007FEF6628000-memory.dmp

Filesize
96KB

Download
memory/2016-80-0x000007FEF65E0000-0x000007FEF6610000-memory.dmp

Filesize
192KB

Download
memory/2016-81-0x000007FEF6570000-0x000007FEF65D7000-memory.dmp

Filesize
412KB

Download
memory/2016-82-0x000007FEF4DA0000-0x000007FEF4E0F000-memory.dmp

Filesize
444KB

Download
memory/2016-83-0x000007FEF6550000-0x000007FEF6561000-memory.dmp

Filesize
68KB

Download
memory/2016-84-0x000007FEF4D40000-0x000007FEF4D9C000-memory.dmp

Filesize
368KB

Download
memory/2016-85-0x000007FEF4BC0000-0x000007FEF4D38000-memory.dmp

Filesize
1.5MB

Download
memory/2016-86-0x000007FEF6530000-0x000007FEF6547000-memory.dmp

Filesize
92KB

Download
memory/2016-88-0x000007FEF6110000-0x000007FEF613F000-memory.dmp

Filesize
188KB

Download
memory/2016-89-0x000007FEF6510000-0x000007FEF6521000-memory.dmp

Filesize
68KB

Download
memory/2016-90-0x000007FEF4BA0000-0x000007FEF4BB6000-memory.dmp

Filesize
88KB

Download
memory/2016-87-0x000007FEFA9E0000-0x000007FEFA9F0000-memory.dmp

Filesize
64KB

Download
memory/2016-94-0x000007FEF4750000-0x000007FEF4762000-memory.dmp

Filesize
72KB

Download
memory/2016-95-0x000007FEF45D0000-0x000007FEF474A000-memory.dmp

Filesize
1.5MB

Download
memory/2016-93-0x000007FEF4770000-0x000007FEF4781000-memory.dmp

Filesize
68KB

Download
memory/2016-92-0x000007FEF4AB0000-0x000007FEF4AC5000-memory.dmp

Filesize
84KB

Download
memory/2016-91-0x000007FEF4AD0000-0x000007FEF4B95000-memory.dmp

Filesize
788KB

Download