f6e85a09d34fee8569e913af2a11addf2a6a640e22f2a92e691576bbc89de411

Analysis

max time kernel
148s
max time network
35s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
18-03-2023 00:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Undertale/mus_zzz_c.ogg
Size

92KB
MD5

ab4094359d1b7321185f38b0d187df1a
SHA1

837af465f053ae7cfefcb73e8d883fed31a10fbe
SHA256

897804d266b4c70c8e5e20a5b87a25ce76d1457b77c0f3769e188d0b47615c85
SHA512

ac89eca2045bafff6f93239ac0cad686f9e99e75a742f0e7da4bef7d369ccf80ce61d2dc954fb152568cd2301ae4328d47cb2f27a8000d58dd11f60dd48e9d8b
SSDEEP

1536:bZTXfTxroq0VosDcU/3epyOAP4SZQMcx5JKX1jOrXHYAFGuSaZt8ZUKmpCY9TCU5:xPTxZ8HDcU3epyHglxK1jO0SBSkt4VmD

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2024	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2024	vlc.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: 33	1976	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1976	AUDIODG.EXE
Token: 33	1976	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1976	AUDIODG.EXE
Token: 33	2024	vlc.exe
Token: SeIncBasePriorityPrivilege	2024	vlc.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
2024	vlc.exe
2024	vlc.exe
2024	vlc.exe
2024	vlc.exe
2024	vlc.exe
2024	vlc.exe
2024	vlc.exe
2024	vlc.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
2024	vlc.exe
2024	vlc.exe
2024	vlc.exe
2024	vlc.exe
2024	vlc.exe
2024	vlc.exe
2024	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2024	vlc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Undertale\mus_zzz_c.ogg"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2024

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x548
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2024-59-0x000000013FC80000-0x000000013FD78000-memory.dmp

Filesize
992KB

Download
memory/2024-60-0x000007FEF6D60000-0x000007FEF6D94000-memory.dmp

Filesize
208KB

Download
memory/2024-61-0x000007FEF6330000-0x000007FEF65E4000-memory.dmp

Filesize
2.7MB

Download
memory/2024-62-0x000007FEFB2A0000-0x000007FEFB2B8000-memory.dmp

Filesize
96KB

Download
memory/2024-63-0x000007FEF6D40000-0x000007FEF6D57000-memory.dmp

Filesize
92KB

Download
memory/2024-64-0x000007FEF6D20000-0x000007FEF6D31000-memory.dmp

Filesize
68KB

Download
memory/2024-65-0x000007FEF6780000-0x000007FEF6797000-memory.dmp

Filesize
92KB

Download
memory/2024-66-0x000007FEF6760000-0x000007FEF6771000-memory.dmp

Filesize
68KB

Download
memory/2024-67-0x000007FEF6740000-0x000007FEF675D000-memory.dmp

Filesize
116KB

Download
memory/2024-68-0x000007FEF5FA0000-0x000007FEF61A0000-memory.dmp

Filesize
2.0MB

Download
memory/2024-69-0x000007FEF6720000-0x000007FEF6731000-memory.dmp

Filesize
68KB

Download
memory/2024-70-0x000007FEF62F0000-0x000007FEF632F000-memory.dmp

Filesize
252KB

Download
memory/2024-71-0x000007FEF62C0000-0x000007FEF62E1000-memory.dmp

Filesize
132KB

Download
memory/2024-72-0x000007FEF62A0000-0x000007FEF62B8000-memory.dmp

Filesize
96KB

Download
memory/2024-73-0x000007FEF6280000-0x000007FEF6291000-memory.dmp

Filesize
68KB

Download
memory/2024-74-0x000007FEF4EF0000-0x000007FEF5F9B000-memory.dmp

Filesize
16.7MB

Download
memory/2024-75-0x000007FEF6220000-0x000007FEF6231000-memory.dmp

Filesize
68KB

Download
memory/2024-76-0x000007FEF6200000-0x000007FEF6211000-memory.dmp

Filesize
68KB

Download
memory/2024-77-0x000007FEF61E0000-0x000007FEF61FB000-memory.dmp

Filesize
108KB

Download
memory/2024-78-0x000007FEF61C0000-0x000007FEF61D1000-memory.dmp

Filesize
68KB

Download
memory/2024-79-0x000007FEF4ED0000-0x000007FEF4EE8000-memory.dmp

Filesize
96KB

Download
memory/2024-80-0x000007FEF4EA0000-0x000007FEF4ED0000-memory.dmp

Filesize
192KB

Download
memory/2024-81-0x000007FEF4E30000-0x000007FEF4E97000-memory.dmp

Filesize
412KB

Download
memory/2024-82-0x000007FEF4DC0000-0x000007FEF4E2F000-memory.dmp

Filesize
444KB

Download
memory/2024-83-0x000007FEF4DA0000-0x000007FEF4DB1000-memory.dmp

Filesize
68KB

Download
memory/2024-84-0x000007FEF4D40000-0x000007FEF4D9C000-memory.dmp

Filesize
368KB

Download
memory/2024-85-0x000007FEF4BC0000-0x000007FEF4D38000-memory.dmp

Filesize
1.5MB

Download
memory/2024-86-0x000007FEF4BA0000-0x000007FEF4BB7000-memory.dmp

Filesize
92KB

Download
memory/2024-87-0x000007FEF72A0000-0x000007FEF72B0000-memory.dmp

Filesize
64KB

Download
memory/2024-88-0x000007FEF4B70000-0x000007FEF4B9F000-memory.dmp

Filesize
188KB

Download
memory/2024-89-0x000007FEF4B50000-0x000007FEF4B61000-memory.dmp

Filesize
68KB

Download
memory/2024-90-0x000007FEF4B30000-0x000007FEF4B46000-memory.dmp

Filesize
88KB

Download
memory/2024-91-0x000007FEF4A60000-0x000007FEF4B25000-memory.dmp

Filesize
788KB

Download
memory/2024-92-0x000007FEF4A40000-0x000007FEF4A55000-memory.dmp

Filesize
84KB

Download
memory/2024-93-0x000007FEF4700000-0x000007FEF4711000-memory.dmp

Filesize
68KB

Download
memory/2024-94-0x000007FEF46E0000-0x000007FEF46F2000-memory.dmp

Filesize
72KB

Download
memory/2024-95-0x000007FEF4560000-0x000007FEF46DA000-memory.dmp

Filesize
1.5MB

Download