2bf52438a3b3396edfdacd3406b0be45d8fd22a6ddf7ab28546125c7ab7f27f8

Analysis

max time kernel
39s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
22/03/2023, 14:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42881_61127970_1679482048.wav
Size

235KB
MD5

0755eedf2479b0cc7875abd7203596a6
SHA1

54eeeb3e60ea1d434c024850b398bb2dc57883f0
SHA256

2bf52438a3b3396edfdacd3406b0be45d8fd22a6ddf7ab28546125c7ab7f27f8
SHA512

6918e235d43f3c26627c9e789e78ac60ff7111c2db2546656ac1a3a4cfaeb8efe0d7cf5b8010bae72117e168611279479dd19852b3ce5c638714d5655e9c8cc7
SSDEEP

6144:Hjyyl47RkAhkHFqxewQjd6nAojufTZusSVfv9Gfw:HjyylSNewQjIAojufN6PGfw

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2008	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2008	vlc.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: 33	672	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	672	AUDIODG.EXE
Token: 33	672	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	672	AUDIODG.EXE
Token: 33	2008	vlc.exe
Token: SeIncBasePriorityPrivilege	2008	vlc.exe

Suspicious use of FindShellTrayWindow 10 IoCs

pid	Process
2008	vlc.exe
2008	vlc.exe
2008	vlc.exe
2008	vlc.exe
2008	vlc.exe
2008	vlc.exe
2008	vlc.exe
2008	vlc.exe
2008	vlc.exe
2008	vlc.exe

Suspicious use of SendNotifyMessage 9 IoCs

pid	Process
2008	vlc.exe
2008	vlc.exe
2008	vlc.exe
2008	vlc.exe
2008	vlc.exe
2008	vlc.exe
2008	vlc.exe
2008	vlc.exe
2008	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2008	vlc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\42881_61127970_1679482048.wav"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x188
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\vlc\vlcrc.2008

Filesize
93KB

MD5
478a4a09f4f74e97335cd4d5e9da7ab5

SHA1
3c4f1dc52a293f079095d0b0370428ec8e8f9315

SHA256
884b59950669842f3c45e6da3480cd9a553538b951fb155b435b48ff38683974

SHA512
e96719663cd264132a8e1ea8c3f8a148c778a0c68caa2468ba47629393605b197dd9e00efad91f389de9fcc77b04981a0cf87f785f3c645cdc9e4ebd98060ca1

Download Submit
memory/2008-60-0x000007FEFA180000-0x000007FEFA1B4000-memory.dmp

Filesize
208KB

Download
memory/2008-62-0x000007FEFAE70000-0x000007FEFAE88000-memory.dmp

Filesize
96KB

Download
memory/2008-63-0x000007FEFA160000-0x000007FEFA177000-memory.dmp

Filesize
92KB

Download
memory/2008-64-0x000007FEFA140000-0x000007FEFA151000-memory.dmp

Filesize
68KB

Download
memory/2008-65-0x000007FEF65A0000-0x000007FEF65B7000-memory.dmp

Filesize
92KB

Download
memory/2008-66-0x000007FEF63C0000-0x000007FEF63D1000-memory.dmp

Filesize
68KB

Download
memory/2008-67-0x000007FEF63A0000-0x000007FEF63BD000-memory.dmp

Filesize
116KB

Download
memory/2008-61-0x000007FEF6020000-0x000007FEF62D4000-memory.dmp

Filesize
2.7MB

Download
memory/2008-59-0x000000013F7F0000-0x000000013F8E8000-memory.dmp

Filesize
992KB

Download
memory/2008-68-0x000007FEF5DA0000-0x000007FEF5FA0000-memory.dmp

Filesize
2.0MB

Download
memory/2008-74-0x000007FEF5D10000-0x000007FEF5D21000-memory.dmp

Filesize
68KB

Download
memory/2008-73-0x000007FEF5D30000-0x000007FEF5D41000-memory.dmp

Filesize
68KB

Download
memory/2008-72-0x000007FEF5D50000-0x000007FEF5D68000-memory.dmp

Filesize
96KB

Download
memory/2008-71-0x000007FEF5D70000-0x000007FEF5D91000-memory.dmp

Filesize
132KB

Download
memory/2008-70-0x000007FEF5FE0000-0x000007FEF601F000-memory.dmp

Filesize
252KB

Download
memory/2008-69-0x000007FEF6380000-0x000007FEF6391000-memory.dmp

Filesize
68KB

Download
memory/2008-77-0x000007FEF5CD0000-0x000007FEF5CEB000-memory.dmp

Filesize
108KB

Download
memory/2008-81-0x000007FEF5BF0000-0x000007FEF5C57000-memory.dmp

Filesize
412KB

Download
memory/2008-82-0x000007FEF5B80000-0x000007FEF5BEF000-memory.dmp

Filesize
444KB

Download
memory/2008-83-0x000007FEF5B60000-0x000007FEF5B71000-memory.dmp

Filesize
68KB

Download
memory/2008-80-0x000007FEF5C60000-0x000007FEF5C90000-memory.dmp

Filesize
192KB

Download
memory/2008-85-0x000007FEF5AD0000-0x000007FEF5AF8000-memory.dmp

Filesize
160KB

Download
memory/2008-87-0x000007FEF5A80000-0x000007FEF5A97000-memory.dmp

Filesize
92KB

Download
memory/2008-88-0x000007FEF5A50000-0x000007FEF5A73000-memory.dmp

Filesize
140KB

Download
memory/2008-89-0x000007FEF5A30000-0x000007FEF5A41000-memory.dmp

Filesize
68KB

Download
memory/2008-90-0x000007FEF5A10000-0x000007FEF5A22000-memory.dmp

Filesize
72KB

Download
memory/2008-92-0x000007FEF59C0000-0x000007FEF59D3000-memory.dmp

Filesize
76KB

Download
memory/2008-95-0x000007FEF6F90000-0x000007FEF6FA0000-memory.dmp

Filesize
64KB

Download
memory/2008-96-0x000007FEF57F0000-0x000007FEF581F000-memory.dmp

Filesize
188KB

Download
memory/2008-97-0x000007FEF57D0000-0x000007FEF57E1000-memory.dmp

Filesize
68KB

Download
memory/2008-98-0x000007FEF57B0000-0x000007FEF57C6000-memory.dmp

Filesize
88KB

Download
memory/2008-94-0x000007FEF5820000-0x000007FEF5837000-memory.dmp

Filesize
92KB

Download
memory/2008-93-0x000007FEF5840000-0x000007FEF59B8000-memory.dmp

Filesize
1.5MB

Download
memory/2008-99-0x000007FEF56E0000-0x000007FEF57A5000-memory.dmp

Filesize
788KB

Download
memory/2008-100-0x000007FEF5660000-0x000007FEF56D5000-memory.dmp

Filesize
468KB

Download
memory/2008-91-0x000007FEF59E0000-0x000007FEF5A01000-memory.dmp

Filesize
132KB

Download
memory/2008-101-0x000007FEF55F0000-0x000007FEF5652000-memory.dmp

Filesize
392KB

Download
memory/2008-102-0x000007FEF5580000-0x000007FEF55ED000-memory.dmp

Filesize
436KB

Download
memory/2008-103-0x000007FEF5560000-0x000007FEF5573000-memory.dmp

Filesize
76KB

Download
memory/2008-104-0x000007FEF5540000-0x000007FEF5554000-memory.dmp

Filesize
80KB

Download
memory/2008-105-0x000007FEF5520000-0x000007FEF5535000-memory.dmp

Filesize
84KB

Download
memory/2008-106-0x000007FEF51B0000-0x000007FEF51C1000-memory.dmp

Filesize
68KB

Download
memory/2008-107-0x000007FEF5190000-0x000007FEF51A2000-memory.dmp

Filesize
72KB

Download
memory/2008-86-0x000007FEF5AA0000-0x000007FEF5AC4000-memory.dmp

Filesize
144KB

Download
memory/2008-84-0x000007FEF5B00000-0x000007FEF5B56000-memory.dmp

Filesize
344KB

Download
memory/2008-114-0x000007FEF4F50000-0x000007FEF4F66000-memory.dmp

Filesize
88KB

Download
memory/2008-113-0x000007FEF4F70000-0x000007FEF4F81000-memory.dmp

Filesize
68KB

Download
memory/2008-112-0x000007FEF4F90000-0x000007FEF4FA1000-memory.dmp

Filesize
68KB

Download
memory/2008-111-0x000007FEF4FB0000-0x000007FEF4FC1000-memory.dmp

Filesize
68KB

Download
memory/2008-110-0x000007FEF4FD0000-0x000007FEF4FE4000-memory.dmp

Filesize
80KB

Download
memory/2008-109-0x000007FEF4FF0000-0x000007FEF5003000-memory.dmp

Filesize
76KB

Download
memory/2008-108-0x000007FEF5010000-0x000007FEF518A000-memory.dmp

Filesize
1.5MB

Download
memory/2008-79-0x000007FEF5C90000-0x000007FEF5CA8000-memory.dmp

Filesize
96KB

Download
memory/2008-78-0x000007FEF5CB0000-0x000007FEF5CC1000-memory.dmp

Filesize
68KB

Download
memory/2008-75-0x000007FEF3540000-0x000007FEF45EB000-memory.dmp

Filesize
16.7MB

Download
memory/2008-76-0x000007FEF5CF0000-0x000007FEF5D01000-memory.dmp

Filesize
68KB

Download
memory/2008-119-0x000007FEF6020000-0x000007FEF62D4000-memory.dmp

Filesize
2.7MB

Download