733dab20e36a68550345fa4ad85e8944f519f3de4d150ab3e6b529038e862ecd

Analysis

max time kernel
144s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
25/03/2023, 17:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Deltaruined chapter 2 official release/snd_willyscream.ogg
Size

10KB
MD5

185944fb5f3cc97726d5067d09b02478
SHA1

63d129f5e1bf62b08c68815757c813970d4d9935
SHA256

a0475417fd69dffe75836e5fccdb683206a5684f4297863078ce886b26f24f07
SHA512

ef8ccafe8d857943dc366e782178636f3a03548ad796d0b7bace5478c8bb514f18cf3b0ca6d04d280d9114b8a95094e8e9ad86cac2e0abf43ab7bd20ea1fcdbc
SSDEEP

192:5BzDJo+OFSeaBXoAdMZXiP9M4uZswKE7wv9apXWKBnjMw3D8OtX38cfK:zi+OHaRHd4iP9YDh3D8Otn8IK

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
280	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
280	vlc.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: 33	268	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	268	AUDIODG.EXE
Token: 33	268	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	268	AUDIODG.EXE
Token: 33	280	vlc.exe
Token: SeIncBasePriorityPrivilege	280	vlc.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
280	vlc.exe
280	vlc.exe
280	vlc.exe
280	vlc.exe
280	vlc.exe
280	vlc.exe
280	vlc.exe
280	vlc.exe
280	vlc.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
280	vlc.exe
280	vlc.exe
280	vlc.exe
280	vlc.exe
280	vlc.exe
280	vlc.exe
280	vlc.exe
280	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
280	vlc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Deltaruined chapter 2 official release\snd_willyscream.ogg"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:280

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x584
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/280-59-0x000000013F830000-0x000000013F928000-memory.dmp

Filesize
992KB

Download
memory/280-60-0x000007FEFB7D0000-0x000007FEFB804000-memory.dmp

Filesize
208KB

Download
memory/280-61-0x000007FEF6E00000-0x000007FEF70B4000-memory.dmp

Filesize
2.7MB

Download
memory/280-62-0x000007FEFBDC0000-0x000007FEFBDD8000-memory.dmp

Filesize
96KB

Download
memory/280-63-0x000007FEFB780000-0x000007FEFB797000-memory.dmp

Filesize
92KB

Download
memory/280-64-0x000007FEFB760000-0x000007FEFB771000-memory.dmp

Filesize
68KB

Download
memory/280-65-0x000007FEFB550000-0x000007FEFB567000-memory.dmp

Filesize
92KB

Download
memory/280-66-0x000007FEFB530000-0x000007FEFB541000-memory.dmp

Filesize
68KB

Download
memory/280-67-0x000007FEFB510000-0x000007FEFB52D000-memory.dmp

Filesize
116KB

Download
memory/280-68-0x000007FEFB4F0000-0x000007FEFB501000-memory.dmp

Filesize
68KB

Download
memory/280-69-0x000007FEF52B0000-0x000007FEF635B000-memory.dmp

Filesize
16.7MB

Download
memory/280-70-0x000007FEF6AF0000-0x000007FEF6CF0000-memory.dmp

Filesize
2.0MB

Download
memory/280-71-0x000007FEFB4B0000-0x000007FEFB4EF000-memory.dmp

Filesize
252KB

Download
memory/280-72-0x000007FEFB480000-0x000007FEFB4A1000-memory.dmp

Filesize
132KB

Download
memory/280-73-0x000007FEFB460000-0x000007FEFB478000-memory.dmp

Filesize
96KB

Download
memory/280-74-0x000007FEFB160000-0x000007FEFB171000-memory.dmp

Filesize
68KB

Download
memory/280-75-0x000007FEFB140000-0x000007FEFB151000-memory.dmp

Filesize
68KB

Download
memory/280-76-0x000007FEFB120000-0x000007FEFB131000-memory.dmp

Filesize
68KB

Download
memory/280-77-0x000007FEFB100000-0x000007FEFB11B000-memory.dmp

Filesize
108KB

Download
memory/280-78-0x000007FEF76B0000-0x000007FEF76C1000-memory.dmp

Filesize
68KB

Download
memory/280-79-0x000007FEF71C0000-0x000007FEF71D8000-memory.dmp

Filesize
96KB

Download
memory/280-80-0x000007FEF7190000-0x000007FEF71C0000-memory.dmp

Filesize
192KB

Download
memory/280-81-0x000007FEF6A80000-0x000007FEF6AE7000-memory.dmp

Filesize
412KB

Download
memory/280-82-0x000007FEF6A10000-0x000007FEF6A7F000-memory.dmp

Filesize
444KB

Download
memory/280-83-0x000007FEF7170000-0x000007FEF7181000-memory.dmp

Filesize
68KB

Download
memory/280-84-0x000007FEF69B0000-0x000007FEF6A0C000-memory.dmp

Filesize
368KB

Download
memory/280-85-0x000007FEF6830000-0x000007FEF69A8000-memory.dmp

Filesize
1.5MB

Download
memory/280-86-0x000007FEF6DE0000-0x000007FEF6DF7000-memory.dmp

Filesize
92KB

Download
memory/280-87-0x000007FEF7D70000-0x000007FEF7D80000-memory.dmp

Filesize
64KB

Download
memory/280-88-0x000007FEF6800000-0x000007FEF682F000-memory.dmp

Filesize
188KB

Download
memory/280-89-0x000007FEF6DC0000-0x000007FEF6DD1000-memory.dmp

Filesize
68KB

Download
memory/280-90-0x000007FEF67E0000-0x000007FEF67F6000-memory.dmp

Filesize
88KB

Download
memory/280-91-0x000007FEF6710000-0x000007FEF67D5000-memory.dmp

Filesize
788KB

Download
memory/280-92-0x000007FEF66F0000-0x000007FEF6705000-memory.dmp

Filesize
84KB

Download
memory/280-93-0x000007FEF6450000-0x000007FEF6461000-memory.dmp

Filesize
68KB

Download
memory/280-94-0x000007FEF5210000-0x000007FEF5222000-memory.dmp

Filesize
72KB

Download
memory/280-95-0x000007FEF5090000-0x000007FEF520A000-memory.dmp

Filesize
1.5MB

Download