37b533a715bd962424dd394cd17b2ecdb74bb08d5c2a629b27ecfd25b586cffa

Analysis

max time kernel
143s
max time network
35s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
31-03-2023 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hra/LLL_Mantis_Data/StreamingAssets/ARK.wav
Size

504KB
MD5

3dbaacfc8689d4f7f1c4c44e121f006b
SHA1

727faf72f36f25190af7a88b5777b71c9caa99c5
SHA256

39a12909e489068c4d0e508e527b270f467ef56fc340f5b933a376b2f25b1a9b
SHA512

6424304f91891e81bc11955a3970bf916ca91ed2c58eac7229dde6f032eeb474cced1080e04505df1476c87f0e017f4d7c6d843d3e95e95f3eeb0a6f7f32dd03
SSDEEP

12288:1rGs/6FSOVay92m2dpPZfT7TtimicobOh:1rNOayb2ens

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1300	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1300	vlc.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: 33	564	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	564	AUDIODG.EXE
Token: 33	564	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	564	AUDIODG.EXE
Token: 33	1300	vlc.exe
Token: SeIncBasePriorityPrivilege	1300	vlc.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
1300	vlc.exe
1300	vlc.exe
1300	vlc.exe
1300	vlc.exe
1300	vlc.exe
1300	vlc.exe
1300	vlc.exe
1300	vlc.exe
1300	vlc.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
1300	vlc.exe
1300	vlc.exe
1300	vlc.exe
1300	vlc.exe
1300	vlc.exe
1300	vlc.exe
1300	vlc.exe
1300	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1300	vlc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\hra\LLL_Mantis_Data\StreamingAssets\ARK.wav"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1300

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x564
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1300-54-0x000000013F0D0000-0x000000013F1C8000-memory.dmp

Filesize
992KB

Download
memory/1300-55-0x000007FEFAA20000-0x000007FEFAA54000-memory.dmp

Filesize
208KB

Download
memory/1300-56-0x000007FEF68C0000-0x000007FEF6B74000-memory.dmp

Filesize
2.7MB

Download
memory/1300-58-0x000007FEFAA00000-0x000007FEFAA17000-memory.dmp

Filesize
92KB

Download
memory/1300-57-0x000007FEFBA30000-0x000007FEFBA48000-memory.dmp

Filesize
96KB

Download
memory/1300-59-0x000007FEFA9E0000-0x000007FEFA9F1000-memory.dmp

Filesize
68KB

Download
memory/1300-61-0x000007FEF6CF0000-0x000007FEF6D01000-memory.dmp

Filesize
68KB

Download
memory/1300-60-0x000007FEF6D10000-0x000007FEF6D27000-memory.dmp

Filesize
92KB

Download
memory/1300-62-0x000007FEF6CD0000-0x000007FEF6CED000-memory.dmp

Filesize
116KB

Download
memory/1300-63-0x000007FEF6CB0000-0x000007FEF6CC1000-memory.dmp

Filesize
68KB

Download
memory/1300-64-0x000007FEF6530000-0x000007FEF6730000-memory.dmp

Filesize
2.0MB

Download
memory/1300-70-0x000007FEF5480000-0x000007FEF652B000-memory.dmp

Filesize
16.7MB

Download
memory/1300-71-0x000007FEF6880000-0x000007FEF68BF000-memory.dmp

Filesize
252KB

Download
memory/1300-72-0x000007FEF6850000-0x000007FEF6871000-memory.dmp

Filesize
132KB

Download
memory/1300-73-0x000007FEF6830000-0x000007FEF6848000-memory.dmp

Filesize
96KB

Download
memory/1300-74-0x000007FEF6810000-0x000007FEF6821000-memory.dmp

Filesize
68KB

Download
memory/1300-75-0x000007FEF67B0000-0x000007FEF67C1000-memory.dmp

Filesize
68KB

Download
memory/1300-76-0x000007FEF6790000-0x000007FEF67A1000-memory.dmp

Filesize
68KB

Download
memory/1300-77-0x000007FEF6770000-0x000007FEF678B000-memory.dmp

Filesize
108KB

Download
memory/1300-78-0x000007FEF6750000-0x000007FEF6761000-memory.dmp

Filesize
68KB

Download
memory/1300-79-0x000007FEF5460000-0x000007FEF5478000-memory.dmp

Filesize
96KB

Download
memory/1300-80-0x000007FEF5430000-0x000007FEF5460000-memory.dmp

Filesize
192KB

Download
memory/1300-81-0x000007FEF53C0000-0x000007FEF5427000-memory.dmp

Filesize
412KB

Download
memory/1300-82-0x000007FEF5350000-0x000007FEF53BF000-memory.dmp

Filesize
444KB

Download
memory/1300-83-0x000007FEF5330000-0x000007FEF5341000-memory.dmp

Filesize
68KB

Download
memory/1300-84-0x000007FEF52D0000-0x000007FEF5326000-memory.dmp

Filesize
344KB

Download
memory/1300-85-0x000007FEF52A0000-0x000007FEF52C8000-memory.dmp

Filesize
160KB

Download
memory/1300-86-0x000007FEF5270000-0x000007FEF5294000-memory.dmp

Filesize
144KB

Download
memory/1300-87-0x000007FEF5250000-0x000007FEF5267000-memory.dmp

Filesize
92KB

Download
memory/1300-88-0x000007FEF5220000-0x000007FEF5243000-memory.dmp

Filesize
140KB

Download
memory/1300-89-0x000007FEF5200000-0x000007FEF5211000-memory.dmp

Filesize
68KB

Download
memory/1300-90-0x000007FEF51E0000-0x000007FEF51F2000-memory.dmp

Filesize
72KB

Download
memory/1300-91-0x000007FEF51B0000-0x000007FEF51D1000-memory.dmp

Filesize
132KB

Download
memory/1300-92-0x000007FEF5190000-0x000007FEF51A3000-memory.dmp

Filesize
76KB

Download
memory/1300-93-0x000007FEF5010000-0x000007FEF5188000-memory.dmp

Filesize
1.5MB

Download
memory/1300-94-0x000007FEF4FF0000-0x000007FEF5007000-memory.dmp

Filesize
92KB

Download
memory/1300-97-0x000007FEF68C0000-0x000007FEF6B74000-memory.dmp

Filesize
2.7MB

Download