Analysis

  • max time kernel
    144s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    31-03-2023 18:52

General

  • Target

    hra/LLL_Mantis_Data/StreamingAssets/Blender.wav

  • Size

    812KB

  • MD5

    da9b18fcb319eeab0835b29a5ad27065

  • SHA1

    cab6723907680a9998e42061904275d02e5ed001

  • SHA256

    d872d3c94aef426154e2e61b8c6fc0c666d5a36aa49ef63b822fef47ae204f42

  • SHA512

    9c41792e48ea19fbf01a286d25759a92bcbbf98c71f8d8bb26815f6fc87bd1a23f29b3ae928aa8bdebbf30bae00704cca0a72a35ea2906db36cca79c75e0765c

  • SSDEEP

    24576:haIA/pQZiXEqWT1pJvvT9ei0U2HCIFkUaL:hBZiEj7lT9ei2HCS+

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\hra\LLL_Mantis_Data\StreamingAssets\Blender.wav"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:1128
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x554
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1128-54-0x000000013FF00000-0x000000013FFF8000-memory.dmp

    Filesize

    992KB

  • memory/1128-55-0x000007FEF7290000-0x000007FEF72C4000-memory.dmp

    Filesize

    208KB

  • memory/1128-56-0x000007FEF6D30000-0x000007FEF6FE4000-memory.dmp

    Filesize

    2.7MB

  • memory/1128-57-0x000007FEFBC20000-0x000007FEFBC38000-memory.dmp

    Filesize

    96KB

  • memory/1128-58-0x000007FEF7140000-0x000007FEF7157000-memory.dmp

    Filesize

    92KB

  • memory/1128-60-0x000007FEF6D10000-0x000007FEF6D27000-memory.dmp

    Filesize

    92KB

  • memory/1128-59-0x000007FEF7120000-0x000007FEF7131000-memory.dmp

    Filesize

    68KB

  • memory/1128-61-0x000007FEF6CF0000-0x000007FEF6D01000-memory.dmp

    Filesize

    68KB

  • memory/1128-62-0x000007FEF6C90000-0x000007FEF6CAD000-memory.dmp

    Filesize

    116KB

  • memory/1128-63-0x000007FEF6C70000-0x000007FEF6C81000-memory.dmp

    Filesize

    68KB

  • memory/1128-64-0x000007FEF5BC0000-0x000007FEF6C6B000-memory.dmp

    Filesize

    16.7MB

  • memory/1128-71-0x000007FEF5980000-0x000007FEF59BF000-memory.dmp

    Filesize

    252KB

  • memory/1128-70-0x000007FEF59C0000-0x000007FEF5BC0000-memory.dmp

    Filesize

    2.0MB

  • memory/1128-72-0x000007FEF5950000-0x000007FEF5971000-memory.dmp

    Filesize

    132KB

  • memory/1128-73-0x000007FEF5930000-0x000007FEF5948000-memory.dmp

    Filesize

    96KB

  • memory/1128-74-0x000007FEF5910000-0x000007FEF5921000-memory.dmp

    Filesize

    68KB

  • memory/1128-75-0x000007FEF58F0000-0x000007FEF5901000-memory.dmp

    Filesize

    68KB

  • memory/1128-76-0x000007FEF58D0000-0x000007FEF58E1000-memory.dmp

    Filesize

    68KB

  • memory/1128-77-0x000007FEF58B0000-0x000007FEF58CB000-memory.dmp

    Filesize

    108KB

  • memory/1128-78-0x000007FEF5890000-0x000007FEF58A1000-memory.dmp

    Filesize

    68KB

  • memory/1128-79-0x000007FEF5870000-0x000007FEF5888000-memory.dmp

    Filesize

    96KB

  • memory/1128-81-0x000007FEF57D0000-0x000007FEF5837000-memory.dmp

    Filesize

    412KB

  • memory/1128-80-0x000007FEF5840000-0x000007FEF5870000-memory.dmp

    Filesize

    192KB

  • memory/1128-82-0x000007FEF5760000-0x000007FEF57CF000-memory.dmp

    Filesize

    444KB

  • memory/1128-83-0x000007FEF5740000-0x000007FEF5751000-memory.dmp

    Filesize

    68KB

  • memory/1128-84-0x000007FEF56E0000-0x000007FEF5736000-memory.dmp

    Filesize

    344KB

  • memory/1128-85-0x000007FEF56B0000-0x000007FEF56D8000-memory.dmp

    Filesize

    160KB

  • memory/1128-92-0x000007FEF55A0000-0x000007FEF55B3000-memory.dmp

    Filesize

    76KB

  • memory/1128-91-0x000007FEF55C0000-0x000007FEF55E1000-memory.dmp

    Filesize

    132KB

  • memory/1128-93-0x000007FEF5580000-0x000007FEF5592000-memory.dmp

    Filesize

    72KB

  • memory/1128-90-0x000007FEF55F0000-0x000007FEF5602000-memory.dmp

    Filesize

    72KB

  • memory/1128-89-0x000007FEF5610000-0x000007FEF5621000-memory.dmp

    Filesize

    68KB

  • memory/1128-88-0x000007FEF5630000-0x000007FEF5653000-memory.dmp

    Filesize

    140KB

  • memory/1128-87-0x000007FEF5660000-0x000007FEF5677000-memory.dmp

    Filesize

    92KB

  • memory/1128-86-0x000007FEF5680000-0x000007FEF56A4000-memory.dmp

    Filesize

    144KB

  • memory/1128-94-0x000007FEF5440000-0x000007FEF557B000-memory.dmp

    Filesize

    1.2MB

  • memory/1128-95-0x000007FEF5410000-0x000007FEF543C000-memory.dmp

    Filesize

    176KB

  • memory/1128-96-0x000007FEF5250000-0x000007FEF5402000-memory.dmp

    Filesize

    1.7MB

  • memory/1128-97-0x000007FEF51F0000-0x000007FEF524C000-memory.dmp

    Filesize

    368KB

  • memory/1128-98-0x000007FEF51D0000-0x000007FEF51E1000-memory.dmp

    Filesize

    68KB

  • memory/1128-99-0x000007FEF5130000-0x000007FEF51C7000-memory.dmp

    Filesize

    604KB

  • memory/1128-100-0x000007FEF5110000-0x000007FEF5122000-memory.dmp

    Filesize

    72KB

  • memory/1128-101-0x000007FEF4ED0000-0x000007FEF5101000-memory.dmp

    Filesize

    2.2MB

  • memory/1128-102-0x000007FEF4E90000-0x000007FEF4EC5000-memory.dmp

    Filesize

    212KB

  • memory/1128-103-0x000007FEF4E60000-0x000007FEF4E85000-memory.dmp

    Filesize

    148KB

  • memory/1128-104-0x000007FEF4E40000-0x000007FEF4E51000-memory.dmp

    Filesize

    68KB

  • memory/1128-105-0x000007FEF4DD0000-0x000007FEF4E31000-memory.dmp

    Filesize

    388KB

  • memory/1128-106-0x000007FEF4DB0000-0x000007FEF4DC1000-memory.dmp

    Filesize

    68KB

  • memory/1128-107-0x000007FEF4D90000-0x000007FEF4DA2000-memory.dmp

    Filesize

    72KB

  • memory/1128-108-0x000007FEF4D70000-0x000007FEF4D83000-memory.dmp

    Filesize

    76KB

  • memory/1128-109-0x000007FEF4CD0000-0x000007FEF4D6F000-memory.dmp

    Filesize

    636KB

  • memory/1128-110-0x000007FEF4CB0000-0x000007FEF4CC1000-memory.dmp

    Filesize

    68KB

  • memory/1128-111-0x000007FEF4BA0000-0x000007FEF4CA2000-memory.dmp

    Filesize

    1.0MB

  • memory/1128-112-0x000007FEF4B80000-0x000007FEF4B91000-memory.dmp

    Filesize

    68KB

  • memory/1128-113-0x000007FEF4B60000-0x000007FEF4B71000-memory.dmp

    Filesize

    68KB

  • memory/1128-116-0x000007FEF4B00000-0x000007FEF4B18000-memory.dmp

    Filesize

    96KB

  • memory/1128-115-0x000007FEF4B20000-0x000007FEF4B32000-memory.dmp

    Filesize

    72KB

  • memory/1128-114-0x000007FEF4B40000-0x000007FEF4B51000-memory.dmp

    Filesize

    68KB

  • memory/1128-117-0x000007FEF4AE0000-0x000007FEF4AF6000-memory.dmp

    Filesize

    88KB

  • memory/1128-118-0x000007FEF4AB0000-0x000007FEF4AD9000-memory.dmp

    Filesize

    164KB

  • memory/1128-122-0x000007FEF4A30000-0x000007FEF4A41000-memory.dmp

    Filesize

    68KB

  • memory/1128-121-0x000007FEF4A50000-0x000007FEF4A61000-memory.dmp

    Filesize

    68KB

  • memory/1128-120-0x000007FEF4A70000-0x000007FEF4A81000-memory.dmp

    Filesize

    68KB

  • memory/1128-119-0x000007FEF4A90000-0x000007FEF4AA2000-memory.dmp

    Filesize

    72KB