37b533a715bd962424dd394cd17b2ecdb74bb08d5c2a629b27ecfd25b586cffa

Analysis

max time kernel
143s
max time network
35s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
31-03-2023 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hra/LLL_Mantis_Data/StreamingAssets/Cry of Fear.wav
Size

664KB
MD5

6c694162d0bb77ef45776139d879c195
SHA1

f451b21fd96bacff82a795fb204bcfb1a5894daf
SHA256

63bef2496ea0af4ea431663a9f1d7b8f077c9bd5bac3788166dc727db91f6b1d
SHA512

03a6998888566a775214acfbc416ab9d5bbdb5321422aa2185b48dfcc2bee69a2e7cb262aa1f07fef48593f2e88a01bb1d86c8f750601d131cdfd4f5b27c5cb6
SSDEEP

12288:Tb59Yb+JruYYT4yzG7m0BcVpmOVlryvPL+RRfouHDRDmzsQ/hWl:n5mkrxKcmDVpm4uPL+YujRqzsQQl

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1568	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1568	vlc.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: 33	1524	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1524	AUDIODG.EXE
Token: 33	1524	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1524	AUDIODG.EXE
Token: 33	1568	vlc.exe
Token: SeIncBasePriorityPrivilege	1568	vlc.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
1568	vlc.exe
1568	vlc.exe
1568	vlc.exe
1568	vlc.exe
1568	vlc.exe
1568	vlc.exe
1568	vlc.exe
1568	vlc.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
1568	vlc.exe
1568	vlc.exe
1568	vlc.exe
1568	vlc.exe
1568	vlc.exe
1568	vlc.exe
1568	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1568	vlc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\hra\LLL_Mantis_Data\StreamingAssets\Cry of Fear.wav"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x560
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1568-54-0x000000013F570000-0x000000013F668000-memory.dmp

Filesize
992KB

Download
memory/1568-60-0x000007FEFAC60000-0x000007FEFAC94000-memory.dmp

Filesize
208KB

Download
memory/1568-61-0x000007FEF6AE0000-0x000007FEF6D94000-memory.dmp

Filesize
2.7MB

Download
memory/1568-62-0x000007FEFBAD0000-0x000007FEFBAE8000-memory.dmp

Filesize
96KB

Download
memory/1568-63-0x000007FEFAC40000-0x000007FEFAC57000-memory.dmp

Filesize
92KB

Download
memory/1568-64-0x000007FEFAC20000-0x000007FEFAC31000-memory.dmp

Filesize
68KB

Download
memory/1568-65-0x000007FEF6F30000-0x000007FEF6F47000-memory.dmp

Filesize
92KB

Download
memory/1568-66-0x000007FEF6F10000-0x000007FEF6F21000-memory.dmp

Filesize
68KB

Download
memory/1568-67-0x000007FEF6EF0000-0x000007FEF6F0D000-memory.dmp

Filesize
116KB

Download
memory/1568-68-0x000007FEF6ED0000-0x000007FEF6EE1000-memory.dmp

Filesize
68KB

Download
memory/1568-69-0x000007FEF6750000-0x000007FEF6950000-memory.dmp

Filesize
2.0MB

Download
memory/1568-70-0x000007FEF56A0000-0x000007FEF674B000-memory.dmp

Filesize
16.7MB

Download
memory/1568-71-0x000007FEF6AA0000-0x000007FEF6ADF000-memory.dmp

Filesize
252KB

Download
memory/1568-72-0x000007FEF6A70000-0x000007FEF6A91000-memory.dmp

Filesize
132KB

Download
memory/1568-73-0x000007FEF6A50000-0x000007FEF6A68000-memory.dmp

Filesize
96KB

Download
memory/1568-74-0x000007FEF6A30000-0x000007FEF6A41000-memory.dmp

Filesize
68KB

Download
memory/1568-75-0x000007FEF69D0000-0x000007FEF69E1000-memory.dmp

Filesize
68KB

Download
memory/1568-76-0x000007FEF69B0000-0x000007FEF69C1000-memory.dmp

Filesize
68KB

Download
memory/1568-77-0x000007FEF6990000-0x000007FEF69AB000-memory.dmp

Filesize
108KB

Download
memory/1568-78-0x000007FEF6970000-0x000007FEF6981000-memory.dmp

Filesize
68KB

Download
memory/1568-79-0x000007FEF5680000-0x000007FEF5698000-memory.dmp

Filesize
96KB

Download
memory/1568-80-0x000007FEF5650000-0x000007FEF5680000-memory.dmp

Filesize
192KB

Download
memory/1568-81-0x000007FEF55E0000-0x000007FEF5647000-memory.dmp

Filesize
412KB

Download
memory/1568-82-0x000007FEF5570000-0x000007FEF55DF000-memory.dmp

Filesize
444KB

Download
memory/1568-83-0x000007FEF5550000-0x000007FEF5561000-memory.dmp

Filesize
68KB

Download
memory/1568-84-0x000007FEF54F0000-0x000007FEF5546000-memory.dmp

Filesize
344KB

Download
memory/1568-85-0x000007FEF54C0000-0x000007FEF54E8000-memory.dmp

Filesize
160KB

Download
memory/1568-86-0x000007FEF5490000-0x000007FEF54B4000-memory.dmp

Filesize
144KB

Download
memory/1568-87-0x000007FEF5470000-0x000007FEF5487000-memory.dmp

Filesize
92KB

Download
memory/1568-88-0x000007FEF5440000-0x000007FEF5463000-memory.dmp

Filesize
140KB

Download
memory/1568-89-0x000007FEF5420000-0x000007FEF5431000-memory.dmp

Filesize
68KB

Download
memory/1568-90-0x000007FEF5400000-0x000007FEF5412000-memory.dmp

Filesize
72KB

Download
memory/1568-91-0x000007FEF53D0000-0x000007FEF53F1000-memory.dmp

Filesize
132KB

Download
memory/1568-92-0x000007FEF53B0000-0x000007FEF53C3000-memory.dmp

Filesize
76KB

Download
memory/1568-93-0x000007FEF5390000-0x000007FEF53A2000-memory.dmp

Filesize
72KB

Download
memory/1568-94-0x000007FEF5250000-0x000007FEF538B000-memory.dmp

Filesize
1.2MB

Download
memory/1568-95-0x000007FEF5220000-0x000007FEF524C000-memory.dmp

Filesize
176KB

Download
memory/1568-96-0x000007FEF5060000-0x000007FEF5212000-memory.dmp

Filesize
1.7MB

Download
memory/1568-97-0x000007FEF5000000-0x000007FEF505C000-memory.dmp

Filesize
368KB

Download
memory/1568-98-0x000007FEF4FE0000-0x000007FEF4FF1000-memory.dmp

Filesize
68KB

Download
memory/1568-99-0x000007FEF4F40000-0x000007FEF4FD7000-memory.dmp

Filesize
604KB

Download
memory/1568-100-0x000007FEF4F20000-0x000007FEF4F32000-memory.dmp

Filesize
72KB

Download
memory/1568-101-0x000007FEF4CE0000-0x000007FEF4F11000-memory.dmp

Filesize
2.2MB

Download
memory/1568-102-0x000007FEF4CA0000-0x000007FEF4CD5000-memory.dmp

Filesize
212KB

Download
memory/1568-103-0x000007FEF4C70000-0x000007FEF4C95000-memory.dmp

Filesize
148KB

Download
memory/1568-104-0x000007FEF4C50000-0x000007FEF4C61000-memory.dmp

Filesize
68KB

Download
memory/1568-105-0x000007FEF4BE0000-0x000007FEF4C41000-memory.dmp

Filesize
388KB

Download
memory/1568-106-0x000007FEF4BC0000-0x000007FEF4BD1000-memory.dmp

Filesize
68KB

Download
memory/1568-107-0x000007FEF4BA0000-0x000007FEF4BB2000-memory.dmp

Filesize
72KB

Download
memory/1568-108-0x000007FEF4B80000-0x000007FEF4B93000-memory.dmp

Filesize
76KB

Download
memory/1568-109-0x000007FEF4AE0000-0x000007FEF4B7F000-memory.dmp

Filesize
636KB

Download
memory/1568-110-0x000007FEF4AC0000-0x000007FEF4AD1000-memory.dmp

Filesize
68KB

Download
memory/1568-111-0x000007FEF49B0000-0x000007FEF4AB2000-memory.dmp

Filesize
1.0MB

Download
memory/1568-112-0x000007FEF4990000-0x000007FEF49A1000-memory.dmp

Filesize
68KB

Download
memory/1568-113-0x000007FEF4970000-0x000007FEF4981000-memory.dmp

Filesize
68KB

Download
memory/1568-114-0x000007FEF4950000-0x000007FEF4961000-memory.dmp

Filesize
68KB

Download
memory/1568-115-0x000007FEF4930000-0x000007FEF4942000-memory.dmp

Filesize
72KB

Download
memory/1568-116-0x000007FEF4910000-0x000007FEF4928000-memory.dmp

Filesize
96KB

Download
memory/1568-117-0x000007FEF48F0000-0x000007FEF4906000-memory.dmp

Filesize
88KB

Download
memory/1568-118-0x000007FEF48C0000-0x000007FEF48E9000-memory.dmp

Filesize
164KB

Download
memory/1568-119-0x000007FEF48A0000-0x000007FEF48B2000-memory.dmp

Filesize
72KB

Download
memory/1568-120-0x000007FEF4880000-0x000007FEF4891000-memory.dmp

Filesize
68KB

Download
memory/1568-121-0x000007FEF4860000-0x000007FEF4871000-memory.dmp

Filesize
68KB

Download
memory/1568-122-0x000007FEF4840000-0x000007FEF4851000-memory.dmp

Filesize
68KB

Download