817d0f138ec2042ed3a3583af1064bf4d9f48a60878dfa29701c397fc4e5549f

Analysis

max time kernel
141s
max time network
35s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
01-04-2023 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

au_uu_SzH34yR2.mp3
Size

1KB
MD5

965094dad28823f4dd46e49663b3f827
SHA1

f6388d91f745fb3bcd232058fc39ae4fad473c24
SHA256

817d0f138ec2042ed3a3583af1064bf4d9f48a60878dfa29701c397fc4e5549f
SHA512

38a4c6634154b234728fa4adc95c633c95809b80a2815ef9246a0197b722ed0c6ff638e8aa58382ad4ae66c3264a0b052c9dc58418f701b34c2128018f44c15b

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1368	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1368	vlc.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: 33	560	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	560	AUDIODG.EXE
Token: 33	560	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	560	AUDIODG.EXE
Token: 33	1368	vlc.exe
Token: SeIncBasePriorityPrivilege	1368	vlc.exe

Suspicious use of FindShellTrayWindow 15 IoCs

pid	Process
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe
1368	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1368	vlc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\au_uu_SzH34yR2.mp3"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1368

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x584
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1368-59-0x000000013F670000-0x000000013F768000-memory.dmp

Filesize
992KB

Download
memory/1368-60-0x000007FEFB4B0000-0x000007FEFB4E4000-memory.dmp

Filesize
208KB

Download
memory/1368-61-0x000007FEF6B00000-0x000007FEF6DB4000-memory.dmp

Filesize
2.7MB

Download
memory/1368-62-0x000007FEFBD70000-0x000007FEFBD88000-memory.dmp

Filesize
96KB

Download
memory/1368-63-0x000007FEFB490000-0x000007FEFB4A7000-memory.dmp

Filesize
92KB

Download
memory/1368-64-0x000007FEFB3C0000-0x000007FEFB3D1000-memory.dmp

Filesize
68KB

Download
memory/1368-65-0x000007FEFB3A0000-0x000007FEFB3B7000-memory.dmp

Filesize
92KB

Download
memory/1368-66-0x000007FEFB1F0000-0x000007FEFB201000-memory.dmp

Filesize
68KB

Download
memory/1368-67-0x000007FEFB1D0000-0x000007FEFB1ED000-memory.dmp

Filesize
116KB

Download
memory/1368-68-0x000007FEFB1B0000-0x000007FEFB1C1000-memory.dmp

Filesize
68KB

Download
memory/1368-69-0x000007FEF5940000-0x000007FEF69EB000-memory.dmp

Filesize
16.7MB

Download
memory/1368-70-0x000007FEF5740000-0x000007FEF5940000-memory.dmp

Filesize
2.0MB

Download
memory/1368-71-0x000007FEFB170000-0x000007FEFB1AF000-memory.dmp

Filesize
252KB

Download
memory/1368-72-0x000007FEFB140000-0x000007FEFB161000-memory.dmp

Filesize
132KB

Download
memory/1368-73-0x000007FEFB120000-0x000007FEFB138000-memory.dmp

Filesize
96KB

Download
memory/1368-74-0x000007FEFAEB0000-0x000007FEFAEC1000-memory.dmp

Filesize
68KB

Download
memory/1368-75-0x000007FEFAE90000-0x000007FEFAEA1000-memory.dmp

Filesize
68KB

Download
memory/1368-76-0x000007FEFAE70000-0x000007FEFAE81000-memory.dmp

Filesize
68KB

Download
memory/1368-77-0x000007FEF7A70000-0x000007FEF7A8B000-memory.dmp

Filesize
108KB

Download
memory/1368-78-0x000007FEF6F50000-0x000007FEF6F61000-memory.dmp

Filesize
68KB

Download
memory/1368-79-0x000007FEF6F30000-0x000007FEF6F48000-memory.dmp

Filesize
96KB

Download
memory/1368-80-0x000007FEF6F00000-0x000007FEF6F30000-memory.dmp

Filesize
192KB

Download
memory/1368-81-0x000007FEF56D0000-0x000007FEF5737000-memory.dmp

Filesize
412KB

Download
memory/1368-82-0x000007FEF5660000-0x000007FEF56CF000-memory.dmp

Filesize
444KB

Download
memory/1368-83-0x000007FEF6EE0000-0x000007FEF6EF1000-memory.dmp

Filesize
68KB

Download
memory/1368-84-0x000007FEF6AE0000-0x000007FEF6AF7000-memory.dmp

Filesize
92KB

Download
memory/1368-85-0x000007FEF6AC0000-0x000007FEF6AD1000-memory.dmp

Filesize
68KB

Download
memory/1368-86-0x000007FEF5600000-0x000007FEF5657000-memory.dmp

Filesize
348KB

Download
memory/1368-87-0x000007FEF55D0000-0x000007FEF55FF000-memory.dmp

Filesize
188KB

Download
memory/1368-88-0x000007FEF55B0000-0x000007FEF55C3000-memory.dmp

Filesize
76KB

Download
memory/1368-89-0x000007FEF5590000-0x000007FEF55A1000-memory.dmp

Filesize
68KB

Download
memory/1368-90-0x000007FEF54C0000-0x000007FEF5585000-memory.dmp

Filesize
788KB

Download
memory/1368-91-0x000007FEF54A0000-0x000007FEF54B2000-memory.dmp

Filesize
72KB

Download
memory/1368-92-0x000007FEF5480000-0x000007FEF5491000-memory.dmp

Filesize
68KB

Download
memory/1368-93-0x000007FEF5460000-0x000007FEF5474000-memory.dmp

Filesize
80KB

Download
memory/1368-94-0x000007FEF5440000-0x000007FEF5452000-memory.dmp

Filesize
72KB

Download
memory/1368-95-0x000007FEF5420000-0x000007FEF5434000-memory.dmp

Filesize
80KB

Download
memory/1368-96-0x000007FEF5400000-0x000007FEF541E000-memory.dmp

Filesize
120KB

Download
memory/1368-97-0x000007FEF53E0000-0x000007FEF53F6000-memory.dmp

Filesize
88KB

Download
memory/1368-98-0x000007FEF53C0000-0x000007FEF53D5000-memory.dmp

Filesize
84KB

Download
memory/1368-99-0x000007FEF53A0000-0x000007FEF53B4000-memory.dmp

Filesize
80KB

Download
memory/1368-100-0x000007FEF5370000-0x000007FEF539C000-memory.dmp

Filesize
176KB

Download
memory/1368-101-0x000007FEF5350000-0x000007FEF5362000-memory.dmp

Filesize
72KB

Download
memory/1368-102-0x000007FEF5320000-0x000007FEF5350000-memory.dmp

Filesize
192KB

Download
memory/1368-103-0x000007FEF5300000-0x000007FEF5317000-memory.dmp

Filesize
92KB

Download
memory/1368-104-0x000007FEF3B50000-0x000007FEF5300000-memory.dmp

Filesize
23.7MB

Download
memory/1368-105-0x000007FEF3B30000-0x000007FEF3B41000-memory.dmp

Filesize
68KB

Download
memory/1368-106-0x000007FEF3B10000-0x000007FEF3B22000-memory.dmp

Filesize
72KB

Download
memory/1368-107-0x000007FEF3990000-0x000007FEF3B08000-memory.dmp

Filesize
1.5MB

Download
memory/1368-108-0x000007FEF3970000-0x000007FEF3987000-memory.dmp

Filesize
92KB

Download
memory/1368-109-0x000007FEF3910000-0x000007FEF3966000-memory.dmp

Filesize
344KB

Download
memory/1368-110-0x000007FEF38E0000-0x000007FEF3908000-memory.dmp

Filesize
160KB

Download
memory/1368-111-0x000007FEF38B0000-0x000007FEF38D4000-memory.dmp

Filesize
144KB

Download
memory/1368-112-0x000007FEFB480000-0x000007FEFB490000-memory.dmp

Filesize
64KB

Download
memory/1368-113-0x000007FEF3890000-0x000007FEF38A6000-memory.dmp

Filesize
88KB

Download
memory/1368-114-0x000007FEF3810000-0x000007FEF3885000-memory.dmp

Filesize
468KB

Download
memory/1368-115-0x000007FEF37A0000-0x000007FEF3802000-memory.dmp

Filesize
392KB

Download
memory/1368-116-0x000007FEF3730000-0x000007FEF379D000-memory.dmp

Filesize
436KB

Download
memory/1368-117-0x000007FEF3710000-0x000007FEF3725000-memory.dmp

Filesize
84KB

Download
memory/1368-118-0x000007FEF33D0000-0x000007FEF33E1000-memory.dmp

Filesize
68KB

Download
memory/1368-119-0x000007FEF33B0000-0x000007FEF33C2000-memory.dmp

Filesize
72KB

Download
memory/1368-120-0x000007FEF3230000-0x000007FEF33AA000-memory.dmp

Filesize
1.5MB

Download
memory/1368-121-0x000007FEF3210000-0x000007FEF3223000-memory.dmp

Filesize
76KB

Download
memory/1368-122-0x000007FEF31F0000-0x000007FEF3204000-memory.dmp

Filesize
80KB

Download