f33effdcb0127d230007530d1e5b5325054271a4b17e72679638fc5ef960a2f3

Analysis

max time kernel
142s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
11/05/2023, 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Mi_habitacion_remix_ft_22Orion.mp3
Size

10.9MB
MD5

c39d930134f8ef5aa8959323bc7a7a4f
SHA1

d1308def97df402e34e0209810ad913eade6e76c
SHA256

f33effdcb0127d230007530d1e5b5325054271a4b17e72679638fc5ef960a2f3
SHA512

80595c4971e7271acf9071640f5aed59a27434152c301565adde33463e137cdf46832ed2ba05c05e5addb1aeef5efeb37ca41fdc7b266574885c8e2270acfbd3
SSDEEP

196608:nVhoCyR3RIjuWSR8FLZDYd2ktZRXMy6Gjju6jmUXm32C8d5e:DyVOY+tYVJ6Gj4Vv

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2032	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2032	vlc.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: 33	876	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	876	AUDIODG.EXE
Token: 33	876	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	876	AUDIODG.EXE
Token: 33	2032	vlc.exe
Token: SeIncBasePriorityPrivilege	2032	vlc.exe

Suspicious use of FindShellTrayWindow 7 IoCs

pid	Process
2032	vlc.exe
2032	vlc.exe
2032	vlc.exe
2032	vlc.exe
2032	vlc.exe
2032	vlc.exe
2032	vlc.exe

Suspicious use of SendNotifyMessage 6 IoCs

pid	Process
2032	vlc.exe
2032	vlc.exe
2032	vlc.exe
2032	vlc.exe
2032	vlc.exe
2032	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2032	vlc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Mi_habitacion_remix_ft_22Orion.mp3"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x470
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2032-61-0x000000013F020000-0x000000013F118000-memory.dmp

Filesize
992KB

Download
memory/2032-62-0x000007FEFAE30000-0x000007FEFAE64000-memory.dmp

Filesize
208KB

Download
memory/2032-63-0x000007FEF6A10000-0x000007FEF6CC4000-memory.dmp

Filesize
2.7MB

Download
memory/2032-64-0x000007FEFB7B0000-0x000007FEFB7C8000-memory.dmp

Filesize
96KB

Download
memory/2032-65-0x000007FEFAE10000-0x000007FEFAE27000-memory.dmp

Filesize
92KB

Download
memory/2032-66-0x000007FEFADF0000-0x000007FEFAE01000-memory.dmp

Filesize
68KB

Download
memory/2032-67-0x000007FEFADD0000-0x000007FEFADE7000-memory.dmp

Filesize
92KB

Download
memory/2032-68-0x000007FEFABE0000-0x000007FEFABF1000-memory.dmp

Filesize
68KB

Download
memory/2032-69-0x000007FEFABC0000-0x000007FEFABDD000-memory.dmp

Filesize
116KB

Download
memory/2032-70-0x000007FEFABA0000-0x000007FEFABB1000-memory.dmp

Filesize
68KB

Download
memory/2032-71-0x000007FEF4F80000-0x000007FEF602B000-memory.dmp

Filesize
16.7MB

Download
memory/2032-72-0x000007FEF6810000-0x000007FEF6A10000-memory.dmp

Filesize
2.0MB

Download
memory/2032-74-0x000007FEF6F80000-0x000007FEF6FA1000-memory.dmp

Filesize
132KB

Download
memory/2032-73-0x000007FEFAB60000-0x000007FEFAB9F000-memory.dmp

Filesize
252KB

Download
memory/2032-76-0x000007FEF6F40000-0x000007FEF6F51000-memory.dmp

Filesize
68KB

Download
memory/2032-75-0x000007FEF6F60000-0x000007FEF6F78000-memory.dmp

Filesize
96KB

Download
memory/2032-77-0x000007FEF6F20000-0x000007FEF6F31000-memory.dmp

Filesize
68KB

Download
memory/2032-80-0x000007FEF6EC0000-0x000007FEF6ED1000-memory.dmp

Filesize
68KB

Download
memory/2032-82-0x000007FEF6E70000-0x000007FEF6EA0000-memory.dmp

Filesize
192KB

Download
memory/2032-81-0x000007FEF6EA0000-0x000007FEF6EB8000-memory.dmp

Filesize
96KB

Download
memory/2032-83-0x000007FEF67A0000-0x000007FEF6807000-memory.dmp

Filesize
412KB

Download
memory/2032-79-0x000007FEF6EE0000-0x000007FEF6EFB000-memory.dmp

Filesize
108KB

Download
memory/2032-84-0x000007FEF6730000-0x000007FEF679F000-memory.dmp

Filesize
444KB

Download
memory/2032-85-0x000007FEF6E50000-0x000007FEF6E61000-memory.dmp

Filesize
68KB

Download
memory/2032-86-0x000007FEF6E30000-0x000007FEF6E47000-memory.dmp

Filesize
92KB

Download
memory/2032-78-0x000007FEF6F00000-0x000007FEF6F11000-memory.dmp

Filesize
68KB

Download
memory/2032-87-0x000007FEF6E10000-0x000007FEF6E21000-memory.dmp

Filesize
68KB

Download
memory/2032-89-0x000007FEF66A0000-0x000007FEF66CF000-memory.dmp

Filesize
188KB

Download
memory/2032-88-0x000007FEF66D0000-0x000007FEF6727000-memory.dmp

Filesize
348KB

Download
memory/2032-94-0x000007FEF6550000-0x000007FEF6561000-memory.dmp

Filesize
68KB

Download
memory/2032-95-0x000007FEF6530000-0x000007FEF6544000-memory.dmp

Filesize
80KB

Download
memory/2032-98-0x000007FEF64D0000-0x000007FEF64EE000-memory.dmp

Filesize
120KB

Download
memory/2032-97-0x000007FEF64F0000-0x000007FEF6504000-memory.dmp

Filesize
80KB

Download
memory/2032-99-0x000007FEF64B0000-0x000007FEF64C6000-memory.dmp

Filesize
88KB

Download
memory/2032-96-0x000007FEF6510000-0x000007FEF6522000-memory.dmp

Filesize
72KB

Download
memory/2032-101-0x000007FEF6470000-0x000007FEF6484000-memory.dmp

Filesize
80KB

Download
memory/2032-100-0x000007FEF6490000-0x000007FEF64A5000-memory.dmp

Filesize
84KB

Download
memory/2032-104-0x000007FEF63F0000-0x000007FEF6420000-memory.dmp

Filesize
192KB

Download
memory/2032-103-0x000007FEF6420000-0x000007FEF6432000-memory.dmp

Filesize
72KB

Download
memory/2032-105-0x000007FEF63D0000-0x000007FEF63E7000-memory.dmp

Filesize
92KB

Download
memory/2032-102-0x000007FEF6440000-0x000007FEF646C000-memory.dmp

Filesize
176KB

Download
memory/2032-93-0x000007FEF6570000-0x000007FEF6582000-memory.dmp

Filesize
72KB

Download
memory/2032-92-0x000007FEF6590000-0x000007FEF6655000-memory.dmp

Filesize
788KB

Download
memory/2032-91-0x000007FEF6660000-0x000007FEF6671000-memory.dmp

Filesize
68KB

Download
memory/2032-90-0x000007FEF6680000-0x000007FEF6693000-memory.dmp

Filesize
76KB

Download
memory/2032-106-0x000007FEF37D0000-0x000007FEF4F80000-memory.dmp

Filesize
23.7MB

Download
memory/2032-107-0x000007FEF63B0000-0x000007FEF63C1000-memory.dmp

Filesize
68KB

Download
memory/2032-108-0x000007FEF6390000-0x000007FEF63A2000-memory.dmp

Filesize
72KB

Download
memory/2032-109-0x000007FEF6210000-0x000007FEF6388000-memory.dmp

Filesize
1.5MB

Download
memory/2032-110-0x000007FEF61F0000-0x000007FEF6207000-memory.dmp

Filesize
92KB

Download
memory/2032-111-0x000007FEF6190000-0x000007FEF61E6000-memory.dmp

Filesize
344KB

Download
memory/2032-112-0x000007FEF37A0000-0x000007FEF37C8000-memory.dmp

Filesize
160KB

Download
memory/2032-113-0x000007FEF3770000-0x000007FEF3794000-memory.dmp

Filesize
144KB

Download
memory/2032-114-0x000007FEFADC0000-0x000007FEFADD0000-memory.dmp

Filesize
64KB

Download
memory/2032-115-0x000007FEF3750000-0x000007FEF3766000-memory.dmp

Filesize
88KB

Download
memory/2032-116-0x000007FEF36D0000-0x000007FEF3745000-memory.dmp

Filesize
468KB

Download
memory/2032-117-0x000007FEF3660000-0x000007FEF36C2000-memory.dmp

Filesize
392KB

Download
memory/2032-118-0x000007FEF35F0000-0x000007FEF365D000-memory.dmp

Filesize
436KB

Download
memory/2032-119-0x000007FEF35D0000-0x000007FEF35E5000-memory.dmp

Filesize
84KB

Download
memory/2032-120-0x000007FEF32B0000-0x000007FEF32C1000-memory.dmp

Filesize
68KB

Download
memory/2032-121-0x000007FEF3270000-0x000007FEF3282000-memory.dmp

Filesize
72KB

Download
memory/2032-122-0x000007FEF30F0000-0x000007FEF326A000-memory.dmp

Filesize
1.5MB

Download