Overview

overview

4

Static

static

1

vlc-3.0.18-win64.exe

windows7-x64

4

vlc-3.0.18-win64.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    597s
  • max time network
    508s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-05-2023 15:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vlc-3.0.18-win64.exe

  • Size

    42.2MB

  • MD5

    7fddbac28a9c85c79fe08e2d6506e535

  • SHA1

    b2def381b57b9a7643a91790f5537e74fab729dc

  • SHA256

    ba575f153d357eaf3fdbf446b9b93a12ced87c35887cdd83ad4281733eb86602

  • SHA512

    bfbda8c590dc53d565cc2d26a59c97834663e871c6c7233523a2dd48027e78b93c75ae8af6d56c8542c9102aadbee8aa3b5c7f83a7600b377cf0af2cc92433b9

  • SSDEEP

    786432:5+vk5XxMOrNfNWNG7JNzwCR3xmgpa3qdxrXcAPXCIfJ546BZTg2QrXoRHq:5+vyTnJFwL3qrJvCIxi6By2QrXoE

Score
4/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 17 IoCs
  • Suspicious use of SendNotifyMessage 15 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\vlc-3.0.18-win64.exe
    "C:\Users\Admin\AppData\Local\Temp\vlc-3.0.18-win64.exe"
    1⤵
    • Loads dropped DLL
    PID:4524
  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ResetUninstall.mp2v"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:1312
  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\StepRevoke.WTV"
    1⤵
      PID:3016
    • C:\Windows\System32\fontview.exe
      "C:\Windows\System32\fontview.exe" C:\Users\Admin\Desktop\SuspendEnable.fon
      1⤵
        PID:3032
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
        1⤵
          PID:2532
        • C:\Windows\System32\svchost.exe
          C:\Windows\System32\svchost.exe -k UnistackSvcGroup
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3656

        Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsf7BAF.tmp\LangDLL.dll
          Filesize

          7KB

          MD5

          20850d4d5416fbfd6a02e8a120f360fc

          SHA1

          ac34f3a34aaa4a21efd6a32bc93102639170e219

          SHA256

          860b409b065b747aab2a9937f02d08b6fd7309993b50d8e4b53983c8c2b56b61

          SHA512

          c8048b9ae0ced72a384c5ab781083a76b96ae08d5c8a5c7797f75a7e54e9cd9192349f185ee88c9cf0514fc8d59e37e01d88b9c8106321c0581659ebe1d1c276

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\nsf7BAF.tmp\System.dll
          Filesize

          26KB

          MD5

          4f25d99bf1375fe5e61b037b2616695d

          SHA1

          958fad0e54df0736ddab28ff6cb93e6ed580c862

          SHA256

          803931797d95777248dee4f2a563aed51fe931d2dd28faec507c69ed0f26f647

          SHA512

          96a8446f322cd62377a93d2088c0ce06087da27ef95a391e02c505fb4eb1d00419143d67d89494c2ef6f57ae2fd7f049c86e00858d1b193ec6dde4d0fe0e3130

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\nsf7BAF.tmp\nsDialogs.dll
          Filesize

          12KB

          MD5

          2029c44871670eec937d1a8c1e9faa21

          SHA1

          e8d53b9e8bc475cc274d80d3836b526d8dd2747a

          SHA256

          a4ae6d33f940a80e8fe34537c5cc1f8b8679c979607969320cfb750c15809ac2

          SHA512

          6f151c9818ac2f3aef6d4cabd8122c7e22ccf0b84fa5d4bcc951f8c3d00e8c270127eac1e9d93c5f4594ac90de8aff87dc6e96562f532a3d19c0da63a28654b7

          Download Submit
        • C:\Users\Admin\AppData\Roaming\vlc\vlcrc
          Filesize

          93KB

          MD5

          478a4a09f4f74e97335cd4d5e9da7ab5

          SHA1

          3c4f1dc52a293f079095d0b0370428ec8e8f9315

          SHA256

          884b59950669842f3c45e6da3480cd9a553538b951fb155b435b48ff38683974

          SHA512

          e96719663cd264132a8e1ea8c3f8a148c778a0c68caa2468ba47629393605b197dd9e00efad91f389de9fcc77b04981a0cf87f785f3c645cdc9e4ebd98060ca1

          Download Submit
        • memory/1312-227-0x00007FFED7560000-0x00007FFED7571000-memory.dmp
          Filesize

          68KB

          Download
        • memory/1312-226-0x00007FFEDF500000-0x00007FFEDF517000-memory.dmp
          Filesize

          92KB

          Download
        • memory/1312-225-0x00007FFEDFA30000-0x00007FFEDFA48000-memory.dmp
          Filesize

          96KB

          Download
        • memory/1312-224-0x00007FFECF470000-0x00007FFECF724000-memory.dmp
          Filesize

          2.7MB

          Download
        • memory/1312-223-0x00007FFEDF520000-0x00007FFEDF554000-memory.dmp
          Filesize

          208KB

          Download
        • memory/1312-222-0x00007FF70A4E0000-0x00007FF70A5D8000-memory.dmp
          Filesize

          992KB

          Download
        • memory/3016-221-0x00007FFED7560000-0x00007FFED7571000-memory.dmp
          Filesize

          68KB

          Download
        • memory/3016-217-0x00007FFEDF520000-0x00007FFEDF554000-memory.dmp
          Filesize

          208KB

          Download
        • memory/3016-218-0x00007FFECF470000-0x00007FFECF724000-memory.dmp
          Filesize

          2.7MB

          Download
        • memory/3016-219-0x00007FFEDFA30000-0x00007FFEDFA48000-memory.dmp
          Filesize

          96KB

          Download
        • memory/3016-220-0x00007FFEDF500000-0x00007FFEDF517000-memory.dmp
          Filesize

          92KB

          Download
        • memory/3016-216-0x00007FF70A4E0000-0x00007FF70A5D8000-memory.dmp
          Filesize

          992KB

          Download
        • memory/4524-207-0x0000000000400000-0x0000000000481000-memory.dmp
          Filesize

          516KB

          Download
        • memory/4524-197-0x0000000074F00000-0x0000000074F0B000-memory.dmp
          Filesize

          44KB

          Download
        • memory/4524-195-0x0000000000400000-0x0000000000481000-memory.dmp
          Filesize

          516KB

          Download
        • memory/4524-149-0x0000000074F00000-0x0000000074F0B000-memory.dmp
          Filesize

          44KB

          Download
        • memory/4524-148-0x0000000074F10000-0x0000000074F1E000-memory.dmp
          Filesize

          56KB

          Download
        • memory/4524-147-0x0000000000400000-0x0000000000481000-memory.dmp
          Filesize

          516KB

          Download