Overview

overview

8

Static

static

1

Metal-Pipe...om.mp3

windows7-x64

6

Metal-Pipe...om.mp3

windows10-2004-x64

8

Analysis

  • max time kernel
    1787s
  • max time network
    1233s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-06-2023 17:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Metal-Pipes-Falling-Sound-djlunatique.com.mp3

  • Size

    59KB

  • MD5

    17b313a6dd83544591e5f9a4ff450c48

  • SHA1

    d479a86de55895a99c64a32a13ae2d5448b32042

  • SHA256

    fef4203ed4a1deabba0d24b36994a1b638b91fcdaedc848a001df37bf4c8a1fd

  • SHA512

    a326a5038eb9dfb59f5c66dff8237f47215f892b974465107225041561eef29cd94b46a3a1df85cf3ef2ff8ec28ec5bc921683a2d26921b52c456690081c2e89

  • SSDEEP

    1536:g+vTI3GWUdVUmc52swf8EroC9CSktXZKpZyk4FPXQR:nkfks2F8HsQBQpZARXQR

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 5 IoCs
    persistence
  • Drops desktop.ini file(s) 8 IoCs
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Metal-Pipes-Falling-Sound-djlunatique.com.mp3"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5072
    • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
      "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Metal-Pipes-Falling-Sound-djlunatique.com.mp3"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3132
      • C:\Windows\SysWOW64\unregmp2.exe
        C:\Windows\system32\unregmp2.exe /ShowWMP /SetShowState /CreateMediaLibrary
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2632
        • C:\Windows\system32\unregmp2.exe
          "C:\Windows\SysNative\unregmp2.exe" /ShowWMP /SetShowState /CreateMediaLibrary /REENTRANT
          4⤵
          • Modifies Installed Components in the registry
          • Drops desktop.ini file(s)
          • Drops file in Program Files directory
          • Modifies registry class
          PID:2108
      • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
        "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Relaunch /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Metal-Pipes-Falling-Sound-djlunatique.com.mp3"
        3⤵
        • Drops desktop.ini file(s)
        • Enumerates connected drives
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:4816
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2016
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:3388
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:2932
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x490 0x3c4
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:368

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    256KB

    MD5

    9c481a94abc7eee23cd5234262e60077

    SHA1

    2873225e708fb5461ac60c3613fe12112423f0f0

    SHA256

    681c9665d741ca6ed709cdd79d070ff7f4fdf158e02342f7d47e90a6d962b061

    SHA512

    0579499b5f01649f7e5e3afad07b4c7924d30fbc56dd12b37d9ad46bdefe35fcb6371694c1eff6c42d56c21b1de4c4f40531b27cd32eca1bdf51c6cac41fe668

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    1024KB

    MD5

    728d1fdf4cf8cc9c48713bbd34785840

    SHA1

    eb04aa9d44339e28fadb771f28bb4be242494cbe

    SHA256

    d1b7da7501d400e5d9d0b814b120c239e8e972e8c2a6dd700a202b3e93a187c2

    SHA512

    626758d07e5b5c726e3be6ef83b69a758a19a3546d323ffd15c4be7c3b9967d653c4245ed1ca7ddb002b780850b9e2c0c7c9c81ccd5fc1863f3eb19b0d85ee55

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
    Filesize

    68KB

    MD5

    e49f3a8e2c2abc6bfc95a2475f0f9d28

    SHA1

    5333196a9acf24037ed5bd54fafb58a98a2e64f1

    SHA256

    2cb47f78f2bd781992bdf453d8db930b8c93d27a55d3d4502b4c060b2f1ea617

    SHA512

    50c6748edcef7efe6fc63f6edf0fad75efcb78fffc1e188158cf2360db0f8a22a8970372825412dd86eee8fc7733d1a787a45bf4bc6b114883055609992270f8

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
    Filesize

    9KB

    MD5

    7050d5ae8acfbe560fa11073fef8185d

    SHA1

    5bc38e77ff06785fe0aec5a345c4ccd15752560e

    SHA256

    cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

    SHA512

    a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
    Filesize

    1KB

    MD5

    d30baad73016e6599c0ad76a87013544

    SHA1

    f08f45f3ed519876aa2523b59da7c157ff8930d0

    SHA256

    fade6b350b2bb8579ea6daef02b443cfc59e80194426dc41bc97408eefdc8b3a

    SHA512

    14a65f3c19fe3487cbb1f8116ab5bdf42bbcd507c7e8ad177ddcca3df59788fff03979e1671e106ea893da10c6678b260c8eb4001a8589918a5fee6707324a97

    Download Submit

  • memory/4816-174-0x0000000006490000-0x00000000064A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-175-0x0000000006490000-0x00000000064A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-177-0x0000000006490000-0x00000000064A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-176-0x0000000006490000-0x00000000064A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-179-0x0000000006490000-0x00000000064A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-178-0x0000000006490000-0x00000000064A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-189-0x00000000071A0000-0x00000000071B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-190-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-192-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-193-0x00000000096E0000-0x00000000096F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-194-0x00000000096E0000-0x00000000096F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-196-0x00000000096E0000-0x00000000096F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-197-0x00000000096E0000-0x00000000096F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-198-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-199-0x00000000096E0000-0x00000000096F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-200-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-201-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-202-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-203-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-204-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-206-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-208-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-207-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-205-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-209-0x0000000009770000-0x0000000009780000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-211-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-212-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-213-0x00000000096E0000-0x00000000096F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-214-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-215-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-216-0x00000000096E0000-0x00000000096F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-217-0x00000000096E0000-0x00000000096F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-218-0x00000000071A0000-0x00000000071B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-219-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-222-0x00000000096E0000-0x00000000096F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-220-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-223-0x00000000096E0000-0x00000000096F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-224-0x00000000096E0000-0x00000000096F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-225-0x00000000096E0000-0x00000000096F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-226-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-227-0x00000000096E0000-0x00000000096F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-228-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-230-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-229-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-231-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-232-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-233-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-235-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-236-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-234-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-238-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-239-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-240-0x00000000096E0000-0x00000000096F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-241-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-242-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-244-0x00000000096E0000-0x00000000096F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-243-0x00000000096E0000-0x00000000096F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-245-0x00000000071A0000-0x00000000071B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-246-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-247-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-248-0x00000000096E0000-0x00000000096F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-249-0x00000000096E0000-0x00000000096F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-250-0x0000000008300000-0x000000000830E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-251-0x00000000096E0000-0x00000000096F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-252-0x00000000096E0000-0x00000000096F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-253-0x00000000096D0000-0x00000000096E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-308-0x00000000096C0000-0x00000000096D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-373-0x00000000096C0000-0x00000000096D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-374-0x00000000096C0000-0x00000000096D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-375-0x00000000096C0000-0x00000000096D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-376-0x00000000096C0000-0x00000000096D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-377-0x00000000096C0000-0x00000000096D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-378-0x00000000096C0000-0x00000000096D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-450-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-451-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-452-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-453-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-528-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-529-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-531-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-608-0x0000000007100000-0x000000000710C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/4816-607-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-606-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-605-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-604-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-603-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-692-0x0000000007100000-0x000000000710C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/4816-693-0x0000000007100000-0x000000000710C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/4816-694-0x0000000007100000-0x000000000710C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/4816-695-0x0000000007100000-0x000000000710C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/4816-858-0x0000000007100000-0x0000000007101000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4816-859-0x0000000007760000-0x0000000007770000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-1042-0x0000000008300000-0x000000000830E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-1224-0x00000000096C0000-0x00000000096D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-1225-0x00000000096C0000-0x00000000096D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-1226-0x00000000096C0000-0x00000000096D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-1227-0x00000000096C0000-0x00000000096D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-1228-0x00000000096C0000-0x00000000096D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-1229-0x00000000096C0000-0x00000000096D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-1230-0x00000000096C0000-0x00000000096D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-1231-0x0000000007820000-0x000000000782C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/4816-1316-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-1317-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-1318-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-1319-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-1320-0x0000000007820000-0x0000000007830000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-1422-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-1421-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-1423-0x0000000007820000-0x0000000007830000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-1420-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-1424-0x0000000007820000-0x0000000007830000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-1511-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-1512-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-1513-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-1514-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-1515-0x0000000006E90000-0x0000000006E9E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4816-1517-0x0000000007820000-0x0000000007830000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-1518-0x0000000007820000-0x0000000007830000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-1519-0x0000000007820000-0x0000000007830000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-1520-0x0000000007820000-0x0000000007830000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-1516-0x0000000007820000-0x0000000007830000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-1521-0x0000000007820000-0x0000000007830000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-1622-0x0000000007820000-0x0000000007830000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-1712-0x0000000007820000-0x0000000007830000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-1713-0x0000000007820000-0x0000000007830000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-1715-0x0000000007820000-0x0000000007830000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-1716-0x0000000007820000-0x0000000007830000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4816-1714-0x0000000007820000-0x0000000007830000-memory.dmp

    Filesize

    64KB

    Download