a5b67d1afaec7548b1113625e4b5c3101c452aa0b295dbcc341722556341fb11

Analysis

max time kernel
146s
max time network
149s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
06-06-2023 15:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tu-madre-tiene-una-p-lla-que-ya-la-quisiera-yo-by-voicemod.mp3
Size

303KB
MD5

66851caa5218ecfe658073c888e7a235
SHA1

a60dc679151a7b9db5cc86604a6a7f844f16db2f
SHA256

a5b67d1afaec7548b1113625e4b5c3101c452aa0b295dbcc341722556341fb11
SHA512

8e2dee6d2a110c09203b4b63c3516e554e2b2bc0ccedd1ecf89b93231937befc498e42f81ca6d90f6e46bc237f40cf59280aef598b07a97b66abe3de102a9eb7
SSDEEP

6144:DFe/ep2Ll0GOnp8JXIDiP/FeOK+pfyLvapckLTEav/kIrkhWHjTKnb:DFe2pmjQYIsO+pfiaptEav/kSkhWPUb

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1020	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1020	vlc.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1824	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1824	AUDIODG.EXE
Token: 33	1020	vlc.exe
Token: SeIncBasePriorityPrivilege	1020	vlc.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
1020	vlc.exe
1020	vlc.exe
1020	vlc.exe
1020	vlc.exe
1020	vlc.exe
1020	vlc.exe
1020	vlc.exe
1020	vlc.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
1020	vlc.exe
1020	vlc.exe
1020	vlc.exe
1020	vlc.exe
1020	vlc.exe
1020	vlc.exe
1020	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1020	vlc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\tu-madre-tiene-una-p-lla-que-ya-la-quisiera-yo-by-voicemod.mp3"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1020

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x40c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1020-123-0x00007FF7AC5C0000-0x00007FF7AC6B8000-memory.dmp

Filesize
992KB

Download
memory/1020-124-0x00007FF9E2F00000-0x00007FF9E2F34000-memory.dmp

Filesize
208KB

Download
memory/1020-125-0x00007FF9DF1F0000-0x00007FF9DF4A4000-memory.dmp

Filesize
2.7MB

Download
memory/1020-127-0x00007FF9E3660000-0x00007FF9E3677000-memory.dmp

Filesize
92KB

Download
memory/1020-129-0x00007FF9DFA50000-0x00007FF9DFA67000-memory.dmp

Filesize
92KB

Download
memory/1020-130-0x00007FF9DF8D0000-0x00007FF9DF8E1000-memory.dmp

Filesize
68KB

Download
memory/1020-131-0x00007FF9DF8B0000-0x00007FF9DF8CD000-memory.dmp

Filesize
116KB

Download
memory/1020-132-0x00007FF9DF890000-0x00007FF9DF8A1000-memory.dmp

Filesize
68KB

Download
memory/1020-128-0x00007FF9E2D00000-0x00007FF9E2D11000-memory.dmp

Filesize
68KB

Download
memory/1020-126-0x00007FF9E37D0000-0x00007FF9E37E8000-memory.dmp

Filesize
96KB

Download
memory/1020-133-0x00007FF9DEF50000-0x00007FF9DF150000-memory.dmp

Filesize
2.0MB

Download
memory/1020-134-0x00007FF9CF9A0000-0x00007FF9D0A4B000-memory.dmp

Filesize
16.7MB

Download
memory/1020-135-0x00007FF9DF6D0000-0x00007FF9DF70F000-memory.dmp

Filesize
252KB

Download
memory/1020-144-0x00007FF9DF510000-0x00007FF9DF540000-memory.dmp

Filesize
192KB

Download
memory/1020-143-0x00007FF9DF540000-0x00007FF9DF558000-memory.dmp

Filesize
96KB

Download
memory/1020-146-0x00007FF9DEE70000-0x00007FF9DEEDF000-memory.dmp

Filesize
444KB

Download
memory/1020-147-0x00007FF9DF1D0000-0x00007FF9DF1E1000-memory.dmp

Filesize
68KB

Download
memory/1020-148-0x00007FF9DF1B0000-0x00007FF9DF1C7000-memory.dmp

Filesize
92KB

Download
memory/1020-149-0x00007FF9DEE50000-0x00007FF9DEE61000-memory.dmp

Filesize
68KB

Download
memory/1020-150-0x00007FF9DEDF0000-0x00007FF9DEE47000-memory.dmp

Filesize
348KB

Download
memory/1020-151-0x00007FF9DEDC0000-0x00007FF9DEDEF000-memory.dmp

Filesize
188KB

Download
memory/1020-152-0x00007FF9DEDA0000-0x00007FF9DEDB3000-memory.dmp

Filesize
76KB

Download
memory/1020-153-0x00007FF9DED80000-0x00007FF9DED91000-memory.dmp

Filesize
68KB

Download
memory/1020-154-0x00007FF9DECB0000-0x00007FF9DED75000-memory.dmp

Filesize
788KB

Download
memory/1020-155-0x00007FF9DEC90000-0x00007FF9DECA2000-memory.dmp

Filesize
72KB

Download
memory/1020-156-0x00007FF9DEC70000-0x00007FF9DEC81000-memory.dmp

Filesize
68KB

Download
memory/1020-157-0x00007FF9DEC50000-0x00007FF9DEC64000-memory.dmp

Filesize
80KB

Download
memory/1020-158-0x00007FF9DEC30000-0x00007FF9DEC42000-memory.dmp

Filesize
72KB

Download
memory/1020-162-0x00007FF9DE720000-0x00007FF9DE735000-memory.dmp

Filesize
84KB

Download
memory/1020-161-0x00007FF9DEBD0000-0x00007FF9DEBE6000-memory.dmp

Filesize
88KB

Download
memory/1020-164-0x00007FF9DE6D0000-0x00007FF9DE6FC000-memory.dmp

Filesize
176KB

Download
memory/1020-165-0x00007FF9DE6B0000-0x00007FF9DE6C2000-memory.dmp

Filesize
72KB

Download
memory/1020-166-0x00007FF9DE680000-0x00007FF9DE6B0000-memory.dmp

Filesize
192KB

Download
memory/1020-167-0x00007FF9DE660000-0x00007FF9DE677000-memory.dmp

Filesize
92KB

Download
memory/1020-163-0x00007FF9DE700000-0x00007FF9DE714000-memory.dmp

Filesize
80KB

Download
memory/1020-160-0x00007FF9DEBF0000-0x00007FF9DEC0E000-memory.dmp

Filesize
120KB

Download
memory/1020-159-0x00007FF9DEC10000-0x00007FF9DEC24000-memory.dmp

Filesize
80KB

Download
memory/1020-145-0x00007FF9DEEE0000-0x00007FF9DEF47000-memory.dmp

Filesize
412KB

Download
memory/1020-142-0x00007FF9DF560000-0x00007FF9DF571000-memory.dmp

Filesize
68KB

Download
memory/1020-141-0x00007FF9DF580000-0x00007FF9DF59B000-memory.dmp

Filesize
108KB

Download
memory/1020-140-0x00007FF9DF620000-0x00007FF9DF631000-memory.dmp

Filesize
68KB

Download
memory/1020-139-0x00007FF9DF640000-0x00007FF9DF651000-memory.dmp

Filesize
68KB

Download
memory/1020-138-0x00007FF9DF660000-0x00007FF9DF671000-memory.dmp

Filesize
68KB

Download
memory/1020-137-0x00007FF9DF680000-0x00007FF9DF698000-memory.dmp

Filesize
96KB

Download
memory/1020-136-0x00007FF9DF6A0000-0x00007FF9DF6C1000-memory.dmp

Filesize
132KB

Download
memory/1020-168-0x00007FF9CE1F0000-0x00007FF9CF9A0000-memory.dmp

Filesize
23.7MB

Download
memory/1020-170-0x00007FF9DE620000-0x00007FF9DE632000-memory.dmp

Filesize
72KB

Download
memory/1020-169-0x00007FF9DE640000-0x00007FF9DE651000-memory.dmp

Filesize
68KB

Download
memory/1020-171-0x00007FF9DE4A0000-0x00007FF9DE618000-memory.dmp

Filesize
1.5MB

Download
memory/1020-173-0x00007FF9DE2B0000-0x00007FF9DE306000-memory.dmp

Filesize
344KB

Download
memory/1020-172-0x00007FF9DE480000-0x00007FF9DE497000-memory.dmp

Filesize
92KB

Download
memory/1020-175-0x00007FF9DE250000-0x00007FF9DE274000-memory.dmp

Filesize
144KB

Download
memory/1020-176-0x00007FF9DFA40000-0x00007FF9DFA50000-memory.dmp

Filesize
64KB

Download
memory/1020-177-0x00007FF9DE230000-0x00007FF9DE246000-memory.dmp

Filesize
88KB

Download
memory/1020-174-0x00007FF9DE280000-0x00007FF9DE2A8000-memory.dmp

Filesize
160KB

Download
memory/1020-178-0x00007FF9DE1B0000-0x00007FF9DE225000-memory.dmp

Filesize
468KB

Download
memory/1020-179-0x00007FF9DDDD0000-0x00007FF9DDE32000-memory.dmp

Filesize
392KB

Download
memory/1020-180-0x00007FF9DDD60000-0x00007FF9DDDCD000-memory.dmp

Filesize
436KB

Download
memory/1020-182-0x00007FF9DD3D0000-0x00007FF9DD3E1000-memory.dmp

Filesize
68KB

Download
memory/1020-183-0x00007FF9CDEC0000-0x00007FF9CDED2000-memory.dmp

Filesize
72KB

Download
memory/1020-181-0x00007FF9DE190000-0x00007FF9DE1A5000-memory.dmp

Filesize
84KB

Download
memory/1020-184-0x00007FF9CDD40000-0x00007FF9CDEBA000-memory.dmp

Filesize
1.5MB

Download