50404b238608281c6c1d5de7b453f7c7c93bfdd8fb9a063ce2712529a9265986

Resubmissions

04-07-2023 05:52

230704-gk5bqscg4w 7

04-07-2023 05:38

230704-gbyslacf9s 7

Analysis

max time kernel
151s
max time network
31s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
04-07-2023 05:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NAV_DOWN.ogg
Size

5KB
MD5

e7977c345b60b12e15e335007f80105f
SHA1

dbb3d2d9a6dade78ece9395135838617e07bf01b
SHA256

e40ff9f9230e63d923076dbf4a29775490c3efe48b6c0bb520be164cbe638bbd
SHA512

ac6b4c4498464d333c1481ba9eac2302217ea5cfec14faa57fe87099262e7c43cd2ea84d69d680b015647a3eed5783c2addda06add730496098969086d352c65
SSDEEP

96:KRSatuKjmRBOx1OoThgkvWoaKi5JrPNalPPPPPPPPPPPPPPPPPPPPPHq0QPPPPPp:ctoKa3o1hFgkFaKwJ7I0j9Y3WXd/iFWB

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1312	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1312	vlc.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: 33	560	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	560	AUDIODG.EXE
Token: 33	560	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	560	AUDIODG.EXE
Token: 33	1312	vlc.exe
Token: SeIncBasePriorityPrivilege	1312	vlc.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
1312	vlc.exe
1312	vlc.exe
1312	vlc.exe
1312	vlc.exe
1312	vlc.exe
1312	vlc.exe
1312	vlc.exe
1312	vlc.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
1312	vlc.exe
1312	vlc.exe
1312	vlc.exe
1312	vlc.exe
1312	vlc.exe
1312	vlc.exe
1312	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1312	vlc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\NAV_DOWN.ogg"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1312

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xc4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1312-54-0x000000013F520000-0x000000013F618000-memory.dmp

Filesize
992KB

Download
memory/1312-55-0x000007FEFB650000-0x000007FEFB684000-memory.dmp

Filesize
208KB

Download
memory/1312-56-0x000007FEF6A60000-0x000007FEF6D14000-memory.dmp

Filesize
2.7MB

Download
memory/1312-57-0x000007FEFB8B0000-0x000007FEFB8C8000-memory.dmp

Filesize
96KB

Download
memory/1312-58-0x000007FEFB630000-0x000007FEFB647000-memory.dmp

Filesize
92KB

Download
memory/1312-59-0x000007FEFB610000-0x000007FEFB621000-memory.dmp

Filesize
68KB

Download
memory/1312-60-0x000007FEFB5F0000-0x000007FEFB607000-memory.dmp

Filesize
92KB

Download
memory/1312-61-0x000007FEFB5D0000-0x000007FEFB5E1000-memory.dmp

Filesize
68KB

Download
memory/1312-62-0x000007FEFB5B0000-0x000007FEFB5CD000-memory.dmp

Filesize
116KB

Download
memory/1312-63-0x000007FEF67C0000-0x000007FEF69C0000-memory.dmp

Filesize
2.0MB

Download
memory/1312-64-0x000007FEFB3C0000-0x000007FEFB3D1000-memory.dmp

Filesize
68KB

Download
memory/1312-65-0x000007FEFB380000-0x000007FEFB3BF000-memory.dmp

Filesize
252KB

Download
memory/1312-66-0x000007FEF6FD0000-0x000007FEF6FF1000-memory.dmp

Filesize
132KB

Download
memory/1312-67-0x000007FEF6FB0000-0x000007FEF6FC8000-memory.dmp

Filesize
96KB

Download
memory/1312-68-0x000007FEF6F90000-0x000007FEF6FA1000-memory.dmp

Filesize
68KB

Download
memory/1312-69-0x000007FEF6F70000-0x000007FEF6F81000-memory.dmp

Filesize
68KB

Download
memory/1312-70-0x000007FEF6F50000-0x000007FEF6F61000-memory.dmp

Filesize
68KB

Download
memory/1312-71-0x000007FEF6F30000-0x000007FEF6F4B000-memory.dmp

Filesize
108KB

Download
memory/1312-72-0x000007FEF6F10000-0x000007FEF6F21000-memory.dmp

Filesize
68KB

Download
memory/1312-73-0x000007FEF6EF0000-0x000007FEF6F08000-memory.dmp

Filesize
96KB

Download
memory/1312-74-0x000007FEF6EC0000-0x000007FEF6EF0000-memory.dmp

Filesize
192KB

Download
memory/1312-75-0x000007FEF5710000-0x000007FEF67BB000-memory.dmp

Filesize
16.7MB

Download
memory/1312-76-0x000007FEF6E50000-0x000007FEF6EB7000-memory.dmp

Filesize
412KB

Download
memory/1312-77-0x000007FEF56A0000-0x000007FEF570F000-memory.dmp

Filesize
444KB

Download
memory/1312-78-0x000007FEF6A40000-0x000007FEF6A51000-memory.dmp

Filesize
68KB

Download
memory/1312-79-0x000007FEF5640000-0x000007FEF569C000-memory.dmp

Filesize
368KB

Download
memory/1312-80-0x000007FEF54C0000-0x000007FEF5638000-memory.dmp

Filesize
1.5MB

Download
memory/1312-81-0x000007FEF6A20000-0x000007FEF6A37000-memory.dmp

Filesize
92KB

Download
memory/1312-89-0x000007FEF6A60000-0x000007FEF6D14000-memory.dmp

Filesize
2.7MB

Download
memory/1312-108-0x000007FEF5710000-0x000007FEF67BB000-memory.dmp

Filesize
16.7MB

Download
memory/1312-115-0x000007FEFB5A0000-0x000007FEFB5B0000-memory.dmp

Filesize
64KB

Download
memory/1312-116-0x000007FEF5490000-0x000007FEF54BF000-memory.dmp

Filesize
188KB

Download
memory/1312-117-0x000007FEF5470000-0x000007FEF5481000-memory.dmp

Filesize
68KB

Download
memory/1312-118-0x000007FEF5450000-0x000007FEF5466000-memory.dmp

Filesize
88KB

Download
memory/1312-120-0x000007FEF5360000-0x000007FEF5375000-memory.dmp

Filesize
84KB

Download
memory/1312-119-0x000007FEF5380000-0x000007FEF5445000-memory.dmp

Filesize
788KB

Download
memory/1312-121-0x000007FEF5020000-0x000007FEF5031000-memory.dmp

Filesize
68KB

Download
memory/1312-122-0x000007FEF5000000-0x000007FEF5012000-memory.dmp

Filesize
72KB

Download