Overview

overview

8

Static

static

1

WHO LET BRO COOK.mp4

windows7-x64

1

WHO LET BRO COOK.mp4

windows10-1703-x64

6

WHO LET BRO COOK.mp4

windows10-2004-x64

8

WHO LET BRO COOK.mp4

android-10-x64

WHO LET BRO COOK.mp4

android-11-x64

WHO LET BRO COOK.mp4

android-9-x86

WHO LET BRO COOK.mp4

macos-10.15-amd64

WHO LET BRO COOK.mp4

debian-9-armhf

WHO LET BRO COOK.mp4

debian-9-mips

WHO LET BRO COOK.mp4

debian-9-mipsel

WHO LET BRO COOK.mp4

ubuntu-18.04-amd64

Analysis

  • max time kernel
    1796s
  • max time network
    1808s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    21/08/2023, 16:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WHO LET BRO COOK.mp4

  • Size

    3.0MB

  • MD5

    b38d243bf3411ba480a1894e0d4504c4

  • SHA1

    920b7dd5b1d7786373869ba2ca48be002c419a8a

  • SHA256

    e419a9f33cbeaca0cab330f3d7152455fcba727cc6aaf39f3693565a79be694e

  • SHA512

    493207fddf5c6eca3e80fb3ca3f413219f387c3417da4cba65e4eb669c33d4109bc4179a231059cea1204cb0e6af64c376ec009daa3548cdce37148dfb04b1fd

  • SSDEEP

    98304:gEjPQMNqzHW4ESLCI/ahAYNDdmDbBLFReB5Y:gQqzHoSLCI/aaYfsYY

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\WHO LET BRO COOK.mp4"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2748
    • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
      "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\WHO LET BRO COOK.mp4"
      2⤵
        PID:4924
      • C:\Windows\SysWOW64\unregmp2.exe
        "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:4852
        • C:\Windows\System32\unregmp2.exe
          "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
          3⤵
          • Enumerates connected drives
          • Suspicious use of AdjustPrivilegeToken
          PID:4908

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
      Filesize

      64KB

      MD5

      98df921f667bf303621c789390ed9f2e

      SHA1

      d9c82e51534cf1c2eb5a255286de6a09ca364d1a

      SHA256

      8b8497d37fa9ddd44e275aa7631d7c7173c384a501d11e73e3d4401513c4bbe3

      SHA512

      58e896295763c2729c5a19986356e7cc7706265bbda5cd9cec98201ec9ce86c4b68a3e388c86aba198870ca4b8ab1a7876f2d8e1fff7437216dd2789b3ed3796

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
      Filesize

      9KB

      MD5

      7050d5ae8acfbe560fa11073fef8185d

      SHA1

      5bc38e77ff06785fe0aec5a345c4ccd15752560e

      SHA256

      cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

      SHA512

      a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
      Filesize

      1KB

      MD5

      b30530e2757902d17e4b2c0bb0b15bc0

      SHA1

      cca67c0808159eb4ad7f9d086eff31e6032df408

      SHA256

      5b5eed37fe7a985209adc59419d6a5887194a661d6d544053f2c0d3ece607a2f

      SHA512

      0cc442917e773b5759240e8081bda6c6eba41eb60be7e4bef2cb6a60d7f8820517f2e48e5bb2e437f742d7d37e28e823a81644fdf95fd2a1187edac33d0529c7

      Download Submit