Analysis
-
max time kernel
145s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
24-09-2023 00:47
Static task
static1
Behavioral task
behavioral1
Sample
Sp3dyClient.rar
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Sp3dyClient.rar
Resource
win10v2004-20230915-en
General
-
Target
Sp3dyClient.rar
-
Size
42KB
-
MD5
a4ceef30ebf1e679728d2c72fb1265e0
-
SHA1
5425bfe0d8725e3399d90798b466d963daeca20b
-
SHA256
ecdc73cb673db78176483ae4e650790ddefbdc25de41e458ff1d68f456c6feb4
-
SHA512
1b0e520e5dcd78740ad490510ec68e8f95ccaf3a16acf92ecb3ce6b2feeec352e9295de47033fccbe6c9b2aa12d0489d39800a795af49f1c6c8c145ced82c0a1
-
SSDEEP
768:jN9C1mNJnB0el3/iOKfOeGU+6mFAPLHDDB8THzNM/VeKpnrqEERsI3wI:jN9OmXn1FidfOEmFirDNuCeKpnrMLAI
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
Processes:
rundll32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
vlc.exepid process 2400 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
vlc.exepid process 2400 vlc.exe -
Suspicious use of FindShellTrayWindow 8 IoCs
Processes:
vlc.exepid process 2400 vlc.exe 2400 vlc.exe 2400 vlc.exe 2400 vlc.exe 2400 vlc.exe 2400 vlc.exe 2400 vlc.exe 2400 vlc.exe -
Suspicious use of SendNotifyMessage 7 IoCs
Processes:
vlc.exepid process 2400 vlc.exe 2400 vlc.exe 2400 vlc.exe 2400 vlc.exe 2400 vlc.exe 2400 vlc.exe 2400 vlc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
vlc.exepid process 2400 vlc.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
cmd.exerundll32.exedescription pid process target process PID 1916 wrote to memory of 2688 1916 cmd.exe rundll32.exe PID 1916 wrote to memory of 2688 1916 cmd.exe rundll32.exe PID 1916 wrote to memory of 2688 1916 cmd.exe rundll32.exe PID 2688 wrote to memory of 2400 2688 rundll32.exe vlc.exe PID 2688 wrote to memory of 2400 2688 rundll32.exe vlc.exe PID 2688 wrote to memory of 2400 2688 rundll32.exe vlc.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Sp3dyClient.rar1⤵
- Suspicious use of WriteProcessMemory
PID:1916 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Sp3dyClient.rar2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2688 -
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Sp3dyClient.rar"3⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2400