Overview

overview

7

Static

static

7

ItsOnFire.apk

android-9-x86

ItsOnFire.apk

android-10-x64

ItsOnFire.apk

android-11-x64

1

baseline.prof

windows7-x64

3

baseline.prof

windows10-2004-x64

3

baseline.profm

windows7-x64

3

baseline.profm

windows10-2004-x64

3

damageshelter.ogg

windows7-x64

1

damageshelter.ogg

windows10-2004-x64

7

invaderexplode.ogg

windows7-x64

1

invaderexplode.ogg

windows10-2004-x64

7

oh.ogg

windows7-x64

1

oh.ogg

windows10-2004-x64

7

playerexplode.ogg

windows7-x64

1

playerexplode.ogg

windows10-2004-x64

7

shoot.ogg

windows7-x64

1

shoot.ogg

windows10-2004-x64

7

uh.ogg

windows7-x64

1

uh.ogg

windows10-2004-x64

7

Resubmissions

03/10/2023, 14:56

231003-sbdm7scb8z 7

03/10/2023, 14:35

231003-rx4abadf82 7

02/10/2023, 22:39

231002-2k417afa8s 7

02/10/2023, 21:20

231002-z68v6aeg3z 7

Analysis

  • max time kernel
    142s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/10/2023, 22:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    oh.ogg

  • Size

    10KB

  • MD5

    cfe9690ba3e211c18e62c72fd79eef19

  • SHA1

    7abe861a5152f09f9e787e82a1db82a1deac157b

  • SHA256

    18e02aec04c077843b0deee0ffffc2199d413da7e2058c5f121f65bfc184e8c2

  • SHA512

    1beb6ca6ee6026eff9cda637f0cf2694521de95056938d6f142f38d103610d227b1b3e2b13e05e5d1f5cd056d5de54bc86285746a46c613154612994bb98c6b8

  • SSDEEP

    192:umP9hVauKEoLHMb+Etefm0+7UXtztAzyTLu8:umVhmbwbxtm3Zyu

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\oh.ogg
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4392
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\oh.ogg"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:4672
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x2d0 0x15c
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4672-5-0x00007FF6BE3A0000-0x00007FF6BE498000-memory.dmp

    Filesize

    992KB

    Download

  • memory/4672-6-0x00007FFD30ED0000-0x00007FFD30F04000-memory.dmp

    Filesize

    208KB

    Download

  • memory/4672-7-0x00007FFD21A60000-0x00007FFD21D14000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/4672-9-0x00007FFD30AD0000-0x00007FFD30AE7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4672-8-0x00007FFD30AF0000-0x00007FFD30B08000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4672-10-0x00007FFD30AB0000-0x00007FFD30AC1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4672-11-0x00007FFD30A90000-0x00007FFD30AA7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4672-12-0x00007FFD30A70000-0x00007FFD30A81000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4672-13-0x00007FFD30780000-0x00007FFD3079D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/4672-14-0x00007FFD2D3E0000-0x00007FFD2D3F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4672-15-0x00007FFD21860000-0x00007FFD21A60000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4672-16-0x00007FFD207B0000-0x00007FFD2185B000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/4672-17-0x00007FFD2D3A0000-0x00007FFD2D3DF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4672-18-0x00007FFD2C880000-0x00007FFD2C8A1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/4672-19-0x00007FFD2C860000-0x00007FFD2C878000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4672-20-0x00007FFD2C840000-0x00007FFD2C851000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4672-21-0x00007FFD2C510000-0x00007FFD2C521000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4672-22-0x00007FFD279B0000-0x00007FFD279C1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4672-24-0x00007FFD27970000-0x00007FFD27981000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4672-23-0x00007FFD27990000-0x00007FFD279AB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4672-25-0x00007FFD27950000-0x00007FFD27968000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4672-26-0x00007FFD224C0000-0x00007FFD224F0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/4672-27-0x00007FFD201A0000-0x00007FFD20207000-memory.dmp

    Filesize

    412KB

    Download

  • memory/4672-28-0x00007FFD204F0000-0x00007FFD2055F000-memory.dmp

    Filesize

    444KB

    Download

  • memory/4672-29-0x00007FFD275E0000-0x00007FFD275F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4672-30-0x00007FFD20490000-0x00007FFD204EC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/4672-31-0x00007FFD20430000-0x00007FFD20486000-memory.dmp

    Filesize

    344KB

    Download

  • memory/4672-33-0x00007FFD20400000-0x00007FFD20424000-memory.dmp

    Filesize

    144KB

    Download

  • memory/4672-32-0x00007FFD22380000-0x00007FFD223A8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4672-34-0x00007FFD203E0000-0x00007FFD203F7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4672-35-0x00007FFD203B0000-0x00007FFD203D3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/4672-37-0x00007FFD20370000-0x00007FFD20382000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4672-36-0x00007FFD20390000-0x00007FFD203A1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4672-38-0x00007FFD20340000-0x00007FFD20361000-memory.dmp

    Filesize

    132KB

    Download

  • memory/4672-39-0x00007FFD20320000-0x00007FFD20333000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4672-40-0x00007FFD20020000-0x00007FFD20198000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4672-42-0x00007FFD2FFF0000-0x00007FFD30000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4672-41-0x00007FFD20300000-0x00007FFD20317000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4672-43-0x00007FFD2DD30000-0x00007FFD2DD5F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4672-44-0x00007FFD1FA30000-0x00007FFD1FA41000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4672-45-0x00007FFD1FA10000-0x00007FFD1FA26000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4672-46-0x00007FFD1F9F0000-0x00007FFD1FA05000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4672-47-0x00007FFD30C00000-0x00007FFD30C11000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4672-48-0x00007FFD30BE0000-0x00007FFD30BF2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4672-49-0x00007FFD1F140000-0x00007FFD1F2BA000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4672-51-0x00007FFD1F100000-0x00007FFD1F114000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4672-50-0x00007FFD1F120000-0x00007FFD1F133000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4672-52-0x00007FFD1F0E0000-0x00007FFD1F0F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4672-53-0x00007FFD1F0C0000-0x00007FFD1F0D1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4672-54-0x00007FFD1F0A0000-0x00007FFD1F0B1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4672-55-0x00007FFD1F080000-0x00007FFD1F096000-memory.dmp

    Filesize

    88KB

    Download