Analysis
-
max time kernel
121s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
07-10-2023 19:19
Behavioral task
behavioral1
Sample
source_prepared.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
source_prepared.exe
Resource
win10v2004-20230915-en
General
-
Target
source_prepared.exe
-
Size
100.9MB
-
MD5
b3579ad34fc0d03bccc06dcb07a661fe
-
SHA1
3958cae2d59cd767aa4aeb45173f89822762d176
-
SHA256
fb2da9faab4a858b895713abec3a612d622032c6695a6d6584a5db3930921d18
-
SHA512
d74133ffde77318260b46b0afbc8a27ee74ed14e03bf80d98a7e1457dd739d3e780ad3fce02d9c6aa7845e86aee916f71d4a82509ada35167c05054335721a35
-
SSDEEP
3145728:SHZdQJS6xjKcBaJWPDb8zYPDJuoLLKESv2HaUL+IUT:jSWNaJWPDE/DESv26U4
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
source_prepared.exepid Process 2796 source_prepared.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
vlc.exepid Process 1384 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
vlc.exepid Process 1384 vlc.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
AUDIODG.EXEdescription pid Process Token: 33 2376 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2376 AUDIODG.EXE Token: 33 2376 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2376 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 10 IoCs
Processes:
vlc.exepid Process 1384 vlc.exe 1384 vlc.exe 1384 vlc.exe 1384 vlc.exe 1384 vlc.exe 1384 vlc.exe 1384 vlc.exe 1384 vlc.exe 1384 vlc.exe 1384 vlc.exe -
Suspicious use of SendNotifyMessage 9 IoCs
Processes:
vlc.exepid Process 1384 vlc.exe 1384 vlc.exe 1384 vlc.exe 1384 vlc.exe 1384 vlc.exe 1384 vlc.exe 1384 vlc.exe 1384 vlc.exe 1384 vlc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
vlc.exepid Process 1384 vlc.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
source_prepared.exedescription pid Process procid_target PID 2228 wrote to memory of 2796 2228 source_prepared.exe 28 PID 2228 wrote to memory of 2796 2228 source_prepared.exe 28 PID 2228 wrote to memory of 2796 2228 source_prepared.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2228 -
C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"2⤵
- Loads dropped DLL
PID:2796
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2916
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5141⤵
- Suspicious use of AdjustPrivilegeToken
PID:2376
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\GrantFind.mid"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1384
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.5MB
MD565e381a0b1bc05f71c139b0c7a5b8eb2
SHA17c4a3adf21ebcee5405288fc81fc4be75019d472
SHA25653a969094231b9032abe4148939ce08a3a4e4b30b0459fc7d90c89f65e8dcd4a
SHA5124db465ef927dfb019ab6faec3a3538b0c3a8693ea3c2148fd16163bf31c03c899dfdf350c31457edf64e671e3cc3e46851f32f0f84b267535bebc4768ef53d39
-
Filesize
5.5MB
MD565e381a0b1bc05f71c139b0c7a5b8eb2
SHA17c4a3adf21ebcee5405288fc81fc4be75019d472
SHA25653a969094231b9032abe4148939ce08a3a4e4b30b0459fc7d90c89f65e8dcd4a
SHA5124db465ef927dfb019ab6faec3a3538b0c3a8693ea3c2148fd16163bf31c03c899dfdf350c31457edf64e671e3cc3e46851f32f0f84b267535bebc4768ef53d39