Analysis

  • max time kernel
    121s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    07-10-2023 19:19

General

  • Target

    source_prepared.exe

  • Size

    100.9MB

  • MD5

    b3579ad34fc0d03bccc06dcb07a661fe

  • SHA1

    3958cae2d59cd767aa4aeb45173f89822762d176

  • SHA256

    fb2da9faab4a858b895713abec3a612d622032c6695a6d6584a5db3930921d18

  • SHA512

    d74133ffde77318260b46b0afbc8a27ee74ed14e03bf80d98a7e1457dd739d3e780ad3fce02d9c6aa7845e86aee916f71d4a82509ada35167c05054335721a35

  • SSDEEP

    3145728:SHZdQJS6xjKcBaJWPDb8zYPDJuoLLKESv2HaUL+IUT:jSWNaJWPDE/DESv26U4

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 10 IoCs
  • Suspicious use of SendNotifyMessage 9 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
    "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
      "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
      2⤵
      • Loads dropped DLL
      PID:2796
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2916
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x514
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2376
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\GrantFind.mid"
      1⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:1384

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI22282\python311.dll

      Filesize

      5.5MB

      MD5

      65e381a0b1bc05f71c139b0c7a5b8eb2

      SHA1

      7c4a3adf21ebcee5405288fc81fc4be75019d472

      SHA256

      53a969094231b9032abe4148939ce08a3a4e4b30b0459fc7d90c89f65e8dcd4a

      SHA512

      4db465ef927dfb019ab6faec3a3538b0c3a8693ea3c2148fd16163bf31c03c899dfdf350c31457edf64e671e3cc3e46851f32f0f84b267535bebc4768ef53d39

    • \Users\Admin\AppData\Local\Temp\_MEI22282\python311.dll

      Filesize

      5.5MB

      MD5

      65e381a0b1bc05f71c139b0c7a5b8eb2

      SHA1

      7c4a3adf21ebcee5405288fc81fc4be75019d472

      SHA256

      53a969094231b9032abe4148939ce08a3a4e4b30b0459fc7d90c89f65e8dcd4a

      SHA512

      4db465ef927dfb019ab6faec3a3538b0c3a8693ea3c2148fd16163bf31c03c899dfdf350c31457edf64e671e3cc3e46851f32f0f84b267535bebc4768ef53d39

    • memory/1384-2507-0x000000013FEB0000-0x000000013FFA8000-memory.dmp

      Filesize

      992KB

    • memory/1384-2508-0x000007FEF58A0000-0x000007FEF58D4000-memory.dmp

      Filesize

      208KB

    • memory/1384-2509-0x000007FEF4710000-0x000007FEF49C4000-memory.dmp

      Filesize

      2.7MB

    • memory/1384-2510-0x000007FEF3660000-0x000007FEF470B000-memory.dmp

      Filesize

      16.7MB

    • memory/1384-2511-0x000007FEF2920000-0x000007FEF2A32000-memory.dmp

      Filesize

      1.1MB