f8df4d44bd5491dadfcf25353e38b192b629e4af2500bdc9a3816739d7bbd510

Resubmissions

14/10/2023, 12:48

231014-p1xktseb9s 4

14/10/2023, 12:03

231014-n799tsdf8w 3

14/10/2023, 11:00

231014-m4b27afa32 8

Analysis

max time kernel
155s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 12:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RPGMV-DECRYPTOR.exe
Size

1.2MB
MD5

1bdedbe20afb89236a7902804906aeda
SHA1

bf9c619e4e672ee1bcb02139d938d8291f3aa1ce
SHA256

f8df4d44bd5491dadfcf25353e38b192b629e4af2500bdc9a3816739d7bbd510
SHA512

bfc75d03bd782d0d2d947b93d8c462a193e3e5bd22f42dc81e3fd1d490a6a9bce0564b756b4f43018b795bc9ec52b99c71d227bc7edfe353c90e39053a232464
SSDEEP

24576:Z/0PTG+usn0/nCocageeHQ6i4W1RH0N7wqHrU26dPFJ9:Z/UTG9umnCoca+w6DW1+iMUzdPFJ

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3296	vlc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1608	mspaint.exe
1608	mspaint.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3296	vlc.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3496	OpenWith.exe
3296	vlc.exe
1608	mspaint.exe
1608	mspaint.exe
1608	mspaint.exe
1608	mspaint.exe

C:\Users\Admin\AppData\Local\Temp\RPGMV-DECRYPTOR.exe
"C:\Users\Admin\AppData\Local\Temp\RPGMV-DECRYPTOR.exe"
1⤵
PID:1820

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3496

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\PublishFind.vbe"
1⤵
PID:1876

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\WriteClose.mpeg"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3296

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\UnpublishCompress.bmp"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1608

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:4000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
76B

MD5
a185dab0473ba08ec766ac8245af63ba

SHA1
e805aeefa4b3e34124f0c71f2a671d80583d3300

SHA256
ca073952c612fe89f85bc3ed1fd0089c2f6ddebbc9f6d1d3ed329e3b2467d969

SHA512
f073208ab567f9927d018fecd5ed08645b67e262fa73b6e53ab8aad915cf8481c5f7c71b9883ea9e904c0b4c16e0e2b1fad22ac8a406b454125020e248bf6f00

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
77B

MD5
173173e759903e04d1229ad740e772f0

SHA1
4885a72b0b9106cfd94b53a57aa5d03f78901885

SHA256
dc7ff06f39c0d5f1cdf55db591f305c5c61dbbb2eed875cbff7186e0a2800976

SHA512
cacb5875666a03030b3429effa4f1d92ddd8e1f9063eac7531452265efd1f0d7a590d97450f02c1ebfe9f93cd27af4d60930cbc8a867b630a8889a91401a1804

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

Filesize
18B

MD5
f796d4769f84cc8a59f10036f6d2ce76

SHA1
acc1a439a8754006dbdbdc72ba0da83c87f48310

SHA256
568166577b53c6ce9a6f2f714c6486cde061d3c426f7a882fd12eabd819a982b

SHA512
7a504c87a9f2f1a2edbf845d72a5173283eeb0bb974337ae6916b3ef420b1e2e39d91deedac17a4c738faac405ae1b56893bb72fc39ff6082066765a22667899

Download Submit
memory/3296-24-0x00007FF9D3600000-0x00007FF9D3611000-memory.dmp

Filesize
68KB

Download
memory/3296-20-0x00007FF9D3730000-0x00007FF9D3748000-memory.dmp

Filesize
96KB

Download
memory/3296-6-0x00007FF9D64E0000-0x00007FF9D64F7000-memory.dmp

Filesize
92KB

Download
memory/3296-8-0x00007FF9D4D30000-0x00007FF9D4D4D000-memory.dmp

Filesize
116KB

Download
memory/3296-9-0x00007FF9D4D10000-0x00007FF9D4D21000-memory.dmp

Filesize
68KB

Download
memory/3296-7-0x00007FF9D4D50000-0x00007FF9D4D61000-memory.dmp

Filesize
68KB

Download
memory/3296-4-0x00007FF9E61F0000-0x00007FF9E6207000-memory.dmp

Filesize
92KB

Download
memory/3296-10-0x00007FF9D4B10000-0x00007FF9D4D10000-memory.dmp

Filesize
2.0MB

Download
memory/3296-11-0x00007FF9D37D0000-0x00007FF9D487B000-memory.dmp

Filesize
16.7MB

Download
memory/3296-12-0x00007FF9D4AD0000-0x00007FF9D4B0F000-memory.dmp

Filesize
252KB

Download
memory/3296-14-0x00007FF9D4A80000-0x00007FF9D4A98000-memory.dmp

Filesize
96KB

Download
memory/3296-15-0x00007FF9D4A60000-0x00007FF9D4A71000-memory.dmp

Filesize
68KB

Download
memory/3296-16-0x00007FF9D37B0000-0x00007FF9D37C1000-memory.dmp

Filesize
68KB

Download
memory/3296-27-0x00007FF9D3540000-0x00007FF9D3564000-memory.dmp

Filesize
144KB

Download
memory/3296-17-0x00007FF9D3790000-0x00007FF9D37A1000-memory.dmp

Filesize
68KB

Download
memory/3296-28-0x00007FF9D3520000-0x00007FF9D3537000-memory.dmp

Filesize
92KB

Download
memory/3296-19-0x00007FF9D3750000-0x00007FF9D3761000-memory.dmp

Filesize
68KB

Download
memory/3296-18-0x00007FF9D3770000-0x00007FF9D378B000-memory.dmp

Filesize
108KB

Download
memory/3296-21-0x00007FF9D3700000-0x00007FF9D3730000-memory.dmp

Filesize
192KB

Download
memory/3296-22-0x00007FF9D3690000-0x00007FF9D36F7000-memory.dmp

Filesize
412KB

Download
memory/3296-23-0x00007FF9D3620000-0x00007FF9D368F000-memory.dmp

Filesize
444KB

Download
memory/3296-0-0x00007FF7D3AE0000-0x00007FF7D3BD8000-memory.dmp

Filesize
992KB

Download
memory/3296-5-0x00007FF9E5BE0000-0x00007FF9E5BF1000-memory.dmp

Filesize
68KB

Download
memory/3296-25-0x00007FF9D35A0000-0x00007FF9D35F6000-memory.dmp

Filesize
344KB

Download
memory/3296-13-0x00007FF9D4AA0000-0x00007FF9D4AC1000-memory.dmp

Filesize
132KB

Download
memory/3296-30-0x00007FF9D34D0000-0x00007FF9D34E1000-memory.dmp

Filesize
68KB

Download
memory/3296-29-0x00007FF9D34F0000-0x00007FF9D3513000-memory.dmp

Filesize
140KB

Download
memory/3296-32-0x00007FF9D3480000-0x00007FF9D34A1000-memory.dmp

Filesize
132KB

Download
memory/3296-31-0x00007FF9D34B0000-0x00007FF9D34C2000-memory.dmp

Filesize
72KB

Download
memory/3296-26-0x00007FF9D3570000-0x00007FF9D3598000-memory.dmp

Filesize
160KB

Download
memory/3296-33-0x00007FF9D3460000-0x00007FF9D3473000-memory.dmp

Filesize
76KB

Download
memory/3296-34-0x00007FF9D3440000-0x00007FF9D3452000-memory.dmp

Filesize
72KB

Download
memory/3296-35-0x00007FF9D3300000-0x00007FF9D343B000-memory.dmp

Filesize
1.2MB

Download
memory/3296-36-0x00007FF9D32D0000-0x00007FF9D32FC000-memory.dmp

Filesize
176KB

Download
memory/3296-37-0x00007FF9D3110000-0x00007FF9D32C2000-memory.dmp

Filesize
1.7MB

Download
memory/3296-38-0x00007FF9D30B0000-0x00007FF9D310C000-memory.dmp

Filesize
368KB

Download
memory/3296-39-0x00007FF9D3090000-0x00007FF9D30A1000-memory.dmp

Filesize
68KB

Download
memory/3296-40-0x00007FF9D2FF0000-0x00007FF9D3087000-memory.dmp

Filesize
604KB

Download
memory/3296-41-0x00007FF9D2FD0000-0x00007FF9D2FE2000-memory.dmp

Filesize
72KB

Download
memory/3296-42-0x00007FF9D2D90000-0x00007FF9D2FC1000-memory.dmp

Filesize
2.2MB

Download
memory/3296-45-0x00007FF9D4D70000-0x00007FF9D5024000-memory.dmp

Filesize
2.7MB

Download
memory/3296-54-0x00007FF9D37D0000-0x00007FF9D487B000-memory.dmp

Filesize
16.7MB

Download
memory/3296-3-0x00007FF9E67E0000-0x00007FF9E67F8000-memory.dmp

Filesize
96KB

Download
memory/3296-2-0x00007FF9D4D70000-0x00007FF9D5024000-memory.dmp

Filesize
2.7MB

Download
memory/3296-1-0x00007FF9D5030000-0x00007FF9D5064000-memory.dmp

Filesize
208KB

Download