61630adf63a47f6e53d2eba340dab6b060bf2d2787604dfe3058858a3609f0a6

Analysis

max time kernel
145s
max time network
159s
platform
windows7_x64
resource
win7-20231020-es
resource tags

arch:x64arch:x86image:win7-20231020-eslocale:es-esos:windows7-x64systemwindows
submitted
07/11/2023, 13:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GF_1.ogg
Size

8KB
MD5

56441bd2413ab4a0e09dd215ba906977
SHA1

072c9da384af39a3888468d03c5aa19a195b8238
SHA256

9129caf61ba1c1273fd4ff7f9a6bbf0d21fb4c6c4cb211e0423248f1a30273ee
SHA512

4514ef8f13446f30ce88fcf558476c25d6b1b2a6b6c68bb6c2286f2742ef792473e480efa17683aa22ac7d63aab932cd5b1a4d8abe6465bfb29728574431900e
SSDEEP

192:s/ttxOIOWOKxCPs4OLgVfOF/2Khye/Q2M:s/tDzCPDc/ryVd

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1104	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1104	vlc.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1104	vlc.exe
Token: SeIncBasePriorityPrivilege	1104	vlc.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
1104	vlc.exe
1104	vlc.exe
1104	vlc.exe
1104	vlc.exe
1104	vlc.exe
1104	vlc.exe
1104	vlc.exe
1104	vlc.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
1104	vlc.exe
1104	vlc.exe
1104	vlc.exe
1104	vlc.exe
1104	vlc.exe
1104	vlc.exe
1104	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1104	vlc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\GF_1.ogg"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1104-5-0x000000013F180000-0x000000013F278000-memory.dmp

Filesize
992KB

Download
memory/1104-6-0x000007FEF7310000-0x000007FEF7344000-memory.dmp

Filesize
208KB

Download
memory/1104-7-0x000007FEF5940000-0x000007FEF5BF4000-memory.dmp

Filesize
2.7MB

Download
memory/1104-8-0x000007FEFB440000-0x000007FEFB458000-memory.dmp

Filesize
96KB

Download
memory/1104-9-0x000007FEF72F0000-0x000007FEF7307000-memory.dmp

Filesize
92KB

Download
memory/1104-10-0x000007FEF72D0000-0x000007FEF72E1000-memory.dmp

Filesize
68KB

Download
memory/1104-11-0x000007FEF6610000-0x000007FEF6627000-memory.dmp

Filesize
92KB

Download
memory/1104-12-0x000007FEF65F0000-0x000007FEF6601000-memory.dmp

Filesize
68KB

Download
memory/1104-13-0x000007FEF65D0000-0x000007FEF65ED000-memory.dmp

Filesize
116KB

Download
memory/1104-14-0x000007FEF6130000-0x000007FEF6141000-memory.dmp

Filesize
68KB

Download
memory/1104-15-0x000007FEF5740000-0x000007FEF5940000-memory.dmp

Filesize
2.0MB

Download
memory/1104-16-0x000007FEF4690000-0x000007FEF573B000-memory.dmp

Filesize
16.7MB

Download
memory/1104-17-0x000007FEF6040000-0x000007FEF607F000-memory.dmp

Filesize
252KB

Download
memory/1104-18-0x000007FEF6010000-0x000007FEF6031000-memory.dmp

Filesize
132KB

Download
memory/1104-19-0x000007FEF5FF0000-0x000007FEF6008000-memory.dmp

Filesize
96KB

Download
memory/1104-20-0x000007FEF5FD0000-0x000007FEF5FE1000-memory.dmp

Filesize
68KB

Download
memory/1104-21-0x000007FEF5FB0000-0x000007FEF5FC1000-memory.dmp

Filesize
68KB

Download
memory/1104-22-0x000007FEF5F90000-0x000007FEF5FA1000-memory.dmp

Filesize
68KB

Download
memory/1104-24-0x000007FEF4670000-0x000007FEF4681000-memory.dmp

Filesize
68KB

Download
memory/1104-25-0x000007FEF4650000-0x000007FEF4668000-memory.dmp

Filesize
96KB

Download
memory/1104-23-0x000007FEF5F70000-0x000007FEF5F8B000-memory.dmp

Filesize
108KB

Download
memory/1104-27-0x000007FEF45B0000-0x000007FEF4617000-memory.dmp

Filesize
412KB

Download
memory/1104-26-0x000007FEF4620000-0x000007FEF4650000-memory.dmp

Filesize
192KB

Download
memory/1104-28-0x000007FEF4540000-0x000007FEF45AF000-memory.dmp

Filesize
444KB

Download
memory/1104-29-0x000007FEF4520000-0x000007FEF4531000-memory.dmp

Filesize
68KB

Download
memory/1104-30-0x000007FEF44C0000-0x000007FEF451C000-memory.dmp

Filesize
368KB

Download
memory/1104-33-0x000007FEFAAB0000-0x000007FEFAAC0000-memory.dmp

Filesize
64KB

Download
memory/1104-32-0x000007FEF4320000-0x000007FEF4337000-memory.dmp

Filesize
92KB

Download
memory/1104-36-0x000007FEF42B0000-0x000007FEF42C6000-memory.dmp

Filesize
88KB

Download
memory/1104-35-0x000007FEF42D0000-0x000007FEF42E1000-memory.dmp

Filesize
68KB

Download
memory/1104-37-0x000007FEF41E0000-0x000007FEF42A5000-memory.dmp

Filesize
788KB

Download
memory/1104-38-0x000007FEF41C0000-0x000007FEF41D5000-memory.dmp

Filesize
84KB

Download
memory/1104-34-0x000007FEF42F0000-0x000007FEF431F000-memory.dmp

Filesize
188KB

Download
memory/1104-31-0x000007FEF4340000-0x000007FEF44B8000-memory.dmp

Filesize
1.5MB

Download
memory/1104-39-0x000007FEF4180000-0x000007FEF4191000-memory.dmp

Filesize
68KB

Download
memory/1104-40-0x000007FEF4160000-0x000007FEF4172000-memory.dmp

Filesize
72KB

Download
memory/1104-41-0x000007FEF3FE0000-0x000007FEF415A000-memory.dmp

Filesize
1.5MB

Download
memory/1104-53-0x000007FEF4690000-0x000007FEF573B000-memory.dmp

Filesize
16.7MB

Download