31c23d187c70f603c6b2cd738775e8c105a4de991a5321a9e5471cbab10cf574

Analysis

max time kernel
2621s
max time network
2283s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
17/11/2023, 21:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b4aa.mp4
Size

2.0MB
MD5

66929ff9072ee52a3b0bf6b17444ed02
SHA1

000072139977bc1d32a28978a4d5efb82989964b
SHA256

31c23d187c70f603c6b2cd738775e8c105a4de991a5321a9e5471cbab10cf574
SHA512

8c4c31faacba56d4c960ad1659a6172dc96de5edfd9dc0ea7832d82bc3ec5b91bcbab7614519ebff1a5dc91f85777b399c5431800a2307878fefdf339d2ef533
SSDEEP

49152:uh9B5GBaF74f7tiuESWSbiOEhXGrQNORFjLCUvYVYrBY3jfm:uhn5GB27O7tiHdSWlhWrQ8/CUq8BY3j+

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2400	vlc.exe
2620	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2400	vlc.exe
2620	vlc.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2400	vlc.exe
Token: SeIncBasePriorityPrivilege	2400	vlc.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2620	vlc.exe
2620	vlc.exe
2620	vlc.exe
2620	vlc.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2400	vlc.exe
2620	vlc.exe
2620	vlc.exe
2620	vlc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2400	vlc.exe
2620	vlc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\b4aa.mp4"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2400

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UnprotectOut.3gpp"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2620

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\vlc\ml.xspf

Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf.tmp2620

Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
552B

MD5
5140a5f72de2e4e2915f2917a69fa0e2

SHA1
6af2f1572d9462738286144d2efed421d48f82d2

SHA256
5310e68b121b18ba682e260ebc4fde04d17fec4fdf45a7d691d28b661b456b65

SHA512
e2d9999a9b2d140cca5fdf5bc952dde7805eb35bdde89b1d65f3e73f1f2a757ec995f781dd57c274e42fd3c96c5bb7904a18748935e3a81cd359c6494538991d

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlcrc

Filesize
93KB

MD5
478a4a09f4f74e97335cd4d5e9da7ab5

SHA1
3c4f1dc52a293f079095d0b0370428ec8e8f9315

SHA256
884b59950669842f3c45e6da3480cd9a553538b951fb155b435b48ff38683974

SHA512
e96719663cd264132a8e1ea8c3f8a148c778a0c68caa2468ba47629393605b197dd9e00efad91f389de9fcc77b04981a0cf87f785f3c645cdc9e4ebd98060ca1

Download Submit
memory/2400-7-0x000000013F500000-0x000000013F5F8000-memory.dmp

Filesize
992KB

Download
memory/2400-8-0x000007FEF7540000-0x000007FEF7574000-memory.dmp

Filesize
208KB

Download
memory/2400-9-0x000007FEF5B70000-0x000007FEF5E24000-memory.dmp

Filesize
2.7MB

Download
memory/2400-17-0x000007FEFB1A0000-0x000007FEFB1B8000-memory.dmp

Filesize
96KB

Download
memory/2400-30-0x000000013F500000-0x000000013F5F8000-memory.dmp

Filesize
992KB

Download
memory/2400-31-0x000007FEF7540000-0x000007FEF7574000-memory.dmp

Filesize
208KB

Download
memory/2400-32-0x000007FEF5B70000-0x000007FEF5E24000-memory.dmp

Filesize
2.7MB

Download
memory/2400-29-0x000007FEF48C0000-0x000007FEF596B000-memory.dmp

Filesize
16.7MB

Download
memory/2620-48-0x000000013F500000-0x000000013F5F8000-memory.dmp

Filesize
992KB

Download
memory/2620-49-0x000007FEF7540000-0x000007FEF7574000-memory.dmp

Filesize
208KB

Download
memory/2620-50-0x000007FEF5B70000-0x000007FEF5E24000-memory.dmp

Filesize
2.7MB

Download
memory/2620-51-0x000007FEF7520000-0x000007FEF7538000-memory.dmp

Filesize
96KB

Download
memory/2620-52-0x000007FEFB1A0000-0x000007FEFB1B7000-memory.dmp

Filesize
92KB

Download
memory/2620-53-0x000007FEF7300000-0x000007FEF7311000-memory.dmp

Filesize
68KB

Download
memory/2620-54-0x000007FEF46C0000-0x000007FEF48C0000-memory.dmp

Filesize
2.0MB

Download
memory/2620-55-0x000007FEF72C0000-0x000007FEF72FF000-memory.dmp

Filesize
252KB

Download
memory/2620-56-0x000007FEF6D20000-0x000007FEF6D41000-memory.dmp

Filesize
132KB

Download
memory/2620-57-0x000007FEF7500000-0x000007FEF7518000-memory.dmp

Filesize
96KB

Download
memory/2620-58-0x000007FEF68D0000-0x000007FEF68E1000-memory.dmp

Filesize
68KB

Download
memory/2620-59-0x000007FEF68B0000-0x000007FEF68C1000-memory.dmp

Filesize
68KB

Download
memory/2620-60-0x000007FEF6890000-0x000007FEF68A1000-memory.dmp

Filesize
68KB

Download
memory/2620-61-0x000007FEF6870000-0x000007FEF688B000-memory.dmp

Filesize
108KB

Download
memory/2620-62-0x000007FEF6850000-0x000007FEF6861000-memory.dmp

Filesize
68KB

Download
memory/2620-63-0x000007FEF6830000-0x000007FEF6848000-memory.dmp

Filesize
96KB

Download
memory/2620-64-0x000007FEF6800000-0x000007FEF6830000-memory.dmp

Filesize
192KB

Download
memory/2620-65-0x000007FEF6790000-0x000007FEF67F7000-memory.dmp

Filesize
412KB

Download
memory/2620-66-0x000007FEF6240000-0x000007FEF62AF000-memory.dmp

Filesize
444KB

Download
memory/2620-67-0x000007FEF6770000-0x000007FEF6781000-memory.dmp

Filesize
68KB

Download
memory/2620-68-0x000007FEF6750000-0x000007FEF6761000-memory.dmp

Filesize
68KB

Download
memory/2620-69-0x000007FEF4540000-0x000007FEF46B8000-memory.dmp

Filesize
1.5MB

Download
memory/2620-70-0x000007FEF4420000-0x000007FEF4532000-memory.dmp

Filesize
1.1MB

Download
memory/2620-71-0x000007FEF6730000-0x000007FEF6747000-memory.dmp

Filesize
92KB

Download
memory/2620-72-0x000007FEF62F0000-0x000007FEF630D000-memory.dmp

Filesize
116KB

Download
memory/2620-73-0x000007FEF5A20000-0x000007FEF5A31000-memory.dmp

Filesize
68KB

Download
memory/2620-74-0x000007FEF59C0000-0x000007FEF5A16000-memory.dmp

Filesize
344KB

Download
memory/2620-75-0x000007FEF5990000-0x000007FEF59B8000-memory.dmp

Filesize
160KB

Download
memory/2620-76-0x000007FEF43F0000-0x000007FEF4414000-memory.dmp

Filesize
144KB

Download
memory/2620-77-0x000007FEF5970000-0x000007FEF5987000-memory.dmp

Filesize
92KB

Download
memory/2620-78-0x000007FEF43C0000-0x000007FEF43E3000-memory.dmp

Filesize
140KB

Download
memory/2620-80-0x000007FEF43A0000-0x000007FEF43B1000-memory.dmp

Filesize
68KB

Download
memory/2620-79-0x000007FEF48C0000-0x000007FEF596B000-memory.dmp

Filesize
16.7MB

Download
memory/2620-81-0x000007FEF4380000-0x000007FEF4392000-memory.dmp

Filesize
72KB

Download
memory/2620-82-0x000007FEF4350000-0x000007FEF4371000-memory.dmp

Filesize
132KB

Download
memory/2620-83-0x000007FEF4330000-0x000007FEF4343000-memory.dmp

Filesize
76KB

Download
memory/2620-84-0x000007FEF4310000-0x000007FEF4322000-memory.dmp

Filesize
72KB

Download
memory/2620-85-0x000007FEF41D0000-0x000007FEF430B000-memory.dmp

Filesize
1.2MB

Download
memory/2620-86-0x000007FEF41A0000-0x000007FEF41CC000-memory.dmp

Filesize
176KB

Download
memory/2620-87-0x000007FEF3FE0000-0x000007FEF4192000-memory.dmp

Filesize
1.7MB

Download
memory/2620-89-0x000007FEF3F60000-0x000007FEF3F71000-memory.dmp

Filesize
68KB

Download
memory/2620-88-0x000007FEF3F80000-0x000007FEF3FDC000-memory.dmp

Filesize
368KB

Download
memory/2620-90-0x000007FEF3EC0000-0x000007FEF3F57000-memory.dmp

Filesize
604KB

Download
memory/2620-91-0x000007FEF3EA0000-0x000007FEF3EB2000-memory.dmp

Filesize
72KB

Download
memory/2620-92-0x000007FEF3C60000-0x000007FEF3E91000-memory.dmp

Filesize
2.2MB

Download
memory/2620-93-0x000007FEF3C20000-0x000007FEF3C55000-memory.dmp

Filesize
212KB

Download
memory/2620-94-0x000007FEF3BF0000-0x000007FEF3C15000-memory.dmp

Filesize
148KB

Download
memory/2620-95-0x000007FEF3BD0000-0x000007FEF3BE1000-memory.dmp

Filesize
68KB

Download
memory/2620-96-0x000007FEF3B60000-0x000007FEF3BC1000-memory.dmp

Filesize
388KB

Download
memory/2620-97-0x000007FEF3B40000-0x000007FEF3B51000-memory.dmp

Filesize
68KB

Download
memory/2620-98-0x000007FEF3B20000-0x000007FEF3B32000-memory.dmp

Filesize
72KB

Download
memory/2620-99-0x000007FEF3B00000-0x000007FEF3B13000-memory.dmp

Filesize
76KB

Download
memory/2620-100-0x000007FEF3A60000-0x000007FEF3AFF000-memory.dmp

Filesize
636KB

Download
memory/2620-101-0x000007FEF3A30000-0x000007FEF3A5D000-memory.dmp

Filesize
180KB

Download
memory/2620-102-0x000007FEF3A10000-0x000007FEF3A21000-memory.dmp

Filesize
68KB

Download