Overview

overview

10

Static

static

3

WTSAPI32.dll

windows7-x64

1

WTSAPI32.dll

windows10-2004-x64

1

music.exe

windows7-x64

4

music.exe

windows10-2004-x64

10

Resubmissions

17-01-2024 09:19

240117-laklssdcb4 3

26-12-2023 07:14

231226-h25t9sahdk 10

Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26-12-2023 07:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    music.exe

  • Size

    1.4MB

  • MD5

    57c3a0543085a646c010beaabf16d0be

  • SHA1

    b8c0951241dc0e55c4bd73c5e2d33242bd683ff2

  • SHA256

    14436eaf182648ab89c9a54d2e83e5071c07c250e6c744a314035f9424a9106f

  • SHA512

    35e7b74ff0d07e1d392b6a88a3f4dfc2e1b2d77e8a9246621ad8bf15e41b8c4434a75bcf22d692e24f5450ce38b0440a7ccd749cc9d123a95487ce89cab298e8

  • SSDEEP

    12288:mKg1wFSd2zIucT9v+8CbdEujvqzVoZTZINv/GPwVOPc+62z77ei8M/TW0n/T+QN1:mISYzIuw90GkT6Nv/GPwVOE+6Gei8U

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\music.exe
    "C:\Users\Admin\AppData\Local\Temp\music.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:2240
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2240-9-0x0000000000410000-0x0000000000432000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2240-10-0x0000000000580000-0x00000000005E8000-memory.dmp

    Filesize

    416KB

    Download

  • memory/2240-20-0x0000000000580000-0x00000000005E8000-memory.dmp

    Filesize

    416KB

    Download

  • memory/2240-22-0x00000000770F0000-0x0000000077299000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2240-23-0x00000000002F0000-0x00000000002F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2240-26-0x00000000770F0000-0x0000000077299000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2240-25-0x0000000000300000-0x0000000000301000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2240-24-0x00000000770F0000-0x0000000077299000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2240-27-0x0000000048720000-0x00000000488BF000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2240-31-0x00000000488C0000-0x0000000048A5F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2240-34-0x00000000488C0000-0x0000000048A5F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2240-21-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2240-37-0x00000000488C0000-0x0000000048A5F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2240-41-0x00000000488C0000-0x0000000048A5F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2240-19-0x0000000000020000-0x0000000000021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2240-45-0x00000000488C0000-0x0000000048A5F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2240-49-0x00000000488C0000-0x0000000048A5F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2240-0-0x0000000000410000-0x0000000000432000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2240-53-0x00000000488C0000-0x0000000048A5F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2240-57-0x00000000488C0000-0x0000000048A5F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2240-61-0x00000000488C0000-0x0000000048A5F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2240-66-0x0000000048720000-0x00000000488BF000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2240-75-0x00000000488C0000-0x0000000048A5F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2240-80-0x0000000048720000-0x00000000488BF000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2240-84-0x0000000048720000-0x00000000488BF000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2240-86-0x0000000048720000-0x00000000488BF000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2240-87-0x0000000000580000-0x00000000005E8000-memory.dmp

    Filesize

    416KB

    Download

  • memory/2240-89-0x00000000770F0000-0x0000000077299000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2240-90-0x00000000770F0000-0x0000000077299000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2240-91-0x00000000488C0000-0x0000000048A5F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2240-93-0x0000000048720000-0x00000000488BF000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2240-94-0x0000000048720000-0x00000000488BF000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2752-100-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2752-99-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2752-105-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2752-104-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download