Analysis
-
max time kernel
1797s -
max time network
1564s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 13:31
Static task
static1
Behavioral task
behavioral1
Sample
Internet.Download.Manager.v6.42.2.rar
Resource
win7-20231129-en
8 signatures
1800 seconds
General
-
Target
Internet.Download.Manager.v6.42.2.rar
-
Size
9.6MB
-
MD5
b4b11430a4feebabcf2e1197828aca36
-
SHA1
65bf29c703cc19cf524515418e54a1fde6f6f766
-
SHA256
1177dcd95f534a33e5c61b954aca384c8c3129c2eebba818e693e4d6aa7b40fb
-
SHA512
d2451988a12c808aab33ceb4032b9ccbe06f580ae5cf80a46ac17626b910b76f974be00674f85b6f6494a0f8b0710f6426802e03d29e541ccb9801932e1ffd75
-
SSDEEP
196608:Ff3cubhrd8cGqu3g6QbdGgVQovddf8mv017bT06fjaCFw/dDM:FfTb/8BNh2Qov800aEPFwlDM
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2576 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2576 vlc.exe -
Suspicious use of FindShellTrayWindow 9 IoCs
pid Process 2576 vlc.exe 2576 vlc.exe 2576 vlc.exe 2576 vlc.exe 2576 vlc.exe 2576 vlc.exe 2576 vlc.exe 2576 vlc.exe 2576 vlc.exe -
Suspicious use of SendNotifyMessage 8 IoCs
pid Process 2576 vlc.exe 2576 vlc.exe 2576 vlc.exe 2576 vlc.exe 2576 vlc.exe 2576 vlc.exe 2576 vlc.exe 2576 vlc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2576 vlc.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 2196 wrote to memory of 2592 2196 cmd.exe 29 PID 2196 wrote to memory of 2592 2196 cmd.exe 29 PID 2196 wrote to memory of 2592 2196 cmd.exe 29 PID 2592 wrote to memory of 2576 2592 rundll32.exe 30 PID 2592 wrote to memory of 2576 2592 rundll32.exe 30 PID 2592 wrote to memory of 2576 2592 rundll32.exe 30
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Internet.Download.Manager.v6.42.2.rar1⤵
- Suspicious use of WriteProcessMemory
PID:2196 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Internet.Download.Manager.v6.42.2.rar2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2592 -
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Internet.Download.Manager.v6.42.2.rar"3⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2576
-
-