Analysis

  • max time kernel
    0s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-01-2024 20:19

General

  • Target

    magic.poisontoolz.com/Spaufgty.wav

  • Size

    3.5MB

  • MD5

    eaef1a862aba17aa2570a06d40f94f31

  • SHA1

    6301c10cd5d8132defa0b7904163d325554efa05

  • SHA256

    8dfae205acee3283d7560520816ee22f9c8b3979bb195a061eb9902c87f32ac4

  • SHA512

    895b7b90e011565b8dfb3f400a73cde213057d90aa6923836bc251679734857af9e419c4d6d80470e71ef5c668a8feb6a54156cbeef8e356e8ed9de999904282

  • SSDEEP

    98304:KGmcpvr4msoFNoUqnvTBgsml/VfyUUT9pM:R/pU6YclUT9pM

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Users\Admin\AppData\Local\Temp\magic.poisontoolz.com\Spaufgty.wav"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2460
    • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
      "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Users\Admin\AppData\Local\Temp\magic.poisontoolz.com\Spaufgty.wav"
      2⤵
        PID:1620
      • C:\Windows\SysWOW64\unregmp2.exe
        "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
        2⤵
          PID:452
          • C:\Windows\system32\unregmp2.exe
            "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
            3⤵
              PID:2168

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

          Filesize

          93KB

          MD5

          d44d10fd7d523b4d7a542884b3d0c6c0

          SHA1

          802e80c8ed851937837bbe3e125d82a6b9a62adc

          SHA256

          41536c80d8df63804cbea59bfaab27bf06e8ae682b88a961a2c4a66db5bc15e5

          SHA512

          363963e55185b9e3a13f2de14c3170548172556d432defb358e7d28a2dba6c7f3cfb6a2891ca2f5fc99e8bc13bbf51973bbede5765a6ee9f15bf9f89622213e4

        • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

          Filesize

          9KB

          MD5

          7050d5ae8acfbe560fa11073fef8185d

          SHA1

          5bc38e77ff06785fe0aec5a345c4ccd15752560e

          SHA256

          cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

          SHA512

          a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

        • C:\Users\Admin\AppData\Local\Temp\wmsetup.log

          Filesize

          1KB

          MD5

          dbbe3b2e56558f128653635d80156427

          SHA1

          692dcec13ab48af5614982611af2cc048a30035f

          SHA256

          62ea3456f7158f1d8fa340cdcb9e7cf18f4763c66829c0aba175f6cd873e8961

          SHA512

          e47e76b71849f45a54b172762dcd023d6bdf03d37e3c22f33424a986863a24741352a7f021ea974cd42f15424ec6cf64dc436c16ea11f6572407bc09541c5a08