Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/01/2024, 17:53

General

  • Target

    01 NOTIFICACION DEMANDA/breakage.ogg

  • Size

    91KB

  • MD5

    25ceb30a246b5e35393c3014a8458610

  • SHA1

    30d174a20e735cd86458be23017a5e09ce46e85d

  • SHA256

    23df8661729e5cd150bc5821f3a3d57d918332c4e34cca70eec6495fcb5582d1

  • SHA512

    fe80bd336b87818c0e4091ad5d8c0c2a3ec167840072ead2c7533b20318360bc85b71d5b943973fb11018889e06c51042e0ecf7fe903f08487597e93970338ba

  • SSDEEP

    1536:OUXBvEmQP+ps/USDEW6JA47CgxQqQraU54mR1DQ+XXJGswHw:VvEmQP+pBCElK47CM5Y954h+JGswHw

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\01 NOTIFICACION DEMANDA\breakage.ogg"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4472
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\01 NOTIFICACION DEMANDA\breakage.ogg"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2044

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2044-5-0x00007FF6AEBE0000-0x00007FF6AECD8000-memory.dmp

          Filesize

          992KB

        • memory/2044-6-0x00007FFD3C310000-0x00007FFD3C344000-memory.dmp

          Filesize

          208KB

        • memory/2044-7-0x00007FFD2D360000-0x00007FFD2D614000-memory.dmp

          Filesize

          2.7MB

        • memory/2044-8-0x00007FFD3C6E0000-0x00007FFD3C6F8000-memory.dmp

          Filesize

          96KB

        • memory/2044-9-0x00007FFD3C250000-0x00007FFD3C267000-memory.dmp

          Filesize

          92KB

        • memory/2044-10-0x00007FFD3C230000-0x00007FFD3C241000-memory.dmp

          Filesize

          68KB

        • memory/2044-11-0x00007FFD3C210000-0x00007FFD3C227000-memory.dmp

          Filesize

          92KB

        • memory/2044-12-0x00007FFD3C1F0000-0x00007FFD3C201000-memory.dmp

          Filesize

          68KB

        • memory/2044-13-0x00007FFD3C1D0000-0x00007FFD3C1ED000-memory.dmp

          Filesize

          116KB

        • memory/2044-14-0x00007FFD3C1B0000-0x00007FFD3C1C1000-memory.dmp

          Filesize

          68KB

        • memory/2044-15-0x00007FFD2CFA0000-0x00007FFD2D1A0000-memory.dmp

          Filesize

          2.0MB

        • memory/2044-16-0x00007FFD2BEF0000-0x00007FFD2CF9B000-memory.dmp

          Filesize

          16.7MB

        • memory/2044-17-0x00007FFD3BB10000-0x00007FFD3BB4F000-memory.dmp

          Filesize

          252KB

        • memory/2044-18-0x00007FFD3BAE0000-0x00007FFD3BB01000-memory.dmp

          Filesize

          132KB

        • memory/2044-19-0x00007FFD3BAC0000-0x00007FFD3BAD8000-memory.dmp

          Filesize

          96KB

        • memory/2044-20-0x00007FFD3BAA0000-0x00007FFD3BAB1000-memory.dmp

          Filesize

          68KB

        • memory/2044-22-0x00007FFD37110000-0x00007FFD37121000-memory.dmp

          Filesize

          68KB

        • memory/2044-21-0x00007FFD3A990000-0x00007FFD3A9A1000-memory.dmp

          Filesize

          68KB

        • memory/2044-23-0x00007FFD370F0000-0x00007FFD3710B000-memory.dmp

          Filesize

          108KB

        • memory/2044-24-0x00007FFD33020000-0x00007FFD33031000-memory.dmp

          Filesize

          68KB

        • memory/2044-27-0x00007FFD2BA60000-0x00007FFD2BAC7000-memory.dmp

          Filesize

          412KB

        • memory/2044-29-0x00007FFD2DC30000-0x00007FFD2DC41000-memory.dmp

          Filesize

          68KB

        • memory/2044-39-0x00007FFD2B7F0000-0x00007FFD2B803000-memory.dmp

          Filesize

          76KB

        • memory/2044-40-0x00007FFD2B7D0000-0x00007FFD2B7E2000-memory.dmp

          Filesize

          72KB

        • memory/2044-38-0x00007FFD2B810000-0x00007FFD2B831000-memory.dmp

          Filesize

          132KB

        • memory/2044-37-0x00007FFD2B840000-0x00007FFD2B852000-memory.dmp

          Filesize

          72KB

        • memory/2044-36-0x00007FFD2B860000-0x00007FFD2B871000-memory.dmp

          Filesize

          68KB

        • memory/2044-35-0x00007FFD2B880000-0x00007FFD2B8A3000-memory.dmp

          Filesize

          140KB

        • memory/2044-41-0x00007FFD2B690000-0x00007FFD2B7CB000-memory.dmp

          Filesize

          1.2MB

        • memory/2044-34-0x00007FFD2B8B0000-0x00007FFD2B8C7000-memory.dmp

          Filesize

          92KB

        • memory/2044-33-0x00007FFD2B8D0000-0x00007FFD2B8F4000-memory.dmp

          Filesize

          144KB

        • memory/2044-32-0x00007FFD2B900000-0x00007FFD2B928000-memory.dmp

          Filesize

          160KB

        • memory/2044-42-0x00007FFD2B660000-0x00007FFD2B68C000-memory.dmp

          Filesize

          176KB

        • memory/2044-46-0x00007FFD2B3C0000-0x00007FFD2B3D2000-memory.dmp

          Filesize

          72KB

        • memory/2044-45-0x00007FFD2B3E0000-0x00007FFD2B477000-memory.dmp

          Filesize

          604KB

        • memory/2044-44-0x00007FFD2B480000-0x00007FFD2B491000-memory.dmp

          Filesize

          68KB

        • memory/2044-47-0x00007FFD2B180000-0x00007FFD2B3B1000-memory.dmp

          Filesize

          2.2MB

        • memory/2044-43-0x00007FFD2B4A0000-0x00007FFD2B652000-memory.dmp

          Filesize

          1.7MB

        • memory/2044-48-0x00007FFD2B020000-0x00007FFD2B132000-memory.dmp

          Filesize

          1.1MB

        • memory/2044-49-0x00007FFD2AF70000-0x00007FFD2AFA5000-memory.dmp

          Filesize

          212KB

        • memory/2044-50-0x00007FFD2AF40000-0x00007FFD2AF65000-memory.dmp

          Filesize

          148KB

        • memory/2044-51-0x00007FFD2AF20000-0x00007FFD2AF31000-memory.dmp

          Filesize

          68KB

        • memory/2044-31-0x00007FFD2B930000-0x00007FFD2B986000-memory.dmp

          Filesize

          344KB

        • memory/2044-30-0x00007FFD2B990000-0x00007FFD2B9EC000-memory.dmp

          Filesize

          368KB

        • memory/2044-28-0x00007FFD2B9F0000-0x00007FFD2BA5F000-memory.dmp

          Filesize

          444KB

        • memory/2044-26-0x00007FFD2DC50000-0x00007FFD2DC80000-memory.dmp

          Filesize

          192KB

        • memory/2044-25-0x00007FFD2DC80000-0x00007FFD2DC98000-memory.dmp

          Filesize

          96KB

        • memory/2044-52-0x00007FFD2AEB0000-0x00007FFD2AF11000-memory.dmp

          Filesize

          388KB

        • memory/2044-53-0x00007FFD2AE90000-0x00007FFD2AEA1000-memory.dmp

          Filesize

          68KB

        • memory/2044-54-0x00007FFD2AE70000-0x00007FFD2AE82000-memory.dmp

          Filesize

          72KB

        • memory/2044-55-0x00007FFD2AE50000-0x00007FFD2AE63000-memory.dmp

          Filesize

          76KB

        • memory/2044-56-0x00007FFD2ADB0000-0x00007FFD2AE4F000-memory.dmp

          Filesize

          636KB

        • memory/2044-58-0x00007FFD2AC80000-0x00007FFD2AD82000-memory.dmp

          Filesize

          1.0MB

        • memory/2044-57-0x00007FFD2AD90000-0x00007FFD2ADA1000-memory.dmp

          Filesize

          68KB

        • memory/2044-59-0x00007FFD2AC60000-0x00007FFD2AC71000-memory.dmp

          Filesize

          68KB

        • memory/2044-60-0x00007FFD2AC40000-0x00007FFD2AC51000-memory.dmp

          Filesize

          68KB

        • memory/2044-68-0x00007FFD2AB30000-0x00007FFD2AB41000-memory.dmp

          Filesize

          68KB

        • memory/2044-67-0x00007FFD2AB50000-0x00007FFD2AB61000-memory.dmp

          Filesize

          68KB

        • memory/2044-66-0x00007FFD2AB70000-0x00007FFD2AB82000-memory.dmp

          Filesize

          72KB

        • memory/2044-65-0x00007FFD2AB90000-0x00007FFD2ABB9000-memory.dmp

          Filesize

          164KB

        • memory/2044-64-0x00007FFD2ABC0000-0x00007FFD2ABD6000-memory.dmp

          Filesize

          88KB

        • memory/2044-63-0x00007FFD2ABE0000-0x00007FFD2ABF8000-memory.dmp

          Filesize

          96KB

        • memory/2044-62-0x00007FFD2AC00000-0x00007FFD2AC12000-memory.dmp

          Filesize

          72KB

        • memory/2044-61-0x00007FFD2AC20000-0x00007FFD2AC31000-memory.dmp

          Filesize

          68KB