Analysis

  • max time kernel
    142s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/01/2024, 20:07

General

  • Target

    01 NOTIFICACION DEMANDA/breakage.ogg

  • Size

    91KB

  • MD5

    25ceb30a246b5e35393c3014a8458610

  • SHA1

    30d174a20e735cd86458be23017a5e09ce46e85d

  • SHA256

    23df8661729e5cd150bc5821f3a3d57d918332c4e34cca70eec6495fcb5582d1

  • SHA512

    fe80bd336b87818c0e4091ad5d8c0c2a3ec167840072ead2c7533b20318360bc85b71d5b943973fb11018889e06c51042e0ecf7fe903f08487597e93970338ba

  • SSDEEP

    1536:OUXBvEmQP+ps/USDEW6JA47CgxQqQraU54mR1DQ+XXJGswHw:VvEmQP+pBCElK47CM5Y954h+JGswHw

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\01 NOTIFICACION DEMANDA\breakage.ogg"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1156
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\01 NOTIFICACION DEMANDA\breakage.ogg"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:1048

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1048-0-0x00007FF6D6D30000-0x00007FF6D6E28000-memory.dmp

          Filesize

          992KB

        • memory/1048-1-0x00007FFAC3040000-0x00007FFAC3074000-memory.dmp

          Filesize

          208KB

        • memory/1048-2-0x00007FFAB3740000-0x00007FFAB39F4000-memory.dmp

          Filesize

          2.7MB

        • memory/1048-7-0x00007FFAC2EA0000-0x00007FFAC2EB1000-memory.dmp

          Filesize

          68KB

        • memory/1048-6-0x00007FFAC2EC0000-0x00007FFAC2ED7000-memory.dmp

          Filesize

          92KB

        • memory/1048-5-0x00007FFAC2EE0000-0x00007FFAC2EF1000-memory.dmp

          Filesize

          68KB

        • memory/1048-4-0x00007FFAC2F80000-0x00007FFAC2F97000-memory.dmp

          Filesize

          92KB

        • memory/1048-9-0x00007FFAC2DD0000-0x00007FFAC2DE1000-memory.dmp

          Filesize

          68KB

        • memory/1048-8-0x00007FFAC2DF0000-0x00007FFAC2E0D000-memory.dmp

          Filesize

          116KB

        • memory/1048-11-0x00007FFAC2D90000-0x00007FFAC2DCF000-memory.dmp

          Filesize

          252KB

        • memory/1048-10-0x00007FFAB3540000-0x00007FFAB3740000-memory.dmp

          Filesize

          2.0MB

        • memory/1048-3-0x00007FFAC2FA0000-0x00007FFAC2FB8000-memory.dmp

          Filesize

          96KB

        • memory/1048-12-0x00007FFAB2490000-0x00007FFAB353B000-memory.dmp

          Filesize

          16.7MB

        • memory/1048-22-0x00007FFAC22D0000-0x00007FFAC2337000-memory.dmp

          Filesize

          412KB

        • memory/1048-23-0x00007FFAB9650000-0x00007FFAB96BF000-memory.dmp

          Filesize

          444KB

        • memory/1048-21-0x00007FFAC2990000-0x00007FFAC29C0000-memory.dmp

          Filesize

          192KB

        • memory/1048-37-0x00007FFAB1D50000-0x00007FFAB1D7C000-memory.dmp

          Filesize

          176KB

        • memory/1048-39-0x00007FFAB1B70000-0x00007FFAB1B81000-memory.dmp

          Filesize

          68KB

        • memory/1048-38-0x00007FFAB1B90000-0x00007FFAB1D42000-memory.dmp

          Filesize

          1.7MB

        • memory/1048-41-0x00007FFAB1AB0000-0x00007FFAB1AC2000-memory.dmp

          Filesize

          72KB

        • memory/1048-43-0x00007FFAB1750000-0x00007FFAB1862000-memory.dmp

          Filesize

          1.1MB

        • memory/1048-42-0x00007FFAB1870000-0x00007FFAB1AA1000-memory.dmp

          Filesize

          2.2MB

        • memory/1048-40-0x00007FFAB1AD0000-0x00007FFAB1B67000-memory.dmp

          Filesize

          604KB

        • memory/1048-53-0x00007FFAB14E0000-0x00007FFAB15E2000-memory.dmp

          Filesize

          1.0MB

        • memory/1048-63-0x00007FFAB1390000-0x00007FFAB13A1000-memory.dmp

          Filesize

          68KB

        • memory/1048-62-0x00007FFAB13B0000-0x00007FFAB13C1000-memory.dmp

          Filesize

          68KB

        • memory/1048-61-0x00007FFAB13D0000-0x00007FFAB13E2000-memory.dmp

          Filesize

          72KB

        • memory/1048-60-0x00007FFAB13F0000-0x00007FFAB1419000-memory.dmp

          Filesize

          164KB

        • memory/1048-59-0x00007FFAB1420000-0x00007FFAB1436000-memory.dmp

          Filesize

          88KB

        • memory/1048-58-0x00007FFAB1440000-0x00007FFAB1458000-memory.dmp

          Filesize

          96KB

        • memory/1048-57-0x00007FFAB1460000-0x00007FFAB1472000-memory.dmp

          Filesize

          72KB

        • memory/1048-56-0x00007FFAB1480000-0x00007FFAB1491000-memory.dmp

          Filesize

          68KB

        • memory/1048-55-0x00007FFAB14A0000-0x00007FFAB14B1000-memory.dmp

          Filesize

          68KB

        • memory/1048-54-0x00007FFAB14C0000-0x00007FFAB14D1000-memory.dmp

          Filesize

          68KB

        • memory/1048-52-0x00007FFAB15F0000-0x00007FFAB1601000-memory.dmp

          Filesize

          68KB

        • memory/1048-51-0x00007FFAB1610000-0x00007FFAB16AF000-memory.dmp

          Filesize

          636KB

        • memory/1048-50-0x00007FFAB16B0000-0x00007FFAB16C3000-memory.dmp

          Filesize

          76KB

        • memory/1048-49-0x00007FFAB16D0000-0x00007FFAB16E2000-memory.dmp

          Filesize

          72KB

        • memory/1048-48-0x00007FFAB16F0000-0x00007FFAB1701000-memory.dmp

          Filesize

          68KB

        • memory/1048-47-0x00007FFAC2BD0000-0x00007FFAC2C31000-memory.dmp

          Filesize

          388KB

        • memory/1048-46-0x00007FFAC2C40000-0x00007FFAC2C51000-memory.dmp

          Filesize

          68KB

        • memory/1048-45-0x00007FFAC2C60000-0x00007FFAC2C85000-memory.dmp

          Filesize

          148KB

        • memory/1048-44-0x00007FFAB1710000-0x00007FFAB1745000-memory.dmp

          Filesize

          212KB

        • memory/1048-36-0x00007FFAB1D80000-0x00007FFAB1EBB000-memory.dmp

          Filesize

          1.2MB

        • memory/1048-35-0x00007FFAB1EC0000-0x00007FFAB1ED2000-memory.dmp

          Filesize

          72KB

        • memory/1048-34-0x00007FFAB1EE0000-0x00007FFAB1EF3000-memory.dmp

          Filesize

          76KB

        • memory/1048-33-0x00007FFAB1F00000-0x00007FFAB1F21000-memory.dmp

          Filesize

          132KB

        • memory/1048-32-0x00007FFAB1F30000-0x00007FFAB1F42000-memory.dmp

          Filesize

          72KB

        • memory/1048-31-0x00007FFAB4130000-0x00007FFAB4141000-memory.dmp

          Filesize

          68KB

        • memory/1048-30-0x00007FFAB1F50000-0x00007FFAB1F73000-memory.dmp

          Filesize

          140KB

        • memory/1048-29-0x00007FFAC2290000-0x00007FFAC22A7000-memory.dmp

          Filesize

          92KB

        • memory/1048-28-0x00007FFAB1F80000-0x00007FFAB1FA4000-memory.dmp

          Filesize

          144KB

        • memory/1048-27-0x00007FFABEF00000-0x00007FFABEF28000-memory.dmp

          Filesize

          160KB

        • memory/1048-26-0x00007FFAB1FB0000-0x00007FFAB2006000-memory.dmp

          Filesize

          344KB

        • memory/1048-25-0x00007FFAB2430000-0x00007FFAB248C000-memory.dmp

          Filesize

          368KB

        • memory/1048-24-0x00007FFAC22B0000-0x00007FFAC22C1000-memory.dmp

          Filesize

          68KB

        • memory/1048-20-0x00007FFAC29C0000-0x00007FFAC29D8000-memory.dmp

          Filesize

          96KB

        • memory/1048-19-0x00007FFAC29E0000-0x00007FFAC29F1000-memory.dmp

          Filesize

          68KB

        • memory/1048-18-0x00007FFAC2A80000-0x00007FFAC2A9B000-memory.dmp

          Filesize

          108KB

        • memory/1048-17-0x00007FFAC2AA0000-0x00007FFAC2AB1000-memory.dmp

          Filesize

          68KB

        • memory/1048-16-0x00007FFAC2AC0000-0x00007FFAC2AD1000-memory.dmp

          Filesize

          68KB

        • memory/1048-15-0x00007FFAC2AE0000-0x00007FFAC2AF1000-memory.dmp

          Filesize

          68KB

        • memory/1048-14-0x00007FFAC2B00000-0x00007FFAC2B18000-memory.dmp

          Filesize

          96KB

        • memory/1048-13-0x00007FFAC2D60000-0x00007FFAC2D81000-memory.dmp

          Filesize

          132KB