Overview

overview

7

Static

static

3

SMM_WE.7z

windows7-x64

3

SMM_WE.7z

windows10-2004-x64

3

SMM_WE/bgm...ar.ogg

windows7-x64

1

SMM_WE/bgm...ar.ogg

windows10-2004-x64

7

SMM_WE/bgm...ar.ogg

windows7-x64

1

SMM_WE/bgm...ar.ogg

windows10-2004-x64

7

SMM_WE/bgm...le.ogg

windows7-x64

1

SMM_WE/bgm...le.ogg

windows10-2004-x64

7

SMM_WE/data.win

windows7-x64

3

SMM_WE/data.win

windows10-2004-x64

3

SMM_WE/font_as.ttf

windows7-x64

3

SMM_WE/font_as.ttf

windows10-2004-x64

7

SMM_WE/fontcjk.ttf

windows7-x64

3

SMM_WE/fontcjk.ttf

windows10-2004-x64

7

SMM_WE/options.ini

windows7-x64

1

SMM_WE/options.ini

windows10-2004-x64

1

SMM_WE/snd_1up.ogg

windows7-x64

1

SMM_WE/snd_1up.ogg

windows10-2004-x64

7

SMM_WE/snd_DSM_1.ogg

windows7-x64

1

SMM_WE/snd_DSM_1.ogg

windows10-2004-x64

7

SMM_WE/snd_DSM_2.ogg

windows7-x64

1

SMM_WE/snd_DSM_2.ogg

windows10-2004-x64

7

SMM_WE/snd_DSM_3.ogg

windows7-x64

1

SMM_WE/snd_DSM_3.ogg

windows10-2004-x64

7

SMM_WE/snd_DSM_4.ogg

windows7-x64

1

SMM_WE/snd_DSM_4.ogg

windows10-2004-x64

7

SMM_WE/snd...ns.ogg

windows7-x64

1

SMM_WE/snd...ns.ogg

windows10-2004-x64

7

SMM_WE/snd...al.ogg

windows7-x64

1

SMM_WE/snd...al.ogg

windows10-2004-x64

7

SMM_WE/snd...in.ogg

windows7-x64

1

SMM_WE/snd...in.ogg

windows10-2004-x64

7

Resubmissions

11/08/2024, 12:15

240811-pfbgvstblg 7

Analysis

  • max time kernel
    59s
  • max time network
    69s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/01/2024, 08:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SMM_WE/snd_DSM_1.ogg

  • Size

    116KB

  • MD5

    020db3f9c2d8d51939fdafd902580ae4

  • SHA1

    980e038b9bc2790192f17665a5e718b49d7b1948

  • SHA256

    9f2ade16dbfae65da16835ce0b98fb100724ccf3417441fbe42a1638ee6c46f7

  • SHA512

    9ef1bae6e70e149e89e7b9c7a992ad42c37c5b5696d89c7595ed8153acc1b80587669f0b962bb43d3be6dd19a5f96fc085ad28eb88db7087dca11954112bd664

  • SSDEEP

    3072:DSxK0DIT6kVXtkJtusyMybYltuR5TF7Y8W0Iq0O:DYDIGkBr+YHKLZq0O

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\SMM_WE\snd_DSM_1.ogg
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4400
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\SMM_WE\snd_DSM_1.ogg"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:3696
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x508 0x338
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3696-6-0x00007FFE72200000-0x00007FFE72234000-memory.dmp

    Filesize

    208KB

    Download

  • memory/3696-5-0x00007FF74C590000-0x00007FF74C688000-memory.dmp

    Filesize

    992KB

    Download

  • memory/3696-7-0x00007FFE62BA0000-0x00007FFE62E56000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/3696-14-0x00007FFE6FBA0000-0x00007FFE6FBB1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3696-15-0x00007FFE627A0000-0x00007FFE629AB000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3696-13-0x00007FFE704F0000-0x00007FFE7050D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/3696-12-0x00007FFE70510000-0x00007FFE70521000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3696-11-0x00007FFE70530000-0x00007FFE70547000-memory.dmp

    Filesize

    92KB

    Download

  • memory/3696-10-0x00007FFE71800000-0x00007FFE71811000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3696-9-0x00007FFE71820000-0x00007FFE71837000-memory.dmp

    Filesize

    92KB

    Download

  • memory/3696-8-0x00007FFE72E30000-0x00007FFE72E48000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3696-22-0x00007FFE69A40000-0x00007FFE69A51000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3696-21-0x00007FFE69A60000-0x00007FFE69A71000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3696-20-0x00007FFE6A0C0000-0x00007FFE6A0D1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3696-19-0x00007FFE6FB80000-0x00007FFE6FB98000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3696-16-0x00007FFE616F0000-0x00007FFE627A0000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/3696-18-0x00007FFE6F940000-0x00007FFE6F961000-memory.dmp

    Filesize

    132KB

    Download

  • memory/3696-17-0x00007FFE6F240000-0x00007FFE6F281000-memory.dmp

    Filesize

    260KB

    Download

  • memory/3696-25-0x00007FFE62BA0000-0x00007FFE62E56000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/3696-34-0x00007FFE616F0000-0x00007FFE627A0000-memory.dmp

    Filesize

    16.7MB

    Download