Overview

overview

7

Static

static

3

SMM_WE.7z

windows7-x64

3

SMM_WE.7z

windows10-2004-x64

3

SMM_WE/bgm...ar.ogg

windows7-x64

1

SMM_WE/bgm...ar.ogg

windows10-2004-x64

7

SMM_WE/bgm...ar.ogg

windows7-x64

1

SMM_WE/bgm...ar.ogg

windows10-2004-x64

7

SMM_WE/bgm...le.ogg

windows7-x64

1

SMM_WE/bgm...le.ogg

windows10-2004-x64

7

SMM_WE/data.win

windows7-x64

3

SMM_WE/data.win

windows10-2004-x64

3

SMM_WE/font_as.ttf

windows7-x64

3

SMM_WE/font_as.ttf

windows10-2004-x64

7

SMM_WE/fontcjk.ttf

windows7-x64

3

SMM_WE/fontcjk.ttf

windows10-2004-x64

7

SMM_WE/options.ini

windows7-x64

1

SMM_WE/options.ini

windows10-2004-x64

1

SMM_WE/snd_1up.ogg

windows7-x64

1

SMM_WE/snd_1up.ogg

windows10-2004-x64

7

SMM_WE/snd_DSM_1.ogg

windows7-x64

1

SMM_WE/snd_DSM_1.ogg

windows10-2004-x64

7

SMM_WE/snd_DSM_2.ogg

windows7-x64

1

SMM_WE/snd_DSM_2.ogg

windows10-2004-x64

7

SMM_WE/snd_DSM_3.ogg

windows7-x64

1

SMM_WE/snd_DSM_3.ogg

windows10-2004-x64

7

SMM_WE/snd_DSM_4.ogg

windows7-x64

1

SMM_WE/snd_DSM_4.ogg

windows10-2004-x64

7

SMM_WE/snd...ns.ogg

windows7-x64

1

SMM_WE/snd...ns.ogg

windows10-2004-x64

7

SMM_WE/snd...al.ogg

windows7-x64

1

SMM_WE/snd...al.ogg

windows10-2004-x64

7

SMM_WE/snd...in.ogg

windows7-x64

1

SMM_WE/snd...in.ogg

windows10-2004-x64

7

Resubmissions

11/08/2024, 12:15

240811-pfbgvstblg 7

Analysis

  • max time kernel
    59s
  • max time network
    70s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/01/2024, 08:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SMM_WE/snd_DSM_4.ogg

  • Size

    105KB

  • MD5

    396696dd59ba24405aceaee563bf48bd

  • SHA1

    f797dc55018330408fc0fa5044584521c882fc20

  • SHA256

    e3459474503f4685a02504848fc17c3a50f25a21c0b671f2e2da42aff02d38ae

  • SHA512

    cd3accec3ae709d1122f03a279ce4a592611e5f530250ed7dbdce2801e592bac1d335b08d65fac0951d42b6c85fe2ad387d7d0b808e8792774d9b5812e65a4b0

  • SSDEEP

    3072:CKFNGSWitajA1Egd+DoCaqgO+U6el2mwo+b:HCSf2lgYkzqg/U6el25b

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\SMM_WE\snd_DSM_4.ogg
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4356
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\SMM_WE\snd_DSM_4.ogg"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:3612
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x2d4 0x3f4
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2172

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3612-6-0x00007FF83A300000-0x00007FF83A334000-memory.dmp

    Filesize

    208KB

    Download

  • memory/3612-5-0x00007FF750F30000-0x00007FF751028000-memory.dmp

    Filesize

    992KB

    Download

  • memory/3612-14-0x00007FF830EB0000-0x00007FF830EC1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3612-7-0x00007FF82A410000-0x00007FF82A6C6000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/3612-13-0x00007FF830ED0000-0x00007FF830EED000-memory.dmp

    Filesize

    116KB

    Download

  • memory/3612-12-0x00007FF8314E0000-0x00007FF8314F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3612-11-0x00007FF832700000-0x00007FF832717000-memory.dmp

    Filesize

    92KB

    Download

  • memory/3612-10-0x00007FF835360000-0x00007FF835371000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3612-9-0x00007FF83A230000-0x00007FF83A247000-memory.dmp

    Filesize

    92KB

    Download

  • memory/3612-8-0x00007FF83EC10000-0x00007FF83EC28000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3612-22-0x00007FF82B200000-0x00007FF82B211000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3612-21-0x00007FF82BB10000-0x00007FF82BB21000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3612-20-0x00007FF82BB30000-0x00007FF82BB41000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3612-15-0x00007FF829170000-0x00007FF82A220000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/3612-19-0x00007FF82BD20000-0x00007FF82BD38000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3612-18-0x00007FF82BF70000-0x00007FF82BF91000-memory.dmp

    Filesize

    132KB

    Download

  • memory/3612-17-0x00007FF82BD40000-0x00007FF82BD81000-memory.dmp

    Filesize

    260KB

    Download

  • memory/3612-16-0x00007FF828C10000-0x00007FF828E1B000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3612-25-0x00007FF82A410000-0x00007FF82A6C6000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/3612-33-0x00007FF829170000-0x00007FF82A220000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/3612-51-0x00007FF829170000-0x00007FF82A220000-memory.dmp

    Filesize

    16.7MB

    Download