Overview

overview

8

Static

static

1

x2mate.com...s).mp3

windows7-x64

1

x2mate.com...s).mp3

windows10-2004-x64

8

Analysis

  • max time kernel
    62s
  • max time network
    66s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-02-2024 19:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    x2mate.com - AC_DC - Thunderstruck (Official Video) (320 kbps).mp3

  • Size

    2B

  • MD5

    99914b932bd37a50b983c5e7c90ae93b

  • SHA1

    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

  • SHA256

    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

  • SHA512

    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 5 IoCs
    persistence
  • Drops desktop.ini file(s) 8 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\x2mate.com - AC_DC - Thunderstruck (Official Video) (320 kbps).mp3"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
      "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\x2mate.com - AC_DC - Thunderstruck (Official Video) (320 kbps).mp3"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:888
      • C:\Windows\SysWOW64\unregmp2.exe
        C:\Windows\system32\unregmp2.exe /ShowWMP /SetShowState /CreateMediaLibrary
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2072
        • C:\Windows\system32\unregmp2.exe
          "C:\Windows\SysNative\unregmp2.exe" /ShowWMP /SetShowState /CreateMediaLibrary /REENTRANT
          4⤵
          • Modifies Installed Components in the registry
          • Drops desktop.ini file(s)
          • Drops file in Program Files directory
          • Modifies registry class
          PID:4628
      • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
        "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Relaunch /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\x2mate.com - AC_DC - Thunderstruck (Official Video) (320 kbps).mp3"
        3⤵
        • Drops desktop.ini file(s)
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:5052
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3272
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:2276
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:3172
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1804

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
      Filesize

      384KB

      MD5

      f63420442b67dfd4d341e8db8dd5ec7f

      SHA1

      6472a539757ba7ccade29887f2d86eea95b36af0

      SHA256

      48ef6c07237ebb2772b4ace5a724b6fe081eb4dc3f596955ab0fbe8d0fc064d7

      SHA512

      d43f7f4dedaf56f2b54951ef05fc7168e9d0d3829d5a8678ed6df4c10509259a4a86b0bc6e017397aa981a3908c5b00688bb668f7bec32a2a73fd6333fa82c83

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
      Filesize

      1024KB

      MD5

      956be62d4af0d508dec1046def0c019d

      SHA1

      b92304d6589dc8fae1a0d60af0b4ae98e792d744

      SHA256

      a7a66433f3ac166f740ecfabf572b8f96ba5131b0cd9b3b8688a0ff5da5e6bfb

      SHA512

      175d4f7c4032f50925f5ea174b7c15d705ac677f1dbeb4df5713cc573fdf0b7e9cb93f804693b4bfd4c524e9cc351667112b3d1f04dc4555c218cbc19a84737b

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
      Filesize

      68KB

      MD5

      557168722c7cfa5d7a27de2da0c4f11e

      SHA1

      7a5a466de46cdb904eee20f54b8e40fe1901862e

      SHA256

      32f1c86d592821058a94dc83cb66410d5c041a4dba4a22b2847cc89440cf0886

      SHA512

      0fcc6e57743418b752fb9bb4f6a86fe971b0e0d11eecb3cfdab3f3295fe9eedeae504b93efa096a0001eb0f51c4e310d571ba8158839085b3a262da41f19cef9

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
      Filesize

      9KB

      MD5

      7050d5ae8acfbe560fa11073fef8185d

      SHA1

      5bc38e77ff06785fe0aec5a345c4ccd15752560e

      SHA256

      cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

      SHA512

      a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
      Filesize

      1KB

      MD5

      7d009f04d0e733bb3ea1cccec3a0e622

      SHA1

      5feecef432a96aa49d8fa4e4b8da65fcfcda45f5

      SHA256

      ec37bd1df2b2fde6b10f8adf473eb84c7db56f75200c5a8fd741090ce2b48c51

      SHA512

      537ad58dd2073642af05f8e32754dbb6843f51952127f32335a4cd54c353d3137e20225985b81cce5eb3eb177d38fc1c1b5ba4d85b37673ab95304da321d0161

      Download Submit

    • memory/5052-41-0x00000000064F0000-0x0000000006500000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-42-0x00000000064F0000-0x0000000006500000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-43-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-44-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-45-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-46-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-47-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-50-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-49-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-48-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-53-0x0000000008BC0000-0x0000000008BD0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-52-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-51-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-54-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-55-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-56-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-58-0x00000000064F0000-0x0000000006500000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-59-0x00000000064F0000-0x0000000006500000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-60-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-61-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-63-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-64-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-65-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-66-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-67-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-62-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-68-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-69-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-70-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-71-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-75-0x00000000064F0000-0x0000000006500000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-76-0x0000000008BC0000-0x0000000008BD0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-77-0x00000000064F0000-0x0000000006500000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-78-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-79-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-80-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-81-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-82-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-83-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-84-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-85-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-86-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-87-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-88-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-89-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-91-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-92-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-90-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-93-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-94-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-95-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-96-0x0000000000EE0000-0x0000000000EF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-97-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-98-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-99-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-101-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-102-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-103-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-105-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-104-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-106-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-107-0x0000000000EE0000-0x0000000000EF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-108-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-110-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-111-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-112-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-113-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-114-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-115-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-116-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-118-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-117-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-119-0x00000000064F0000-0x0000000006500000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-120-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-121-0x00000000064F0000-0x0000000006500000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-122-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-123-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-124-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-125-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-126-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-127-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-128-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-129-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-130-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-131-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-132-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-133-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-134-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-136-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-137-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-135-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-138-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-139-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-140-0x0000000000EE0000-0x0000000000EF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-142-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-144-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-143-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-148-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-147-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-146-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-145-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-150-0x0000000000EE0000-0x0000000000EF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-149-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-151-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-154-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-158-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-161-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-162-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-163-0x00000000064F0000-0x0000000006500000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-165-0x0000000000EE0000-0x0000000000EF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-166-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-167-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-173-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-174-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-177-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-178-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-182-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-183-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-184-0x00000000009C0000-0x00000000009D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-185-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-186-0x0000000000EE0000-0x0000000000EF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-189-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-190-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-195-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-196-0x0000000000EE0000-0x0000000000EF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5052-201-0x00000000065E0000-0x00000000065F0000-memory.dmp

      Filesize

      64KB

      Download