4ae9f46399bb088df9b59fea4f80f3448e9b3937476a10ab5af00e7b80a8597e

Resubmissions

13/02/2024, 05:55

240213-gmt9jsbb68 3

13/02/2024, 05:38

240213-gbrz2sfg6w 3

Analysis

max time kernel
593s
max time network
620s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/02/2024, 05:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VeeamManageClient.exe
Size

39KB
MD5

a56012610e82f692cbcd80ea54cfc522
SHA1

722d883a8b8737bd0bf92901671b9c758b6a706b
SHA256

4ae9f46399bb088df9b59fea4f80f3448e9b3937476a10ab5af00e7b80a8597e
SHA512

b22147f325a9a2276a6c7d23b18bc5dfda9fc921817865566d5ebf5a1fac139746ec88885844a523018fb219e082c7c2f69341b7711168540be0a1fb8137aacb
SSDEEP

768:KPKylEHlFZMC+t2FHyfcvF4FYY1A+84ykatVST5:KCfR2cvmW48s

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1772	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1772	vlc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe
1772	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1772	vlc.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 2620	2840	VeeamManageClient.exe	29
PID 2840 wrote to memory of 2620	2840	VeeamManageClient.exe	29
PID 2840 wrote to memory of 2620	2840	VeeamManageClient.exe	29
PID 2620 wrote to memory of 2516	2620	csc.exe	31
PID 2620 wrote to memory of 2516	2620	csc.exe	31
PID 2620 wrote to memory of 2516	2620	csc.exe	31

C:\Users\Admin\AppData\Local\Temp\VeeamManageClient.exe
"C:\Users\Admin\AppData\Local\Temp\VeeamManageClient.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\tyufx3nv\tyufx3nv.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2620
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1065.tmp" "c:\Users\Admin\AppData\Local\Temp\tyufx3nv\CSC5E45F2CECF4A318634D49FD685CD7D.TMP"
    3⤵
    PID:2516

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\RemoveEnable.m3u"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES1065.tmp

Filesize
1KB

MD5
40f18f38df3cd626d02ea71f667f0a3f

SHA1
a275053b2d69436926a9cff884ea5b9b35d31d89

SHA256
809868690a4221e1bb1fc2d350b1f35c0cf719450ee903e515b291b141492991

SHA512
5e1fd030df2fc1f271464704433925fa666a76ca8d46d6f21c859a2d6a2a63421b8e5b315a041bf7238bc3e4d51df427d8d9a2d1ca0a0e6a6106fbb7e7e54f07

Download Submit
C:\Users\Admin\AppData\Local\Temp\tyufx3nv\tyufx3nv.dll

Filesize
3KB

MD5
891a1a29d3b561895eb1d58daaa10025

SHA1
7cedb0d2a8dd42ba74fc1e017418fc597232e0b7

SHA256
553b2371f6ad05ce2a890e4f204ae2459085823de6b471216885df84ef8626a7

SHA512
efd4d5d0c8437c475b19887f4ba975806a5e7995fe3935d98954f48fafc88e23d69d8b461f1a83a6f33fc9a939adeb002a288a54dab9a4536b2da51f8f9853b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tyufx3nv\tyufx3nv.pdb

Filesize
11KB

MD5
446005f92db0953a8c53bd5bcf9e96d3

SHA1
db9fa1fc8775b07cdf3152c0b30d434ce7cc4c06

SHA256
b1aea033add5d66adfe4df7853255be542584c88f7480af81a1264c327a82cca

SHA512
438a1d673afb6c895677d997ebd5c1f5de91e4b13d0496f5088c39cc0535386d90ca444cf2daba66f0b927a142500cffca4c879e3b2a0b01aed1617370859154

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
8KB

MD5
223178a18d636421fb0db61ed3984652

SHA1
f1008b316693b394ef3b1fae4abc964a86deaa36

SHA256
8a817574cdf24298c37a3113a1295fd1877db9edd435d17088ba0796d69c0c51

SHA512
16c0621201e732fee410c9ba92b3208a1acecb25b3c3c46dad1dca4770039d4da12c16b00477a08dc1c6e92fe0032234d5efc872678613981271724a7ceb47d2

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\tyufx3nv\CSC5E45F2CECF4A318634D49FD685CD7D.TMP

Filesize
652B

MD5
b441675b2ae692141e3c599ec94583d5

SHA1
04f1dd18594eb1dd88677d23758730712b00b67c

SHA256
b505281ed8f18eb339fab86858e1e02aa384023ff3e725075b91ac14ff2ddc5d

SHA512
623363d66e9a02836146e97ca3eaed442631cf350712bbf58dc557329380459c6ee8981fab32b7b319800addbce3b306c0a2579dc5c59ee8e5a2d7ae8dccf41a

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\tyufx3nv\tyufx3nv.0.cs

Filesize
287B

MD5
c23393a348ab66b915e53ee71f0bf2c7

SHA1
fa10a1ff1ea87b3589b32287e3fd16d7ce443d1b

SHA256
f11fae345310c3238f5440e77c25032728583ef6e2ea3821e8bf8762e169e5fd

SHA512
a88efd57ab84e5e220fdcd1c9ed971f55d99e4de54b518e22c0b229b3f9a0145182b5a5fbd71aa456b4209dcb76e87d6531d7ad9f60ee95636a550ce69d9a168

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\tyufx3nv\tyufx3nv.cmdline

Filesize
327B

MD5
2aae4e26ca03fce037ee93a68056b621

SHA1
f9aca55d3902e20b1b267ebfb2677a3e8219c60a

SHA256
0297606ae87d779db0196fe5f1c19c36adb05746e16ea40aa4699f02ce97c548

SHA512
7dd0d8f2326b390b718d56b7fc1a82435f3e466b3edc82ba667cb3c39222d40135ff0c443f9c50e415a5597845f9f1a046af3645737560d6e1450d65b7121269

Download Submit
memory/1772-68-0x000007FEF4860000-0x000007FEF48C7000-memory.dmp

Filesize
412KB

Download
memory/1772-77-0x000007FEF4680000-0x000007FEF4692000-memory.dmp

Filesize
72KB

Download
memory/1772-109-0x000007FEF36E0000-0x000007FEF36F1000-memory.dmp

Filesize
68KB

Download
memory/1772-108-0x000007FEF3700000-0x000007FEF3712000-memory.dmp

Filesize
72KB

Download
memory/1772-107-0x000007FEF3720000-0x000007FEF3749000-memory.dmp

Filesize
164KB

Download
memory/1772-106-0x000007FEF3750000-0x000007FEF3766000-memory.dmp

Filesize
88KB

Download
memory/1772-73-0x000007FEF4710000-0x000007FEF4734000-memory.dmp

Filesize
144KB

Download
memory/1772-105-0x000007FEF3770000-0x000007FEF3788000-memory.dmp

Filesize
96KB

Download
memory/1772-104-0x000007FEF3790000-0x000007FEF37A2000-memory.dmp

Filesize
72KB

Download
memory/1772-101-0x000007FEF3A70000-0x000007FEF3A87000-memory.dmp

Filesize
92KB

Download
memory/1772-102-0x000007FEF37D0000-0x000007FEF37E1000-memory.dmp

Filesize
68KB

Download
memory/1772-103-0x000007FEF37B0000-0x000007FEF37C1000-memory.dmp

Filesize
68KB

Download
memory/1772-100-0x000007FEF3A90000-0x000007FEF3C08000-memory.dmp

Filesize
1.5MB

Download
memory/1772-41-0x000000013FA30000-0x000000013FB28000-memory.dmp

Filesize
992KB

Download
memory/1772-71-0x000007FEF4770000-0x000007FEF47C6000-memory.dmp

Filesize
344KB

Download
memory/1772-43-0x000007FEF5D80000-0x000007FEF6034000-memory.dmp

Filesize
2.7MB

Download
memory/1772-44-0x000007FEF7A80000-0x000007FEF7A98000-memory.dmp

Filesize
96KB

Download
memory/1772-45-0x000007FEF6DC0000-0x000007FEF6DD7000-memory.dmp

Filesize
92KB

Download
memory/1772-46-0x000007FEF6DA0000-0x000007FEF6DB1000-memory.dmp

Filesize
68KB

Download
memory/1772-47-0x000007FEF6D80000-0x000007FEF6D97000-memory.dmp

Filesize
92KB

Download
memory/1772-48-0x000007FEF6CA0000-0x000007FEF6CB1000-memory.dmp

Filesize
68KB

Download
memory/1772-49-0x000007FEF6C80000-0x000007FEF6C9D000-memory.dmp

Filesize
116KB

Download
memory/1772-50-0x000007FEF6C60000-0x000007FEF6C71000-memory.dmp

Filesize
68KB

Download
memory/1772-51-0x000007FEF5A50000-0x000007FEF5C50000-memory.dmp

Filesize
2.0MB

Download
memory/1772-52-0x000007FEF6C20000-0x000007FEF6C5F000-memory.dmp

Filesize
252KB

Download
memory/1772-53-0x000007FEF49A0000-0x000007FEF5A4B000-memory.dmp

Filesize
16.7MB

Download
memory/1772-59-0x000007FEF6BF0000-0x000007FEF6C11000-memory.dmp

Filesize
132KB

Download
memory/1772-60-0x000007FEF6BD0000-0x000007FEF6BE8000-memory.dmp

Filesize
96KB

Download
memory/1772-61-0x000007FEF6BB0000-0x000007FEF6BC1000-memory.dmp

Filesize
68KB

Download
memory/1772-62-0x000007FEF4980000-0x000007FEF4991000-memory.dmp

Filesize
68KB

Download
memory/1772-63-0x000007FEF4960000-0x000007FEF4971000-memory.dmp

Filesize
68KB

Download
memory/1772-64-0x000007FEF4940000-0x000007FEF495B000-memory.dmp

Filesize
108KB

Download
memory/1772-65-0x000007FEF4920000-0x000007FEF4931000-memory.dmp

Filesize
68KB

Download
memory/1772-66-0x000007FEF4900000-0x000007FEF4918000-memory.dmp

Filesize
96KB

Download
memory/1772-67-0x000007FEF48D0000-0x000007FEF4900000-memory.dmp

Filesize
192KB

Download
memory/1772-99-0x000007FEF3C10000-0x000007FEF3C21000-memory.dmp

Filesize
68KB

Download
memory/1772-69-0x000007FEF47F0000-0x000007FEF485F000-memory.dmp

Filesize
444KB

Download
memory/1772-70-0x000007FEF47D0000-0x000007FEF47E1000-memory.dmp

Filesize
68KB

Download
memory/1772-42-0x000007FEF6E70000-0x000007FEF6EA4000-memory.dmp

Filesize
208KB

Download
memory/1772-98-0x000007FEF3C30000-0x000007FEF3D32000-memory.dmp

Filesize
1.0MB

Download
memory/1772-97-0x000007FEF3D40000-0x000007FEF3D51000-memory.dmp

Filesize
68KB

Download
memory/1772-74-0x000007FEF46F0000-0x000007FEF4707000-memory.dmp

Filesize
92KB

Download
memory/1772-75-0x000007FEF46C0000-0x000007FEF46E3000-memory.dmp

Filesize
140KB

Download
memory/1772-76-0x000007FEF46A0000-0x000007FEF46B1000-memory.dmp

Filesize
68KB

Download
memory/1772-72-0x000007FEF4740000-0x000007FEF4768000-memory.dmp

Filesize
160KB

Download
memory/1772-78-0x000007FEF4650000-0x000007FEF4671000-memory.dmp

Filesize
132KB

Download
memory/1772-80-0x000007FEF4610000-0x000007FEF4622000-memory.dmp

Filesize
72KB

Download
memory/1772-79-0x000007FEF4630000-0x000007FEF4643000-memory.dmp

Filesize
76KB

Download
memory/1772-81-0x000007FEF44D0000-0x000007FEF460B000-memory.dmp

Filesize
1.2MB

Download
memory/1772-82-0x000007FEF44A0000-0x000007FEF44CC000-memory.dmp

Filesize
176KB

Download
memory/1772-83-0x000007FEF42E0000-0x000007FEF4492000-memory.dmp

Filesize
1.7MB

Download
memory/1772-84-0x000007FEF4280000-0x000007FEF42DC000-memory.dmp

Filesize
368KB

Download
memory/1772-85-0x000007FEF4260000-0x000007FEF4271000-memory.dmp

Filesize
68KB

Download
memory/1772-86-0x000007FEF41C0000-0x000007FEF4257000-memory.dmp

Filesize
604KB

Download
memory/1772-87-0x000007FEF41A0000-0x000007FEF41B2000-memory.dmp

Filesize
72KB

Download
memory/1772-88-0x000007FEF3F60000-0x000007FEF4191000-memory.dmp

Filesize
2.2MB

Download
memory/1772-89-0x000007FEF3F20000-0x000007FEF3F55000-memory.dmp

Filesize
212KB

Download
memory/1772-90-0x000007FEF3EF0000-0x000007FEF3F15000-memory.dmp

Filesize
148KB

Download
memory/1772-91-0x000007FEF3ED0000-0x000007FEF3EE1000-memory.dmp

Filesize
68KB

Download
memory/1772-92-0x000007FEF3E60000-0x000007FEF3EC1000-memory.dmp

Filesize
388KB

Download
memory/1772-93-0x000007FEF3E40000-0x000007FEF3E51000-memory.dmp

Filesize
68KB

Download
memory/1772-94-0x000007FEF3E20000-0x000007FEF3E32000-memory.dmp

Filesize
72KB

Download
memory/1772-95-0x000007FEF3E00000-0x000007FEF3E13000-memory.dmp

Filesize
76KB

Download
memory/1772-96-0x000007FEF3D60000-0x000007FEF3DFF000-memory.dmp

Filesize
636KB

Download
memory/2840-2-0x000000001A6A0000-0x000000001A720000-memory.dmp

Filesize
512KB

Download
memory/2840-4-0x0000000000520000-0x000000000053C000-memory.dmp

Filesize
112KB

Download
memory/2840-1-0x000007FEF5E50000-0x000007FEF683C000-memory.dmp

Filesize
9.9MB

Download
memory/2840-28-0x000007FEF5E50000-0x000007FEF683C000-memory.dmp

Filesize
9.9MB

Download
memory/2840-26-0x00000000005D0000-0x00000000005D8000-memory.dmp

Filesize
32KB

Download
memory/2840-7-0x000000001B4D0000-0x000000001B576000-memory.dmp

Filesize
664KB

Download
memory/2840-8-0x0000000001E80000-0x0000000001EB4000-memory.dmp

Filesize
208KB

Download
memory/2840-9-0x0000000001FE0000-0x000000000202A000-memory.dmp

Filesize
296KB

Download
memory/2840-3-0x000000001C020000-0x000000001C302000-memory.dmp

Filesize
2.9MB

Download
memory/2840-10-0x00000000005B0000-0x00000000005C6000-memory.dmp

Filesize
88KB

Download
memory/2840-6-0x00000000005A0000-0x00000000005A8000-memory.dmp

Filesize
32KB

Download
memory/2840-5-0x0000000000540000-0x0000000000588000-memory.dmp

Filesize
288KB

Download
memory/2840-11-0x000000001B580000-0x000000001B63A000-memory.dmp

Filesize
744KB

Download
memory/2840-0-0x00000000001A0000-0x00000000001B0000-memory.dmp

Filesize
64KB

Download