Overview
overview
7Static
static
3FileAssociations.exe
windows7-x64
1FileAssociations.exe
windows10-2004-x64
1Updater.exe
windows7-x64
1Updater.exe
windows10-2004-x64
1libmpv.dll
windows7-x64
1libmpv.dll
windows10-2004-x64
1libthemes.dll
windows7-x64
1libthemes.dll
windows10-2004-x64
1sfvip player.exe
windows7-x64
6sfvip player.exe
windows10-2004-x64
6SFVIP-Play...er.exe
windows7-x64
7SFVIP-Play...er.exe
windows10-2004-x64
7SFVIP-Play...-1.dll
windows7-x64
1SFVIP-Play...-1.dll
windows10-2004-x64
1SFVIP-Play...pv.dll
windows7-x64
1SFVIP-Play...pv.dll
windows10-2004-x64
1SFVIP-Play...er.exe
windows7-x64
7SFVIP-Play...er.exe
windows10-2004-x64
7SFVIP-Play...dl.exe
windows7-x64
1SFVIP-Play...dl.exe
windows10-2004-x64
1Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
19/02/2024, 13:52
Static task
static1
Behavioral task
behavioral1
Sample
FileAssociations.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
FileAssociations.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Updater.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
Updater.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
libmpv.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
libmpv.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
libthemes.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral8
Sample
libthemes.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
sfvip player.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral10
Sample
sfvip player.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
SFVIP-Player-x64/Updater.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral12
Sample
SFVIP-Player-x64/Updater.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
SFVIP-Player-x64/lib/mpv-1.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral14
Sample
SFVIP-Player-x64/lib/mpv-1.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
SFVIP-Player-x64/libmpv.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral16
Sample
SFVIP-Player-x64/libmpv.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
SFVIP-Player-x64/sfvip player.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral18
Sample
SFVIP-Player-x64/sfvip player.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
SFVIP-Player-x64/youtube-dl.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral20
Sample
SFVIP-Player-x64/youtube-dl.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
General
-
Target
FileAssociations.exe
-
Size
187KB
-
MD5
9c506d43f84c9152263780f3d915186f
-
SHA1
062ff6d00dda1e60d7e94fa49fa264f940ba6546
-
SHA256
4f36716fbd8b9c6b90600037ecf50dcd5fab753bcec864e93e727069b0c4d792
-
SHA512
3ee300a5b3ca4bf7ede06548fbbb35e4e7433fd795db634a43815e564e2779f9328e949bf1f7d42d0d78816d99665e801dc81d96d13c1da0178650ad135dd39d
-
SSDEEP
1536:pX8bnEkEAD4V6xyBiPpvjnS5pK5YpN5YUYTv/R2ZvAD4V6xyBiPpvZnS5pK5YpNV:ObnFD4Qxy0Ppv48D4Qxy0PpvKJ
Malware Config
Signatures
-
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.avi FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.mkv FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.mp4\DefaultIcon FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.mp4\shell\play FileAssociations.exe Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.ts\ = "SFVIP.ts" FileAssociations.exe Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.mp4\shell\play\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\sfvip player.exe\" \"%1\"" FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.ts\DefaultIcon FileAssociations.exe Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.avi\ = "SFVIP.avi" FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.avi\shell FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.flv FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.m3u8 FileAssociations.exe Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.mp4\PerceivedType\ = "media" FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.avi\DefaultIcon FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.m3u\DefaultIcon FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.mkv\PerceivedType FileAssociations.exe Key deleted \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.ts\OpenWithProgids FileAssociations.exe Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.avi\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Icon\\avi.ico\"" FileAssociations.exe Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.flv\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Icon\\flv.ico\"" FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.m3u8\PerceivedType FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.mp4\DefaultIcon FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.mkv\DefaultIcon FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.mp4 FileAssociations.exe Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.ts\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Icon\\ts.ico\"" FileAssociations.exe Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.ts\shell\play\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\sfvip player.exe\" \"%1\"" FileAssociations.exe Key deleted \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.ts FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.ts\shell FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.mp4 FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.avi FileAssociations.exe Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.flv\PerceivedType\ = "media" FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.flv FileAssociations.exe Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.flv\shell\play\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\sfvip player.exe\" \"%1\"" FileAssociations.exe Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.m3u8\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\sfvip player.exe\" \"%1\"" FileAssociations.exe Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.mkv\shell\play\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\sfvip player.exe\" \"%1\"" FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.flv\PerceivedType FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.flv\DefaultIcon FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.m3u\shell\open\command FileAssociations.exe Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.m3u8\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Icon\\m3u8.ico\"" FileAssociations.exe Key deleted \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.mkv\OpenWithProgids FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.avi\PerceivedType FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.flv\shell\play\command FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.m3u8\shell\open FileAssociations.exe Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.avi\PerceivedType\ = "media" FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.avi\shell\play FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.mp4\shell FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.ts FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.flv\DefaultIcon FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.mkv\shell\play\command FileAssociations.exe Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.mp4\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Icon\\mp4.ico\"" FileAssociations.exe Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.ts\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Icon\\ts.ico\"" FileAssociations.exe Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.mkv\ = "MKV - Play with SFVIP-Player" FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.ts\PerceivedType FileAssociations.exe Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.m3u\ = "M3U - Playlist File" FileAssociations.exe Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.m3u8\ = "SFVIP.m3u8" FileAssociations.exe Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.m3u8\PerceivedType\ = "playlist" FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.m3u8\shell\open\command FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.mkv FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.m3u FileAssociations.exe Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.mp4\ = "SFVIP.mp4" FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.mp4\shell\play\command FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.m3u\shell\open FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.m3u8\DefaultIcon FileAssociations.exe Key created \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.ts\shell\play FileAssociations.exe Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\SFVIP.avi\ = "AVI - Play with SFVIP-Player" FileAssociations.exe Set value (str) \REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\.m3u\ = "SFVIP.m3u" FileAssociations.exe