Overview

overview

7

Static

static

1

screen-capture.webm

windows7-x64

1

screen-capture.webm

windows10-2004-x64

7

Analysis

  • max time kernel
    54s
  • max time network
    39s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/02/2024, 16:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    screen-capture.webm

  • Size

    5.8MB

  • MD5

    e8501f118687bbf33d042100d8b571ea

  • SHA1

    44d2a0084cb71440aeeb9b4021bb22501f05070b

  • SHA256

    8285c83067e9b3f33073a4f8e164aea69aa5ad54bde282f589f9ce568ffd9800

  • SHA512

    d8d5d3d8c5b3fd02815407bd74d2d97c591503f2c8fdccd87025f0e8b7ada9149726a2330de1add2dd3d3ca11fd601a5fc206d1d2ab512bc04e381b98d005a36

  • SSDEEP

    98304:N2KewtrWBtzhtuaelJWCDhHZFZGnFLnrlAaN/rZxF8RyU3GTTWJWhZ8nJXRdTpzN:NPIg/9QnNhAaR3ao/vIWhZ8J/T9w4Awd

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 20 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\screen-capture.webm
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:5036
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\screen-capture.webm"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:4328
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x4e8 0x508
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4328-5-0x00007FF787780000-0x00007FF787878000-memory.dmp

    Filesize

    992KB

    Download

  • memory/4328-6-0x00007FFECA150000-0x00007FFECA184000-memory.dmp

    Filesize

    208KB

    Download

  • memory/4328-7-0x00007FFEBA4F0000-0x00007FFEBA7A4000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/4328-11-0x00007FFEC9E90000-0x00007FFEC9EA7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4328-12-0x00007FFEC9E70000-0x00007FFEC9E81000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4328-13-0x00007FFEC9E50000-0x00007FFEC9E6D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/4328-14-0x00007FFEC9DA0000-0x00007FFEC9DB1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4328-10-0x00007FFEC9EB0000-0x00007FFEC9EC1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4328-9-0x00007FFEC9ED0000-0x00007FFEC9EE7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4328-8-0x00007FFEC9F50000-0x00007FFEC9F68000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4328-15-0x00007FFEBA0B0000-0x00007FFEBA2B0000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4328-18-0x00007FFEC9D30000-0x00007FFEC9D51000-memory.dmp

    Filesize

    132KB

    Download

  • memory/4328-27-0x00007FFEC9770000-0x00007FFEC97D7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/4328-37-0x00007FFEC91F0000-0x00007FFEC9211000-memory.dmp

    Filesize

    132KB

    Download

  • memory/4328-40-0x00007FFEB8EC0000-0x00007FFEB8FFB000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4328-41-0x00007FFEC7D90000-0x00007FFEC7DBC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4328-42-0x00007FFEB8D00000-0x00007FFEB8EB2000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/4328-39-0x00007FFEC90A0000-0x00007FFEC90B2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4328-44-0x00007FFECE1D0000-0x00007FFECE1E7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4328-45-0x00007FFEB8A10000-0x00007FFEB8B80000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/4328-48-0x00007FFEC9B80000-0x00007FFEC9BCC000-memory.dmp

    Filesize

    304KB

    Download

  • memory/4328-50-0x00007FFEC3230000-0x00007FFEC3287000-memory.dmp

    Filesize

    348KB

    Download

  • memory/4328-51-0x00007FFEB8650000-0x00007FFEB889B000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/4328-49-0x00007FFEB88A0000-0x00007FFEB8A0B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/4328-47-0x00007FFEC9BD0000-0x00007FFEC9C12000-memory.dmp

    Filesize

    264KB

    Download

  • memory/4328-46-0x00007FFECE1B0000-0x00007FFECE1C2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4328-43-0x00007FFEB8B80000-0x00007FFEB8CF8000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4328-38-0x00007FFEC90C0000-0x00007FFEC90D3000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4328-36-0x00007FFEC9220000-0x00007FFEC9232000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4328-35-0x00007FFEC9240000-0x00007FFEC9251000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4328-34-0x00007FFEC9260000-0x00007FFEC9283000-memory.dmp

    Filesize

    140KB

    Download

  • memory/4328-58-0x00007FFEB6D50000-0x00007FFEB6DC5000-memory.dmp

    Filesize

    468KB

    Download

  • memory/4328-60-0x00007FFEC03A0000-0x00007FFEC03B5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4328-61-0x00007FFEB6B30000-0x00007FFEB6D4D000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4328-65-0x00007FFEB6050000-0x00007FFEB6144000-memory.dmp

    Filesize

    976KB

    Download

  • memory/4328-68-0x00007FFEB5DD0000-0x00007FFEB5DEB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4328-67-0x00007FFEB5DF0000-0x00007FFEB5E03000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4328-66-0x00007FFEB5E10000-0x00007FFEB5E3A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/4328-64-0x00007FFEB6150000-0x00007FFEB6163000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4328-63-0x00007FFEB6170000-0x00007FFEB6193000-memory.dmp

    Filesize

    140KB

    Download

  • memory/4328-62-0x00007FFEB61A0000-0x00007FFEB61B5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4328-59-0x00007FFEBAF80000-0x00007FFEBAFE2000-memory.dmp

    Filesize

    392KB

    Download

  • memory/4328-57-0x00007FFEB6DD0000-0x00007FFEB6E95000-memory.dmp

    Filesize

    788KB

    Download

  • memory/4328-56-0x00007FFEC03C0000-0x00007FFEC03D6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4328-55-0x00007FFEC9B60000-0x00007FFEC9B71000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4328-54-0x00007FFEC3840000-0x00007FFEC386F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4328-53-0x00007FFECA140000-0x00007FFECA150000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4328-52-0x00007FFEB6EA0000-0x00007FFEB8650000-memory.dmp

    Filesize

    23.7MB

    Download

  • memory/4328-33-0x00007FFEC9990000-0x00007FFEC99A7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4328-32-0x00007FFEC9290000-0x00007FFEC92B4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/4328-31-0x00007FFEC92C0000-0x00007FFEC92E8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4328-30-0x00007FFEC92F0000-0x00007FFEC9346000-memory.dmp

    Filesize

    344KB

    Download

  • memory/4328-29-0x00007FFEC99D0000-0x00007FFEC99E1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4328-28-0x00007FFEC9350000-0x00007FFEC93BF000-memory.dmp

    Filesize

    444KB

    Download

  • memory/4328-26-0x00007FFEC99F0000-0x00007FFEC9A20000-memory.dmp

    Filesize

    192KB

    Download

  • memory/4328-25-0x00007FFEC9A20000-0x00007FFEC9A38000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4328-24-0x00007FFEC9AC0000-0x00007FFEC9AD1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4328-23-0x00007FFEC9AE0000-0x00007FFEC9AFB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4328-22-0x00007FFEC9B00000-0x00007FFEC9B11000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4328-21-0x00007FFEC9B20000-0x00007FFEC9B31000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4328-20-0x00007FFEC9B40000-0x00007FFEC9B51000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4328-19-0x00007FFEC9D10000-0x00007FFEC9D28000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4328-17-0x00007FFEC9D60000-0x00007FFEC9D9F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4328-16-0x00007FFEB9000000-0x00007FFEBA0AB000-memory.dmp

    Filesize

    16.7MB

    Download