Overview

overview

6

Static

static

1

VID-202402...00.mp4

windows10-1703-x64

6

Analysis

  • max time kernel
    361s
  • max time network
    1599s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24-02-2024 10:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VID-20240224-WA0000.mp4

  • Size

    1.6MB

  • MD5

    e2586d29d26856ad38e8e415b19b8af1

  • SHA1

    f1b724fdfd5979f93780182b6d0d67195181e41d

  • SHA256

    71cf2317b18983dd3830953d1b9e9af3f8c624a4524c92d938c986ebc962f881

  • SHA512

    de0da671776edd22c75d4a942e018a4665ff743eeef058296fa4d9a5f7ef67f44cd16df191a3c38d78d9f73c852844e7050e4bc5c62d709b8d4beaa8f001ff23

  • SSDEEP

    49152:JHk02Ri/wAo7FPAqcHGUtLgOeXrDsEjSywiYo41b:JHkiyFP+mUt2fJG/iYo0

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\VID-20240224-WA0000.mp4"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:732
    • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
      "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\VID-20240224-WA0000.mp4"
      2⤵
        PID:2208
      • C:\Windows\SysWOW64\unregmp2.exe
        "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:4080
        • C:\Windows\System32\unregmp2.exe
          "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
          3⤵
          • Enumerates connected drives
          • Suspicious use of AdjustPrivilegeToken
          PID:2920

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
      Filesize

      64KB

      MD5

      98df921f667bf303621c789390ed9f2e

      SHA1

      d9c82e51534cf1c2eb5a255286de6a09ca364d1a

      SHA256

      8b8497d37fa9ddd44e275aa7631d7c7173c384a501d11e73e3d4401513c4bbe3

      SHA512

      58e896295763c2729c5a19986356e7cc7706265bbda5cd9cec98201ec9ce86c4b68a3e388c86aba198870ca4b8ab1a7876f2d8e1fff7437216dd2789b3ed3796

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
      Filesize

      9KB

      MD5

      7050d5ae8acfbe560fa11073fef8185d

      SHA1

      5bc38e77ff06785fe0aec5a345c4ccd15752560e

      SHA256

      cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

      SHA512

      a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
      Filesize

      1KB

      MD5

      48a4317c57b212847f2b57033697c527

      SHA1

      50ad0689c75567f6e71b15c1f85405a18cafce78

      SHA256

      d6467973dae5f0ccc6a2bd2a8d234a5e651e42aff7ee8d1c1b94112314b9032c

      SHA512

      e6afc906bcc9b00b614b3d14385c6604925f1d5c97af8b4b586ec8be6b63ac3a4657871a165439abe5ef4436facb6dec97c63775a0346bfbe09b3b1d94f69daa

      Download Submit