Analysis
-
max time kernel
251s -
max time network
252s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
25-02-2024 18:44
Static task
static1
Behavioral task
behavioral1
Sample
crashed_by_vohr.mp3
Resource
win10v2004-20240221-en
windows10-2004-x64
12 signatures
1200 seconds
General
-
Target
crashed_by_vohr.mp3
-
Size
9.3MB
-
MD5
0d813790b342f04e991a7f07487d39c7
-
SHA1
b3b73c636113390813ed338e83530120b5d0b9cd
-
SHA256
ad15869dd2adda745da583f9c1038ffdb127d7a2bab682b82c9858fd64c32301
-
SHA512
49b666e7dbed2903a544e04a2a1499537293fb09410d6391fd0f4b9d421880211930988e6aaaa5a99f2ccfd13cd8f7c6237270b34a7dd4fffe33bc13c252cc6c
-
SSDEEP
196608:OHK+1paMFx7zrfwVsZ1ZfjqkKIdPhvy/dxP:5+14MFx7HfhXfxdTKHP
Score
6/10
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
unregmp2.exedescription ioc Process File opened (read-only) \??\G: unregmp2.exe File opened (read-only) \??\M: unregmp2.exe File opened (read-only) \??\O: unregmp2.exe File opened (read-only) \??\X: unregmp2.exe File opened (read-only) \??\Y: unregmp2.exe File opened (read-only) \??\E: unregmp2.exe File opened (read-only) \??\J: unregmp2.exe File opened (read-only) \??\P: unregmp2.exe File opened (read-only) \??\V: unregmp2.exe File opened (read-only) \??\T: unregmp2.exe File opened (read-only) \??\W: unregmp2.exe File opened (read-only) \??\A: unregmp2.exe File opened (read-only) \??\L: unregmp2.exe File opened (read-only) \??\N: unregmp2.exe File opened (read-only) \??\R: unregmp2.exe File opened (read-only) \??\Q: unregmp2.exe File opened (read-only) \??\S: unregmp2.exe File opened (read-only) \??\U: unregmp2.exe File opened (read-only) \??\Z: unregmp2.exe File opened (read-only) \??\B: unregmp2.exe File opened (read-only) \??\H: unregmp2.exe File opened (read-only) \??\I: unregmp2.exe File opened (read-only) \??\K: unregmp2.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133533603872317467" chrome.exe -
Modifies registry class 1 IoCs
Processes:
chrome.exedescription ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3316742141-2240921845-2885234760-1000\{18406DA3-7088-432C-85F4-E047C3655877} chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid Process 3980 chrome.exe 3980 chrome.exe 1436 chrome.exe 1436 chrome.exe -
Suspicious behavior: LoadsDriver 6 IoCs
Processes:
pid Process 4