Analysis

  • max time kernel
    177s
  • max time network
    210s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/03/2024, 22:39

General

  • Target

    Cat.Goes.Fishing.v13.11.2019/music_IceFlow.ogg

  • Size

    1.2MB

  • MD5

    3557a9551c55af7a6144175a1801b390

  • SHA1

    a708731f97e8a8e0978c167a1eeccf8b1c5220b8

  • SHA256

    9e1dec951bac722e931bf2ea6e138659e00ef22294a9defa1e19dbcac31fbf7d

  • SHA512

    3df51fddf86c0df079a7b1533029ba33ca97e1f21b5a3f7e02c68438198a3b8f4b1bba7e0975d5de2bf03e68bbeb05ef01382d55b6887a3676a1e4ff9a2b43dc

  • SSDEEP

    24576:rxQJ29hoLF1lTWx0P+7YoUgW38yjj2HnWHrBhwwqPtPtgbjuUCN846olSt:CJqhsF/TWp7YPGScWLBhhqTgbSUC+LoK

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Cat.Goes.Fishing.v13.11.2019\music_IceFlow.ogg
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Cat.Goes.Fishing.v13.11.2019\music_IceFlow.ogg"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:1980
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x2f8 0x3fc
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4180

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1980-5-0x00007FF6AC3A0000-0x00007FF6AC498000-memory.dmp

          Filesize

          992KB

        • memory/1980-6-0x00007FFE7EDF0000-0x00007FFE7EE24000-memory.dmp

          Filesize

          208KB

        • memory/1980-7-0x00007FFE6F880000-0x00007FFE6FB34000-memory.dmp

          Filesize

          2.7MB

        • memory/1980-8-0x00007FFE7F950000-0x00007FFE7F968000-memory.dmp

          Filesize

          96KB

        • memory/1980-9-0x00007FFE7F680000-0x00007FFE7F697000-memory.dmp

          Filesize

          92KB

        • memory/1980-10-0x00007FFE7F500000-0x00007FFE7F511000-memory.dmp

          Filesize

          68KB

        • memory/1980-14-0x00007FFE75D60000-0x00007FFE75D71000-memory.dmp

          Filesize

          68KB

        • memory/1980-13-0x00007FFE76460000-0x00007FFE7647D000-memory.dmp

          Filesize

          116KB

        • memory/1980-12-0x00007FFE7A920000-0x00007FFE7A931000-memory.dmp

          Filesize

          68KB

        • memory/1980-16-0x00007FFE6F640000-0x00007FFE6F67F000-memory.dmp

          Filesize

          252KB

        • memory/1980-15-0x00007FFE6F680000-0x00007FFE6F880000-memory.dmp

          Filesize

          2.0MB

        • memory/1980-11-0x00007FFE7A940000-0x00007FFE7A957000-memory.dmp

          Filesize

          92KB

        • memory/1980-17-0x00007FFE6E590000-0x00007FFE6F63B000-memory.dmp

          Filesize

          16.7MB

        • memory/1980-19-0x00007FFE6E540000-0x00007FFE6E558000-memory.dmp

          Filesize

          96KB

        • memory/1980-20-0x00007FFE6E520000-0x00007FFE6E531000-memory.dmp

          Filesize

          68KB

        • memory/1980-21-0x00007FFE6E500000-0x00007FFE6E511000-memory.dmp

          Filesize

          68KB

        • memory/1980-26-0x00007FFE6E450000-0x00007FFE6E480000-memory.dmp

          Filesize

          192KB

        • memory/1980-27-0x00007FFE6E3E0000-0x00007FFE6E447000-memory.dmp

          Filesize

          412KB

        • memory/1980-28-0x00007FFE6E370000-0x00007FFE6E3DF000-memory.dmp

          Filesize

          444KB

        • memory/1980-25-0x00007FFE6E480000-0x00007FFE6E498000-memory.dmp

          Filesize

          96KB

        • memory/1980-29-0x00007FFE6E350000-0x00007FFE6E361000-memory.dmp

          Filesize

          68KB

        • memory/1980-30-0x00007FFE6E2F0000-0x00007FFE6E34C000-memory.dmp

          Filesize

          368KB

        • memory/1980-31-0x00007FFE6E170000-0x00007FFE6E2E8000-memory.dmp

          Filesize

          1.5MB

        • memory/1980-32-0x00007FFE6E130000-0x00007FFE6E147000-memory.dmp

          Filesize

          92KB

        • memory/1980-36-0x00007FFE6DEC0000-0x00007FFE6DED6000-memory.dmp

          Filesize

          88KB

        • memory/1980-39-0x00007FFE6DF50000-0x00007FFE6DF61000-memory.dmp

          Filesize

          68KB

        • memory/1980-40-0x00007FFE6DF30000-0x00007FFE6DF42000-memory.dmp

          Filesize

          72KB

        • memory/1980-38-0x00007FFE6DDD0000-0x00007FFE6DDE5000-memory.dmp

          Filesize

          84KB

        • memory/1980-41-0x00007FFE6D700000-0x00007FFE6D87A000-memory.dmp

          Filesize

          1.5MB

        • memory/1980-42-0x00007FFE6DF10000-0x00007FFE6DF23000-memory.dmp

          Filesize

          76KB

        • memory/1980-44-0x00007FFE6D6C0000-0x00007FFE6D6D1000-memory.dmp

          Filesize

          68KB

        • memory/1980-46-0x00007FFE6D680000-0x00007FFE6D691000-memory.dmp

          Filesize

          68KB

        • memory/1980-45-0x00007FFE6D6A0000-0x00007FFE6D6B1000-memory.dmp

          Filesize

          68KB

        • memory/1980-43-0x00007FFE6D6E0000-0x00007FFE6D6F4000-memory.dmp

          Filesize

          80KB

        • memory/1980-35-0x00007FFE6E150000-0x00007FFE6E161000-memory.dmp

          Filesize

          68KB

        • memory/1980-33-0x00007FFE802F0000-0x00007FFE80300000-memory.dmp

          Filesize

          64KB

        • memory/1980-37-0x00007FFE6DDF0000-0x00007FFE6DEB5000-memory.dmp

          Filesize

          788KB

        • memory/1980-34-0x00007FFE6DEE0000-0x00007FFE6DF0F000-memory.dmp

          Filesize

          188KB

        • memory/1980-24-0x00007FFE6E4A0000-0x00007FFE6E4B1000-memory.dmp

          Filesize

          68KB

        • memory/1980-23-0x00007FFE6E4C0000-0x00007FFE6E4DB000-memory.dmp

          Filesize

          108KB

        • memory/1980-22-0x00007FFE6E4E0000-0x00007FFE6E4F1000-memory.dmp

          Filesize

          68KB

        • memory/1980-18-0x00007FFE6E560000-0x00007FFE6E581000-memory.dmp

          Filesize

          132KB

        • memory/1980-59-0x00007FFE6E590000-0x00007FFE6F63B000-memory.dmp

          Filesize

          16.7MB