Analysis

  • max time kernel
    140s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/03/2024, 22:39

General

  • Target

    Cat.Goes.Fishing.v13.11.2019/music_NightOfChaos.ogg

  • Size

    1.6MB

  • MD5

    6ed37a2c7a1b192f7c3a60e4cadebb49

  • SHA1

    041169fc4b9e58195173472375d2ea550d7fbf8b

  • SHA256

    c423c0306fb44d959cd29299009d97d6d42c8273b62230a5a527248045e20601

  • SHA512

    97c38492f00d17de5a35da1890dac21fe46f1125fe282df006e9b1a05392b9ba15a9a8014b65bee96a03f0aa9cf6733487abd42e725642d3bf5aafbda672517c

  • SSDEEP

    49152:kYKmIRNLhmSA5P652sJdUTZgU23VXp7RXAMgh6zirsh1:fIrLhmi524IOUitppk0Wg7

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Cat.Goes.Fishing.v13.11.2019\music_NightOfChaos.ogg
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4356
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Cat.Goes.Fishing.v13.11.2019\music_NightOfChaos.ogg"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:4968
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x3f4 0x3ec
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2692

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4968-5-0x00007FF6658D0000-0x00007FF6659C8000-memory.dmp

          Filesize

          992KB

        • memory/4968-7-0x00007FF8E4E90000-0x00007FF8E5144000-memory.dmp

          Filesize

          2.7MB

        • memory/4968-6-0x00007FF8F4860000-0x00007FF8F4894000-memory.dmp

          Filesize

          208KB

        • memory/4968-9-0x00007FF8F4720000-0x00007FF8F4737000-memory.dmp

          Filesize

          92KB

        • memory/4968-15-0x00007FF8E49E0000-0x00007FF8E4BE0000-memory.dmp

          Filesize

          2.0MB

        • memory/4968-14-0x00007FF8F3C00000-0x00007FF8F3C11000-memory.dmp

          Filesize

          68KB

        • memory/4968-13-0x00007FF8F3C20000-0x00007FF8F3C3D000-memory.dmp

          Filesize

          116KB

        • memory/4968-12-0x00007FF8F4510000-0x00007FF8F4521000-memory.dmp

          Filesize

          68KB

        • memory/4968-11-0x00007FF8F4580000-0x00007FF8F4597000-memory.dmp

          Filesize

          92KB

        • memory/4968-10-0x00007FF8F45A0000-0x00007FF8F45B1000-memory.dmp

          Filesize

          68KB

        • memory/4968-8-0x00007FF8F4740000-0x00007FF8F4758000-memory.dmp

          Filesize

          96KB

        • memory/4968-16-0x00007FF8E3930000-0x00007FF8E49DB000-memory.dmp

          Filesize

          16.7MB

        • memory/4968-17-0x00007FF8EB700000-0x00007FF8EB73F000-memory.dmp

          Filesize

          252KB

        • memory/4968-19-0x00007FF8F3C40000-0x00007FF8F3C58000-memory.dmp

          Filesize

          96KB

        • memory/4968-20-0x00007FF8F3BE0000-0x00007FF8F3BF1000-memory.dmp

          Filesize

          68KB

        • memory/4968-21-0x00007FF8F3BA0000-0x00007FF8F3BB1000-memory.dmp

          Filesize

          68KB

        • memory/4968-22-0x00007FF8F3340000-0x00007FF8F3351000-memory.dmp

          Filesize

          68KB

        • memory/4968-23-0x00007FF8EB000000-0x00007FF8EB01B000-memory.dmp

          Filesize

          108KB

        • memory/4968-18-0x00007FF8EB6D0000-0x00007FF8EB6F1000-memory.dmp

          Filesize

          132KB

        • memory/4968-25-0x00007FF8EAFC0000-0x00007FF8EAFD8000-memory.dmp

          Filesize

          96KB

        • memory/4968-26-0x00007FF8E5AD0000-0x00007FF8E5B00000-memory.dmp

          Filesize

          192KB

        • memory/4968-27-0x00007FF8E4E20000-0x00007FF8E4E87000-memory.dmp

          Filesize

          412KB

        • memory/4968-28-0x00007FF8E4DB0000-0x00007FF8E4E1F000-memory.dmp

          Filesize

          444KB

        • memory/4968-31-0x00007FF8E37B0000-0x00007FF8E3928000-memory.dmp

          Filesize

          1.5MB

        • memory/4968-30-0x00007FF8E4D50000-0x00007FF8E4DAC000-memory.dmp

          Filesize

          368KB

        • memory/4968-34-0x00007FF8E4C10000-0x00007FF8E4C3F000-memory.dmp

          Filesize

          188KB

        • memory/4968-35-0x00007FF8E4BF0000-0x00007FF8E4C01000-memory.dmp

          Filesize

          68KB

        • memory/4968-33-0x00007FF8F8210000-0x00007FF8F8220000-memory.dmp

          Filesize

          64KB

        • memory/4968-36-0x00007FF8E33A0000-0x00007FF8E33B6000-memory.dmp

          Filesize

          88KB

        • memory/4968-32-0x00007FF8E5A90000-0x00007FF8E5AA7000-memory.dmp

          Filesize

          92KB

        • memory/4968-29-0x00007FF8E5AB0000-0x00007FF8E5AC1000-memory.dmp

          Filesize

          68KB

        • memory/4968-24-0x00007FF8EAFE0000-0x00007FF8EAFF1000-memory.dmp

          Filesize

          68KB

        • memory/4968-41-0x00007FF8E2BA0000-0x00007FF8E2D1A000-memory.dmp

          Filesize

          1.5MB

        • memory/4968-40-0x00007FF8E2D20000-0x00007FF8E2D32000-memory.dmp

          Filesize

          72KB

        • memory/4968-43-0x00007FF8E2B60000-0x00007FF8E2B74000-memory.dmp

          Filesize

          80KB

        • memory/4968-44-0x00007FF8E2B40000-0x00007FF8E2B51000-memory.dmp

          Filesize

          68KB

        • memory/4968-46-0x00007FF8E2B00000-0x00007FF8E2B11000-memory.dmp

          Filesize

          68KB

        • memory/4968-45-0x00007FF8E2B20000-0x00007FF8E2B31000-memory.dmp

          Filesize

          68KB

        • memory/4968-42-0x00007FF8E2B80000-0x00007FF8E2B93000-memory.dmp

          Filesize

          76KB

        • memory/4968-39-0x00007FF8E2D40000-0x00007FF8E2D51000-memory.dmp

          Filesize

          68KB

        • memory/4968-38-0x00007FF8E32B0000-0x00007FF8E32C5000-memory.dmp

          Filesize

          84KB

        • memory/4968-37-0x00007FF8E32D0000-0x00007FF8E3395000-memory.dmp

          Filesize

          788KB

        • memory/4968-58-0x00007FF8E3930000-0x00007FF8E49DB000-memory.dmp

          Filesize

          16.7MB