Overview

overview

1

Static

static

1

C'est rien...ts.wav

windows7-x64

Analysis

  • max time kernel
    25s
  • max time network
    26s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2024, 14:52

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    C'est rien c'est Craftok. #Shorts.wav

  • Size

    2.7MB

  • MD5

    5ac79b2cc2d0c87abb7edd362b302806

  • SHA1

    7c07389bd5d8f3bc2153cd9ff74861206a42c5c0

  • SHA256

    309d47b430cfeb7beba9e7c0fa832f34a0ea0cf62bc785d2f27ca9ebd924686f

  • SHA512

    197093b77b58f2d5a49c5747a0dc3b260cef20dff6074fe200d8713e4a77963124d489d7843421f360ff6849a55008e6c122f97781e1f0dc0dc2f38b07576864

  • SSDEEP

    49152:Lk+KD0WJD2qxJAR0v8gDf86zAn1SOeCTglau0JhsXH7qFbjuFkaltsYvYk9EhQof:LklD9DzVpDf86k1SOewhuqFbjzalmYvk

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SendNotifyMessage 13 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\C'est rien c'est Craftok. #Shorts.wav"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:1620
  • C:\Windows\system32\SndVol.exe
    SndVol.exe -f 45417625 17244
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2544
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:2456
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:1576

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1576-18-0x0000000002B30000-0x0000000002B31000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1620-12-0x000000013F870000-0x000000013F968000-memory.dmp

        Filesize

        992KB

        Download

      • memory/1620-13-0x000007FEF7A50000-0x000007FEF7A84000-memory.dmp

        Filesize

        208KB

        Download

      • memory/1620-14-0x000007FEF6200000-0x000007FEF64B4000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/1620-15-0x000007FEF4F50000-0x000007FEF5FFB000-memory.dmp

        Filesize

        16.7MB

        Download

      • memory/2456-17-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2544-16-0x00000000006B0000-0x00000000006B1000-memory.dmp

        Filesize

        4KB

        Download