510fc8c2112e2bc544fb29a72191eabcc68d3a5a7468d35d7694493bc8593a79

General

Target

VC_redist.x86.exe
Size

13.2MB
MD5

9882a328c8414274555845fa6b542d1e
SHA1

ab4a97610b127d68c45311deabfbcd8aa7066f4b
SHA256

510fc8c2112e2bc544fb29a72191eabcc68d3a5a7468d35d7694493bc8593a79
SHA512

c08d1aa7e6e6215a0cee2793592b65668066c8c984b26675d2b8c09bc7fee21411cb3c0a905eaee7a48e7a47535fa777de21eeb07c78bca7bf3d7bb17192acf2
SSDEEP

196608:oRjgvJ2flpQcIIS/Rj7BWl+aV8t8z72BxBwBgO42BE6+2DQlMp1sHW5ZDmCCM0Xr:IgRIlptVYmfr7yBG/4pXMHsHW76CsGE

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Executes dropped EXE 1 IoCs

Processes:

VC_redist.x86.exe

pid process

1188 VC_redist.x86.exe
Loads dropped DLL 1 IoCs

Processes:

VC_redist.x86.exe

pid process

1188 VC_redist.x86.exe
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

vlc.exe

pid process

1428 vlc.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

vlc.exe

pid process

1428 vlc.exe

pid	process
1188	VC_redist.x86.exe

pid	process
1188	VC_redist.x86.exe

Suspicious use of FindShellTrayWindow 16 IoCs

Processes:

vlc.exe

pid	process
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe

Suspicious use of SendNotifyMessage 15 IoCs

Processes:

vlc.exe

pid	process
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe
1428	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

vlc.exe

pid process

1428 vlc.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

VC_redist.x86.exe

description	pid	process	target process
PID 2852 wrote to memory of 1188	2852	VC_redist.x86.exe	VC_redist.x86.exe
PID 2852 wrote to memory of 1188	2852	VC_redist.x86.exe	VC_redist.x86.exe
PID 2852 wrote to memory of 1188	2852	VC_redist.x86.exe	VC_redist.x86.exe

C:\Users\Admin\AppData\Local\Temp\VC_redist.x86.exe
"C:\Users\Admin\AppData\Local\Temp\VC_redist.x86.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2852

C:\Windows\Temp\{8B132595-2CB9-4851-A59D-E18D7046A36A}\.cr\VC_redist.x86.exe
"C:\Windows\Temp\{8B132595-2CB9-4851-A59D-E18D7046A36A}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\VC_redist.x86.exe" -burn.filehandle.attached=564 -burn.filehandle.self=684
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1188

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1552

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\WriteCompare.mp4v"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1428

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
Filesize
79B

MD5
cfbba669ca3e750ff0038768b482bee4

SHA1
89465ac4e51966ce3d69f196556604a7df28d6f1

SHA256
075ee19cf3c45393028b5deb4c078e1a71f2fb5f203d2ae312df5c3186b324fe

SHA512
48e0fd1ba7f73636a504a0e77c1e93ff03fd4aa1e53a503792e8856dd1ef3b54251cf9e03e9a1dd59609ad6b1147418c8fb1732774fbf26913c445445388ef08

Download Submit
C:\Windows\Temp\{8B132595-2CB9-4851-A59D-E18D7046A36A}\.cr\VC_redist.x86.exe
Filesize
634KB

MD5
7bd0b2d204d75012d3a9a9ce107c379e

SHA1
41edd6321965d48e11ecded3852eb32e3c13848d

SHA256
d4c6f5c74bbb45c4f33d9cb7ddce47226ea0a5ab90b8ff3f420b63a55c3f6dd2

SHA512
d85ac030ebb3ba4412e69b5693406fe87e46696ca2a926ef75b6f6438e16b0c7ed1342363098530cdceb4db8e50614f33f972f7995e4222313fcef036887d0f0

Download Submit
C:\Windows\Temp\{938F1408-DCB6-4AC8-8636-857CC301531B}\.ba\logo.png
Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Windows\Temp\{938F1408-DCB6-4AC8-8636-857CC301531B}\.ba\wixstdba.dll
Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
memory/1428-87-0x00007FF75D690000-0x00007FF75D788000-memory.dmp

Filesize
992KB

Download
memory/1428-88-0x00007FFB9AE30000-0x00007FFB9AE64000-memory.dmp

Filesize
208KB

Download
memory/1428-89-0x00007FFB89DF0000-0x00007FFB8A0A4000-memory.dmp

Filesize
2.7MB

Download
memory/1428-90-0x00007FFB9BDC0000-0x00007FFB9BDD8000-memory.dmp

Filesize
96KB

Download
memory/1428-91-0x00007FFB9BCD0000-0x00007FFB9BCE7000-memory.dmp

Filesize
92KB

Download
memory/1428-92-0x00007FFB9AEA0000-0x00007FFB9AEB1000-memory.dmp

Filesize
68KB

Download
memory/1428-93-0x00007FFB9ADD0000-0x00007FFB9ADE7000-memory.dmp

Filesize
92KB

Download
memory/1428-94-0x00007FFB9ABF0000-0x00007FFB9AC01000-memory.dmp

Filesize
68KB

Download
memory/1428-95-0x00007FFB97180000-0x00007FFB9719D000-memory.dmp

Filesize
116KB

Download
memory/1428-98-0x00007FFB91520000-0x00007FFB9155F000-memory.dmp

Filesize
252KB

Download
memory/1428-97-0x00007FFB89200000-0x00007FFB89400000-memory.dmp

Filesize
2.0MB

Download
memory/1428-96-0x00007FFB97160000-0x00007FFB97171000-memory.dmp

Filesize
68KB

Download
memory/1428-99-0x00007FFB88150000-0x00007FFB891FB000-memory.dmp

Filesize
16.7MB

Download
memory/1428-102-0x00007FFB90240000-0x00007FFB90251000-memory.dmp

Filesize
68KB

Download
memory/1428-101-0x00007FFB96E50000-0x00007FFB96E68000-memory.dmp

Filesize
96KB

Download
memory/1428-104-0x00007FFB90200000-0x00007FFB90211000-memory.dmp

Filesize
68KB

Download
memory/1428-103-0x00007FFB90220000-0x00007FFB90231000-memory.dmp

Filesize
68KB

Download
memory/1428-100-0x00007FFB914F0000-0x00007FFB91511000-memory.dmp

Filesize
132KB

Download
memory/1428-109-0x00007FFB880E0000-0x00007FFB88147000-memory.dmp

Filesize
412KB

Download
memory/1428-108-0x00007FFB8A7D0000-0x00007FFB8A800000-memory.dmp

Filesize
192KB

Download
memory/1428-107-0x00007FFB8F9B0000-0x00007FFB8F9C8000-memory.dmp

Filesize
96KB

Download
memory/1428-112-0x00007FFB88010000-0x00007FFB88066000-memory.dmp

Filesize
344KB

Download
memory/1428-114-0x00007FFB87FE0000-0x00007FFB88004000-memory.dmp

Filesize
144KB

Download
memory/1428-113-0x00007FFB8A780000-0x00007FFB8A7A8000-memory.dmp

Filesize
160KB

Download
memory/1428-111-0x00007FFB8A7B0000-0x00007FFB8A7C1000-memory.dmp

Filesize
68KB

Download
memory/1428-110-0x00007FFB88070000-0x00007FFB880DF000-memory.dmp

Filesize
444KB

Download
memory/1428-106-0x00007FFB8F9D0000-0x00007FFB8F9E1000-memory.dmp

Filesize
68KB

Download
memory/1428-105-0x00007FFB901E0000-0x00007FFB901FB000-memory.dmp

Filesize
108KB

Download
memory/1428-115-0x00007FFB87FC0000-0x00007FFB87FD7000-memory.dmp

Filesize
92KB

Download
memory/1428-116-0x00007FFB87F90000-0x00007FFB87FB3000-memory.dmp

Filesize
140KB

Download
memory/1428-117-0x00007FFB87F70000-0x00007FFB87F81000-memory.dmp

Filesize
68KB

Download
memory/1428-118-0x00007FFB87F50000-0x00007FFB87F62000-memory.dmp

Filesize
72KB

Download
memory/1428-119-0x00007FFB87F20000-0x00007FFB87F41000-memory.dmp

Filesize
132KB

Download
memory/1428-121-0x00007FFB87EE0000-0x00007FFB87EF2000-memory.dmp

Filesize
72KB

Download
memory/1428-120-0x00007FFB87F00000-0x00007FFB87F13000-memory.dmp

Filesize
76KB

Download
memory/1428-122-0x00007FFB87DA0000-0x00007FFB87EDB000-memory.dmp

Filesize
1.2MB

Download
memory/1428-123-0x00007FFB87D70000-0x00007FFB87D9C000-memory.dmp

Filesize
176KB

Download
memory/1428-124-0x00007FFB87BB0000-0x00007FFB87D62000-memory.dmp

Filesize
1.7MB

Download
memory/1428-125-0x00007FFB87B50000-0x00007FFB87BAC000-memory.dmp

Filesize
368KB

Download
memory/1428-126-0x00007FFB87B30000-0x00007FFB87B41000-memory.dmp

Filesize
68KB

Download
memory/1428-127-0x00007FFB87A90000-0x00007FFB87B27000-memory.dmp

Filesize
604KB

Download
memory/1428-128-0x00007FFB87A70000-0x00007FFB87A82000-memory.dmp

Filesize
72KB

Download
memory/1428-129-0x00007FFB87830000-0x00007FFB87A61000-memory.dmp

Filesize
2.2MB

Download
memory/1428-130-0x00007FFB87710000-0x00007FFB87822000-memory.dmp

Filesize
1.1MB

Download
memory/1428-131-0x00007FFB876D0000-0x00007FFB87705000-memory.dmp

Filesize
212KB

Download
memory/1428-136-0x00007FFB875D0000-0x00007FFB875E2000-memory.dmp

Filesize
72KB

Download
memory/1428-137-0x00007FFB875B0000-0x00007FFB875C3000-memory.dmp

Filesize
76KB

Download
memory/1428-138-0x00007FFB87510000-0x00007FFB875AF000-memory.dmp

Filesize
636KB

Download
memory/1428-139-0x00007FFB874F0000-0x00007FFB87501000-memory.dmp

Filesize
68KB

Download
memory/1428-135-0x00007FFB875F0000-0x00007FFB87601000-memory.dmp

Filesize
68KB

Download
memory/1428-134-0x000001AB5F310000-0x000001AB5F371000-memory.dmp

Filesize
388KB

Download
memory/1428-133-0x000001AB5F2F0000-0x000001AB5F301000-memory.dmp

Filesize
68KB

Download
memory/1428-132-0x00007FFB876A0000-0x00007FFB876C5000-memory.dmp

Filesize
148KB

Download
memory/1428-140-0x00007FFB873E0000-0x00007FFB874E2000-memory.dmp

Filesize
1.0MB

Download
memory/1428-141-0x00007FFB873C0000-0x00007FFB873D1000-memory.dmp

Filesize
68KB

Download
memory/1428-142-0x00007FFB873A0000-0x00007FFB873B1000-memory.dmp

Filesize
68KB

Download
memory/1428-143-0x00007FFB87380000-0x00007FFB87391000-memory.dmp

Filesize
68KB

Download
memory/1428-150-0x00007FFB87290000-0x00007FFB872A1000-memory.dmp

Filesize
68KB

Download
memory/1428-149-0x00007FFB872B0000-0x00007FFB872C1000-memory.dmp

Filesize
68KB

Download
memory/1428-148-0x00007FFB872D0000-0x00007FFB872E2000-memory.dmp

Filesize
72KB

Download
memory/1428-147-0x00007FFB872F0000-0x00007FFB87319000-memory.dmp

Filesize
164KB

Download
memory/1428-146-0x00007FFB87320000-0x00007FFB87336000-memory.dmp

Filesize
88KB

Download
memory/1428-145-0x00007FFB87340000-0x00007FFB87358000-memory.dmp

Filesize
96KB

Download
memory/1428-144-0x00007FFB87360000-0x00007FFB87372000-memory.dmp

Filesize
72KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads