ab66ae9108ab3ef95667ab1cc8ba055e8f2e3a0e04424142d82ef79442884c74

Analysis

max time kernel
42s
max time network
19s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
17/04/2024, 07:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

radvideo64.exe
Size

2.2MB
MD5

e85f39b4b7c1803d4a5a318202e98469
SHA1

c0faa77d12b743990424b48c838767a6dec46207
SHA256

1de07156418db3ccbb1d586c7567ea3cc0146b03f781e7cced83c821cc12d0f4
SHA512

679c80012df7cdd037c975ac6d506461dbe81e2928a1ba39a657888e2c4f7a5decebe31491c81b32d6622dc1a93513dfd06456cb60f5cff2b1ad22f2240a3834
SSDEEP

24576:jAKlimWjid+zvD8ASPWEEUp6ESttpCmzowz8fNIypeHCqueGtNZx/PoxtPWAkcc/:VjWja+WP6ttuhNtPeWNZx/An+2Q1

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 20 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	radvideo64.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	radvideo64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	radvideo64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	radvideo64.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	radvideo64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	radvideo64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	radvideo64.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000_Classes\Local Settings	radvideo64.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	radvideo64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f4225481e03947bc34db131e946b44c8dd50000	radvideo64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 9e0000001a00eebbfe23000010007db10d7bd29c934a973346cc89022e7c00002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbe7e47b3fbe4c93b4ba2bad3f5d3cd46f98207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000	radvideo64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\TV_FolderType = "{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}"	radvideo64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}"	radvideo64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\TV_TopViewVersion = "0"	radvideo64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	radvideo64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	radvideo64.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	radvideo64.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	radvideo64.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy	radvideo64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	radvideo64.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2316	radvideo64.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2316	radvideo64.exe

C:\Users\Admin\AppData\Local\Temp\radvideo64.exe
"C:\Users\Admin\AppData\Local\Temp\radvideo64.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2316-0-0x0000000007C60000-0x0000000007C70000-memory.dmp

Filesize
64KB

Download