fbf95b923fa87ab5f16233b7d8d22825a5f4ddafd3d2aa8977803419a79448ec

General

Target

AWB DOCUMENT.rar
Size

42KB
MD5

d92d6e05193b5033b8c67324ae2c076f
SHA1

b0d3fd972a2c19dcdd8024459849ee60c23a906e
SHA256

fbf95b923fa87ab5f16233b7d8d22825a5f4ddafd3d2aa8977803419a79448ec
SHA512

40b61938564679bdfd4d57c9fdd62ae8f8cd3bc3c59555646f40bea98e69784b78be1ada39061be25c5560b3e0b0c9e6381bf2eb53b2a3c28d03450e11ad7eed
SSDEEP

768:ja5MtjHffstfbJ9nernOKR/zzk9qgpXKIRdWI5Y19HnyZ:jLtLsRbLertkwYnkDnc

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Modifies registry class 1 IoCs

Processes:

rundll32.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000_Classes\Local Settings rundll32.exe
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

vlc.exe

pid process

2540 vlc.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

vlc.exe

pid process

2540 vlc.exe
Suspicious use of FindShellTrayWindow 8 IoCs

Processes:

vlc.exe

pid process

2540 vlc.exe
2540 vlc.exe
2540 vlc.exe
2540 vlc.exe
2540 vlc.exe
2540 vlc.exe
2540 vlc.exe
2540 vlc.exe
Suspicious use of SendNotifyMessage 7 IoCs

Processes:

vlc.exe

pid process

2540 vlc.exe
2540 vlc.exe
2540 vlc.exe
2540 vlc.exe
2540 vlc.exe
2540 vlc.exe
2540 vlc.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

vlc.exe

pid process

2540 vlc.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000_Classes\Local Settings	rundll32.exe

pid	process
2540	vlc.exe

pid	process
2540	vlc.exe

pid	process
2540	vlc.exe
2540	vlc.exe
2540	vlc.exe
2540	vlc.exe
2540	vlc.exe
2540	vlc.exe
2540	vlc.exe
2540	vlc.exe

pid	process
2540	vlc.exe
2540	vlc.exe
2540	vlc.exe
2540	vlc.exe
2540	vlc.exe
2540	vlc.exe
2540	vlc.exe

pid	process
2540	vlc.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

cmd.exerundll32.exe

description	pid	process	target process
PID 2192 wrote to memory of 2632	2192	cmd.exe	rundll32.exe
PID 2192 wrote to memory of 2632	2192	cmd.exe	rundll32.exe
PID 2192 wrote to memory of 2632	2192	cmd.exe	rundll32.exe
PID 2632 wrote to memory of 2540	2632	rundll32.exe	vlc.exe
PID 2632 wrote to memory of 2540	2632	rundll32.exe	vlc.exe
PID 2632 wrote to memory of 2540	2632	rundll32.exe	vlc.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\AWB DOCUMENT.rar"
1⤵
- Suspicious use of WriteProcessMemory
PID:2192

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\AWB DOCUMENT.rar
2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2632

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\AWB DOCUMENT.rar"
3⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2540

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2540-29-0x000000013FC20000-0x000000013FD18000-memory.dmp

Filesize
992KB

Download
memory/2540-30-0x000007FEFA9D0000-0x000007FEFAA04000-memory.dmp

Filesize
208KB

Download
memory/2540-31-0x000007FEF5AD0000-0x000007FEF5D86000-memory.dmp

Filesize
2.7MB

Download
memory/2540-32-0x000007FEFB0D0000-0x000007FEFB0E8000-memory.dmp

Filesize
96KB

Download
memory/2540-33-0x000007FEFA9B0000-0x000007FEFA9C7000-memory.dmp

Filesize
92KB

Download
memory/2540-34-0x000007FEF74E0000-0x000007FEF74F1000-memory.dmp

Filesize
68KB

Download
memory/2540-35-0x000007FEF72B0000-0x000007FEF72C7000-memory.dmp

Filesize
92KB

Download
memory/2540-36-0x000007FEF7220000-0x000007FEF7231000-memory.dmp

Filesize
68KB

Download
memory/2540-37-0x000007FEF7200000-0x000007FEF721D000-memory.dmp

Filesize
116KB

Download
memory/2540-38-0x000007FEF6CE0000-0x000007FEF6CF1000-memory.dmp

Filesize
68KB

Download
memory/2540-39-0x000007FEF4A20000-0x000007FEF5AD0000-memory.dmp

Filesize
16.7MB

Download
memory/2540-40-0x000007FEF4810000-0x000007FEF4A1B000-memory.dmp

Filesize
2.0MB

Download
memory/2540-41-0x000007FEF6C90000-0x000007FEF6CD1000-memory.dmp

Filesize
260KB

Download
memory/2540-42-0x000007FEF6C60000-0x000007FEF6C81000-memory.dmp

Filesize
132KB

Download
memory/2540-43-0x000007FEF66E0000-0x000007FEF66F8000-memory.dmp

Filesize
96KB

Download
memory/2540-44-0x000007FEF66C0000-0x000007FEF66D1000-memory.dmp

Filesize
68KB

Download
memory/2540-45-0x000007FEF6680000-0x000007FEF6691000-memory.dmp

Filesize
68KB

Download
memory/2540-47-0x000007FEF61D0000-0x000007FEF61EB000-memory.dmp

Filesize
108KB

Download
memory/2540-49-0x000007FEF6190000-0x000007FEF61A8000-memory.dmp

Filesize
96KB

Download
memory/2540-50-0x000007FEF6160000-0x000007FEF6190000-memory.dmp

Filesize
192KB

Download
memory/2540-51-0x000007FEF46D0000-0x000007FEF4737000-memory.dmp

Filesize
412KB

Download
memory/2540-48-0x000007FEF61B0000-0x000007FEF61C1000-memory.dmp

Filesize
68KB

Download
memory/2540-46-0x000007FEF61F0000-0x000007FEF6201000-memory.dmp

Filesize
68KB

Download
memory/2540-52-0x000007FEF3E30000-0x000007FEF3EAC000-memory.dmp

Filesize
496KB

Download
memory/2540-53-0x000007FEF3A60000-0x000007FEF3A71000-memory.dmp

Filesize
68KB

Download
memory/2540-54-0x000007FEF3A00000-0x000007FEF3A57000-memory.dmp

Filesize
348KB

Download
memory/2540-55-0x000007FEF3960000-0x000007FEF3988000-memory.dmp

Filesize
160KB

Download
memory/2540-56-0x000007FEF3930000-0x000007FEF3954000-memory.dmp

Filesize
144KB

Download
memory/2540-57-0x000007FEF3910000-0x000007FEF3928000-memory.dmp

Filesize
96KB

Download
memory/2540-58-0x000007FEF38E0000-0x000007FEF3903000-memory.dmp

Filesize
140KB

Download
memory/2540-59-0x000007FEF38C0000-0x000007FEF38D1000-memory.dmp

Filesize
68KB

Download
memory/2540-60-0x000007FEF38A0000-0x000007FEF38B2000-memory.dmp

Filesize
72KB

Download
memory/2540-61-0x000007FEF3870000-0x000007FEF3891000-memory.dmp

Filesize
132KB

Download
memory/2540-62-0x000007FEF3850000-0x000007FEF3863000-memory.dmp

Filesize
76KB

Download
memory/2540-63-0x000007FEF3830000-0x000007FEF3842000-memory.dmp

Filesize
72KB

Download
memory/2540-64-0x000007FEF36F0000-0x000007FEF382B000-memory.dmp

Filesize
1.2MB

Download
memory/2540-65-0x000007FEF36C0000-0x000007FEF36EC000-memory.dmp

Filesize
176KB

Download
memory/2540-66-0x000007FEF3500000-0x000007FEF36BA000-memory.dmp

Filesize
1.7MB

Download
memory/2540-67-0x000007FEF34A0000-0x000007FEF34FC000-memory.dmp

Filesize
368KB

Download
memory/2540-68-0x000007FEF3230000-0x000007FEF3241000-memory.dmp

Filesize
68KB

Download
memory/2540-69-0x000007FEF3190000-0x000007FEF3228000-memory.dmp

Filesize
608KB

Download
memory/2540-70-0x000007FEF3070000-0x000007FEF3082000-memory.dmp

Filesize
72KB

Download
memory/2540-71-0x000007FEF2CD0000-0x000007FEF2F23000-memory.dmp

Filesize
2.3MB

Download
memory/2540-72-0x000007FEF2BC0000-0x000007FEF2CCE000-memory.dmp

Filesize
1.1MB

Download
memory/2540-73-0x000007FEF2B80000-0x000007FEF2BB5000-memory.dmp

Filesize
212KB

Download
memory/2540-74-0x000007FEF2B50000-0x000007FEF2B75000-memory.dmp

Filesize
148KB

Download
memory/2540-75-0x000007FEF2B30000-0x000007FEF2B41000-memory.dmp

Filesize
68KB

Download
memory/2540-76-0x000007FEF2A10000-0x000007FEF2B23000-memory.dmp

Filesize
1.1MB

Download
memory/2540-77-0x000007FEF29F0000-0x000007FEF2A01000-memory.dmp

Filesize
68KB

Download
memory/2540-78-0x000007FEF29D0000-0x000007FEF29E2000-memory.dmp

Filesize
72KB

Download
memory/2540-79-0x000007FEF29B0000-0x000007FEF29C3000-memory.dmp

Filesize
76KB

Download
memory/2540-80-0x000007FEF2910000-0x000007FEF29B0000-memory.dmp

Filesize
640KB

Download
memory/2540-81-0x000007FEF28F0000-0x000007FEF2901000-memory.dmp

Filesize
68KB

Download
memory/2540-82-0x000007FEF27F0000-0x000007FEF28EF000-memory.dmp

Filesize
1020KB

Download
memory/2540-83-0x000007FEF27D0000-0x000007FEF27E1000-memory.dmp

Filesize
68KB

Download
memory/2540-84-0x000007FEF27B0000-0x000007FEF27C1000-memory.dmp

Filesize
68KB

Download
memory/2540-85-0x000007FEF2790000-0x000007FEF27A1000-memory.dmp

Filesize
68KB

Download
memory/2540-86-0x000007FEF2770000-0x000007FEF2782000-memory.dmp

Filesize
72KB

Download
memory/2540-87-0x000007FEF2750000-0x000007FEF2768000-memory.dmp

Filesize
96KB

Download
memory/2540-88-0x000007FEF2730000-0x000007FEF2746000-memory.dmp

Filesize
88KB

Download
memory/2540-89-0x000007FEF2700000-0x000007FEF272A000-memory.dmp

Filesize
168KB

Download
memory/2540-90-0x000007FEF26E0000-0x000007FEF26F2000-memory.dmp

Filesize
72KB

Download
memory/2540-91-0x000007FEF26C0000-0x000007FEF26D1000-memory.dmp

Filesize
68KB

Download
memory/2540-92-0x000007FEF26A0000-0x000007FEF26B1000-memory.dmp

Filesize
68KB

Download

Analysis

Sharing