Overview

overview

8

Static

static

1

zvuk-zapus...hi.mp3

windows7-x64

8

Resubmissions

20-04-2024 14:30

240420-rvdlwaaf52 6

20-04-2024 13:33

240420-qtlqesad8v 8

Analysis

  • max time kernel
    1034s
  • max time network
    840s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    20-04-2024 13:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    zvuk-zapuska-vindyi-na-polnuyu-gromkost-300-beregite-ushi.mp3

  • Size

    122KB

  • MD5

    04036f7c8deaf3a5e1a24c59cb9dc222

  • SHA1

    609f633b9f941b28470a07476fab087e4057e7ca

  • SHA256

    bce8dce5992cc7449446b242c822089d0e2afb15eb1d9ecb88ddc81f9dc909da

  • SHA512

    95facecfba70b1478c6380384b086b4006e07f8828f00c7c1cc8ebbf738a3fd4918aa33558c711bed82e1bb1ec47428967a2cdf59c141399bc2f6a094aaa14c5

  • SSDEEP

    3072:QRmclzFNCYulIU5I0UKthAUVB4SNiR3vTMBaYyof+kzKa:Q4iFNelIU5teUVB4ciJAf+kz9

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 5 IoCs
    persistence
  • Drops desktop.ini file(s) 8 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 1 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 17 IoCs
  • Suspicious use of SendNotifyMessage 15 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 37 IoCs

Processes

  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\zvuk-zapuska-vindyi-na-polnuyu-gromkost-300-beregite-ushi.mp3"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:3044
  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1568
    • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
      "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2968
      • C:\Windows\SysWOW64\unregmp2.exe
        C:\Windows\system32\unregmp2.exe /ShowWMP /SetShowState /CreateMediaLibrary
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1436
        • C:\Windows\system32\unregmp2.exe
          "C:\Windows\SysNative\unregmp2.exe" /ShowWMP /SetShowState /CreateMediaLibrary /REENTRANT
          4⤵
          • Modifies Installed Components in the registry
          • Drops desktop.ini file(s)
          • Drops file in Program Files directory
          • Modifies registry class
          PID:1932
      • C:\Windows\SysWOW64\unregmp2.exe
        "C:\Windows\system32\unregmp2.exe" /PerformIndivIfNeeded
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1640
        • C:\Windows\system32\unregmp2.exe
          "C:\Windows\SysNative\unregmp2.exe" /PerformIndivIfNeeded /REENTRANT
          4⤵
            PID:1504
        • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
          "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Relaunch /prefetch:1
          3⤵
          • Drops desktop.ini file(s)
          • Enumerates connected drives
          • Modifies registry class
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:1532
          • C:\Program Files (x86)\Windows Media Player\wmpshare.exe
            "C:\Program Files (x86)\Windows Media Player\wmpshare.exe"
            4⤵
              PID:1876

      Network

      MITRE ATT&CK Matrix ATT&CK v13

      Initial Access

      Execution

      Persistence

      Boot or Logon Autostart Execution

      1
      T1547

      Registry Run Keys / Startup Folder

      1
      T1547.001

      Privilege Escalation

      Boot or Logon Autostart Execution

      1
      T1547

      Registry Run Keys / Startup Folder

      1
      T1547.001

      Defense Evasion

      Modify Registry

      1
      T1112

      Credential Access

      Discovery

      Query Registry

      1
      T1012

      Peripheral Device Discovery

      1
      T1120

      System Information Discovery

      1
      T1082

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Resource Development

      Reconnaissance

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{F2F4A097-3EE4-438F-A010-532E56F78CD9}.jpg
        Filesize

        22KB

        MD5

        35e787587cd3fa8ed360036c9fca3df2

        SHA1

        84c76a25c6fe336f6559c033917a4c327279886d

        SHA256

        98c49a68ee578e10947209ebc17c0ad188ed39c7d0c91a2b505f317259c0c9b2

        SHA512

        aeec3eed5a52670f4cc35935005bb04bb435964a1975e489b8e101adfbce278142fd1a6c475860b7ccb414afe5e24613361a66d92f457937de9b21a7a112e1f9

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{F4368822-DA6B-4059-AA24-C3B0C0063AB0}.jpg
        Filesize

        23KB

        MD5

        fd5fd28e41676618aac733b243ad54db

        SHA1

        b2d69ad6a2e22c30ef1806ac4f990790c3b44763

        SHA256

        a26544648ef8ceffad6c789a3677031be3c515918627d7c8f8e0587d3033c431

        SHA512

        4c32623796679be7066b719f231d08d24341784ecfd5d6461e8140379f5b394216e446865df56e05b5f1e36962c9d34d2b5041275366aeabcd606f4536217fe4

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb
        Filesize

        1.0MB

        MD5

        5797eeeb543a2d30d42e83444a4e64ca

        SHA1

        d76837c7888fa8a8fbc0557420613c372a8553ee

        SHA256

        b6431588485938bddcf7878b6e856ea6c2396a5f662f37ca77d44933bf877613

        SHA512

        c4875d9e51e26b09aa1c5d9eae3662d64dbac0d4c76feb13002a1e4c8e0664fcbaf8f26ed465739f85c5544995fb506ed2c19a6d876f8b872628fcc1d66c4370

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\tmp19612.WMC\allservices.xml
        Filesize

        546B

        MD5

        df03e65b8e082f24dab09c57bc9c6241

        SHA1

        6b0dacbf38744c9a381830e6a5dc4c71bd7cedbf

        SHA256

        155b9c588061c71832af329fafa5678835d9153b8fbb7592195ae953d0c455ba

        SHA512

        ef1cc8d27fbc5da5daab854c933d3914b84ee539d4d2f0126dc1a04a830c5599e39a923c80257653638b1b99b0073a7174cc164be5887181730883c752ba2f99

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\tmp23918.WMC\serviceinfo.xml
        Filesize

        523B

        MD5

        d58da90d6dc51f97cb84dfbffe2b2300

        SHA1

        5f86b06b992a3146cb698a99932ead57a5ec4666

        SHA256

        93acdb79543d9248ca3fca661f3ac287e6004e4b3dafd79d4c4070794ffbf2ad

        SHA512

        7f1e95e5aa4c8a0e4c967135c78f22f4505f2a48bbc619924d0096bf4a94d469389b9e8488c12edacfba819517b8376546687d1145660ad1f49d8c20a744e636

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
        Filesize

        3KB

        MD5

        e8e61a265f64c3f2fe42cfb11dd223df

        SHA1

        dd52e52c58b0c2b37a4503a8e463defd171e9f55

        SHA256

        28585eac1022f6d5e79643e7524a3b6696c76cff7715a5daf15f80068c96fcc1

        SHA512

        f0ba5ca031c1da82e18380c9b2bb54e36d9b79552874c8549c0da4c54930c17575a91a4030b590301990f54b30313a6a0270097b1b5d780219de29154a82c94b

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
        Filesize

        4KB

        MD5

        762ea66233900ba873ad6ce463a1e740

        SHA1

        f23a5fb269cdf50b1afb4cfd287a6ae6f922e2bf

        SHA256

        532f45791fb1503d2464dfe96f8fb1b6783d401c95ff05db2add07d67476ba9a

        SHA512

        ef315bf7b70c0691e583ed5a14ac94923606245ab3b6179e01e09dc50d8c12cfc88743150e26e54a770f4ac433d79e51a1e6b9be55dd98f55822c7e6fb035c2b

        Download Submit
      • C:\Users\Public\Music\Sample Music\AlbumArt_{5FA05D35-A682-4AF6-96F7-0773E42D4D16}_Large.jpg
        Filesize

        32KB

        MD5

        84bba83cfbc0233517407678bb842686

        SHA1

        1c617de788de380d28c52dc733ad580c3745a1c1

        SHA256

        6ecf98adb3cd0931ec803f3a56a9563c7d60bb86ec1886b21e3d0f7eb25198d9

        SHA512

        a6a80c00a28c43c1c427018e6fb6dac4682d299d2f50202f520af0b1bca803546c850f04094ed2f532ff8775f6d45f2a40e4f5e069937bcaa0326a80bd818e0e

        Download Submit
      • memory/1504-618-0x000007FEF65C0000-0x000007FEF6691000-memory.dmp
        Filesize

        836KB

        Download
      • memory/1504-606-0x000007FEF6230000-0x000007FEF6358000-memory.dmp
        Filesize

        1.2MB

        Download
      • memory/1504-617-0x000007FEF6230000-0x000007FEF6358000-memory.dmp
        Filesize

        1.2MB

        Download
      • memory/1504-604-0x000007FEF7100000-0x000007FEF71C2000-memory.dmp
        Filesize

        776KB

        Download
      • memory/1504-616-0x000007FEF7100000-0x000007FEF71C2000-memory.dmp
        Filesize

        776KB

        Download
      • memory/1504-607-0x000007FEF65C0000-0x000007FEF6691000-memory.dmp
        Filesize

        836KB

        Download
      • memory/1532-689-0x00000000730B0000-0x00000000731A1000-memory.dmp
        Filesize

        964KB

        Download
      • memory/1532-690-0x0000000003CC0000-0x0000000003CCA000-memory.dmp
        Filesize

        40KB

        Download
      • memory/1532-691-0x0000000000650000-0x0000000000651000-memory.dmp
        Filesize

        4KB

        Download
      • memory/1532-704-0x00000000730B0000-0x00000000731A1000-memory.dmp
        Filesize

        964KB

        Download
      • memory/1532-705-0x0000000003CC0000-0x0000000003CCA000-memory.dmp
        Filesize

        40KB

        Download
      • memory/1532-620-0x0000000000650000-0x0000000000651000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3044-40-0x000007FEF48B0000-0x000007FEF48C2000-memory.dmp
        Filesize

        72KB

        Download
      • memory/3044-51-0x000007FEF2FA0000-0x000007FEF2FB1000-memory.dmp
        Filesize

        68KB

        Download
      • memory/3044-22-0x000007FEF65B0000-0x000007FEF65C1000-memory.dmp
        Filesize

        68KB

        Download
      • memory/3044-23-0x000007FEF6590000-0x000007FEF65AB000-memory.dmp
        Filesize

        108KB

        Download
      • memory/3044-24-0x000007FEF6340000-0x000007FEF6351000-memory.dmp
        Filesize

        68KB

        Download
      • memory/3044-25-0x000007FEF6320000-0x000007FEF6338000-memory.dmp
        Filesize

        96KB

        Download
      • memory/3044-26-0x000007FEF62F0000-0x000007FEF6320000-memory.dmp
        Filesize

        192KB

        Download
      • memory/3044-27-0x000007FEF6280000-0x000007FEF62E7000-memory.dmp
        Filesize

        412KB

        Download
      • memory/3044-28-0x000007FEF6210000-0x000007FEF627F000-memory.dmp
        Filesize

        444KB

        Download
      • memory/3044-29-0x000007FEF61F0000-0x000007FEF6201000-memory.dmp
        Filesize

        68KB

        Download
      • memory/3044-30-0x000007FEF4AF0000-0x000007FEF4B07000-memory.dmp
        Filesize

        92KB

        Download
      • memory/3044-31-0x000007FEF4AD0000-0x000007FEF4AE1000-memory.dmp
        Filesize

        68KB

        Download
      • memory/3044-32-0x000007FEF4A70000-0x000007FEF4AC7000-memory.dmp
        Filesize

        348KB

        Download
      • memory/3044-33-0x000007FEF4A40000-0x000007FEF4A6F000-memory.dmp
        Filesize

        188KB

        Download
      • memory/3044-35-0x000007FEF4A00000-0x000007FEF4A11000-memory.dmp
        Filesize

        68KB

        Download
      • memory/3044-34-0x000007FEF4A20000-0x000007FEF4A33000-memory.dmp
        Filesize

        76KB

        Download
      • memory/3044-36-0x000007FEF4930000-0x000007FEF49F5000-memory.dmp
        Filesize

        788KB

        Download
      • memory/3044-37-0x000007FEF4910000-0x000007FEF4922000-memory.dmp
        Filesize

        72KB

        Download
      • memory/3044-38-0x000007FEF48F0000-0x000007FEF4901000-memory.dmp
        Filesize

        68KB

        Download
      • memory/3044-39-0x000007FEF48D0000-0x000007FEF48E4000-memory.dmp
        Filesize

        80KB

        Download
      • memory/3044-20-0x000007FEF65F0000-0x000007FEF6601000-memory.dmp
        Filesize

        68KB

        Download
      • memory/3044-42-0x000007FEF4870000-0x000007FEF488E000-memory.dmp
        Filesize

        120KB

        Download
      • memory/3044-41-0x000007FEF4890000-0x000007FEF48A4000-memory.dmp
        Filesize

        80KB

        Download
      • memory/3044-43-0x000007FEF4850000-0x000007FEF4866000-memory.dmp
        Filesize

        88KB

        Download
      • memory/3044-44-0x000007FEF4830000-0x000007FEF4845000-memory.dmp
        Filesize

        84KB

        Download
      • memory/3044-45-0x000007FEF4810000-0x000007FEF4824000-memory.dmp
        Filesize

        80KB

        Download
      • memory/3044-46-0x000007FEF47E0000-0x000007FEF480C000-memory.dmp
        Filesize

        176KB

        Download
      • memory/3044-49-0x000007FEF4770000-0x000007FEF4787000-memory.dmp
        Filesize

        92KB

        Download
      • memory/3044-48-0x000007FEF4790000-0x000007FEF47C0000-memory.dmp
        Filesize

        192KB

        Download
      • memory/3044-47-0x000007FEF47C0000-0x000007FEF47D2000-memory.dmp
        Filesize

        72KB

        Download
      • memory/3044-50-0x000007FEF2FC0000-0x000007FEF4770000-memory.dmp
        Filesize

        23.7MB

        Download
      • memory/3044-21-0x000007FEF65D0000-0x000007FEF65E1000-memory.dmp
        Filesize

        68KB

        Download
      • memory/3044-52-0x000007FEF2F80000-0x000007FEF2F92000-memory.dmp
        Filesize

        72KB

        Download
      • memory/3044-53-0x000007FEF2E00000-0x000007FEF2F78000-memory.dmp
        Filesize

        1.5MB

        Download
      • memory/3044-54-0x000007FEF2DE0000-0x000007FEF2DF7000-memory.dmp
        Filesize

        92KB

        Download
      • memory/3044-55-0x000007FEF2D80000-0x000007FEF2DD6000-memory.dmp
        Filesize

        344KB

        Download
      • memory/3044-56-0x000007FEF2D50000-0x000007FEF2D78000-memory.dmp
        Filesize

        160KB

        Download
      • memory/3044-57-0x000007FEF2D20000-0x000007FEF2D44000-memory.dmp
        Filesize

        144KB

        Download
      • memory/3044-58-0x000007FEFAF00000-0x000007FEFAF10000-memory.dmp
        Filesize

        64KB

        Download
      • memory/3044-59-0x000007FEF2D00000-0x000007FEF2D16000-memory.dmp
        Filesize

        88KB

        Download
      • memory/3044-62-0x000007FEF2BA0000-0x000007FEF2C0D000-memory.dmp
        Filesize

        436KB

        Download
      • memory/3044-61-0x000007FEF2C10000-0x000007FEF2C72000-memory.dmp
        Filesize

        392KB

        Download
      • memory/3044-19-0x000007FEF6610000-0x000007FEF6628000-memory.dmp
        Filesize

        96KB

        Download
      • memory/3044-17-0x000007FEF6660000-0x000007FEF669F000-memory.dmp
        Filesize

        252KB

        Download
      • memory/3044-18-0x000007FEF6630000-0x000007FEF6651000-memory.dmp
        Filesize

        132KB

        Download
      • memory/3044-16-0x000007FEF4B10000-0x000007FEF4D10000-memory.dmp
        Filesize

        2.0MB

        Download
      • memory/3044-15-0x000007FEF4D10000-0x000007FEF5DBB000-memory.dmp
        Filesize

        16.7MB

        Download
      • memory/3044-14-0x000007FEF6710000-0x000007FEF6721000-memory.dmp
        Filesize

        68KB

        Download
      • memory/3044-13-0x000007FEF7040000-0x000007FEF705D000-memory.dmp
        Filesize

        116KB

        Download
      • memory/3044-12-0x000007FEF7060000-0x000007FEF7071000-memory.dmp
        Filesize

        68KB

        Download
      • memory/3044-11-0x000007FEF7080000-0x000007FEF7097000-memory.dmp
        Filesize

        92KB

        Download
      • memory/3044-10-0x000007FEF7EA0000-0x000007FEF7EB1000-memory.dmp
        Filesize

        68KB

        Download
      • memory/3044-9-0x000007FEFAE60000-0x000007FEFAE77000-memory.dmp
        Filesize

        92KB

        Download
      • memory/3044-8-0x000007FEFB290000-0x000007FEFB2A8000-memory.dmp
        Filesize

        96KB

        Download
      • memory/3044-7-0x000007FEF5DC0000-0x000007FEF6074000-memory.dmp
        Filesize

        2.7MB

        Download
      • memory/3044-6-0x000007FEFAE10000-0x000007FEFAE44000-memory.dmp
        Filesize

        208KB

        Download
      • memory/3044-5-0x000000013F0C0000-0x000000013F1B8000-memory.dmp
        Filesize

        992KB

        Download
      • memory/3044-60-0x000007FEF2C80000-0x000007FEF2CF5000-memory.dmp
        Filesize

        468KB

        Download
      • memory/3044-63-0x000007FEF2B80000-0x000007FEF2B95000-memory.dmp
        Filesize

        84KB

        Download
      • memory/3044-65-0x000007FEF2B20000-0x000007FEF2B32000-memory.dmp
        Filesize

        72KB

        Download
      • memory/3044-64-0x000007FEF2B40000-0x000007FEF2B51000-memory.dmp
        Filesize

        68KB

        Download
      • memory/3044-66-0x000007FEF29A0000-0x000007FEF2B1A000-memory.dmp
        Filesize

        1.5MB

        Download