Overview

overview

6

Static

static

3

[ASL]_Fear...s].rar

windows7-x64

3

[ASL]_Fear...s].rar

windows10-2004-x64

3

[ASL] Fear...e.flac

windows7-x64

1

[ASL] Fear...e.flac

windows10-2004-x64

6

[ASL] Fear...n.flac

windows7-x64

1

[ASL] Fear...n.flac

windows10-2004-x64

6

[ASL] Fear...er.jpg

windows7-x64

1

[ASL] Fear...er.jpg

windows10-2004-x64

3

[ASL] Fear...01.jpg

windows7-x64

1

[ASL] Fear...01.jpg

windows10-2004-x64

3

[ASL] Fear...02.jpg

windows7-x64

1

[ASL] Fear...02.jpg

windows10-2004-x64

3

[ASL] Fear...03.jpg

windows7-x64

1

[ASL] Fear...03.jpg

windows10-2004-x64

3

[ASL] Fear...04.jpg

windows7-x64

1

[ASL] Fear...04.jpg

windows10-2004-x64

3

[ASL] Fear...05.jpg

windows7-x64

1

[ASL] Fear...05.jpg

windows10-2004-x64

3

[ASL] Fear...06.jpg

windows7-x64

1

[ASL] Fear...06.jpg

windows10-2004-x64

3

[ASL] Fear...07.jpg

windows7-x64

1

[ASL] Fear...07.jpg

windows10-2004-x64

3

[ASL] Fear...08.jpg

windows7-x64

1

[ASL] Fear...08.jpg

windows10-2004-x64

3

[ASL] Fear...09.jpg

windows7-x64

1

[ASL] Fear...09.jpg

windows10-2004-x64

3

[ASL] Fear...e!.url

windows7-x64

1

[ASL] Fear...e!.url

windows10-2004-x64

1

[ASL] Fear...se.nfo

windows7-x64

1

[ASL] Fear...se.nfo

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-04-2024 14:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]/02 Break Out Your Stained Brain.flac

  • Size

    26.3MB

  • MD5

    85d40d6e1af9d259fbbff2e05c6b261b

  • SHA1

    53ba0fb88c12595394d138b73d05fa1ee344396e

  • SHA256

    95cef5d4e323ca53ef415f04138fe8f484c574ee5b52a45f48aa432a04b391d8

  • SHA512

    fe32498daa62bc533f2a036b73c25caf977ad07e848ef44f59acd6cb35647487b15317621bd92c8c2726de7043ce38630e07b2fe86406a7bdc942ac69e79c437

  • SSDEEP

    393216:pcR4at/GKmsj0ir6ekXu/9ZWX3b/n3NsAJsYjqGy18Mj5eqby:pMRGKmsZPkXufw3b/3CAJsYjSB0qby

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\02 Break Out Your Stained Brain.flac"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4676
    • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
      "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\[ASL] Fear, and Loathing in Las Vegas - Hunter x Hunter ED - Just Awake [FLAC] [w Scans]\02 Break Out Your Stained Brain.flac"
      2⤵
        PID:3724
      • C:\Windows\SysWOW64\unregmp2.exe
        "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1472
        • C:\Windows\system32\unregmp2.exe
          "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
          3⤵
          • Enumerates connected drives
          • Suspicious use of AdjustPrivilegeToken
          PID:4468

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Query Registry

    1
    T1012

    Peripheral Device Discovery

    1
    T1120

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
      Filesize

      64KB

      MD5

      987a07b978cfe12e4ce45e513ef86619

      SHA1

      22eec9a9b2e83ad33bedc59e3205f86590b7d40c

      SHA256

      f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8

      SHA512

      39b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
      Filesize

      9KB

      MD5

      7050d5ae8acfbe560fa11073fef8185d

      SHA1

      5bc38e77ff06785fe0aec5a345c4ccd15752560e

      SHA256

      cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

      SHA512

      a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
      Filesize

      1KB

      MD5

      9ed8945f9f73531bae8bf3eca3a89fd8

      SHA1

      a18f57efcb7cc43b44544df71c4b4190f7118712

      SHA256

      2040d00992933f49987b8184630834c3ac945d55354caeddddf3f7412d50abe1

      SHA512

      7c2b5498c58128d65350a1fe4bd07a869b588d4fb38e14a3ac53e8ffdbff7aad8a64db2a4b8906b91d7b8d2f8ae5d88055fb910c7b164082c378119e40ebfa5d

      Download Submit