e53b9f8bf9dd191392bea6cd39798dcc290b60da48be5a3e5d96649db897b1a3

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/04/2024, 05:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Alundra (USA) (v1.1).7z
Size

258.6MB
MD5

0c040f422bd0ff94c3a9e0c6df3f52a7
SHA1

6f6656dd87852477fbbb4de961960fb32a2284b2
SHA256

e53b9f8bf9dd191392bea6cd39798dcc290b60da48be5a3e5d96649db897b1a3
SHA512

92a8de123e600c1fd66663f644eaec0a9cba01f99923ea1602434df0c3aca11ba535a34957a3c45795b388a0a30598de48cc3dac0f332c9b069becf1dd945dcc
SSDEEP

6291456:Kw4hJ4LJSNAXTCP3W3DKm/gAaP6w6fGJwek5NllxEyLHfh:b4hQ6AXTCfWDYF6u2HNlHF75

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2892	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2652	7zFM.exe
2892	vlc.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	2652	7zFM.exe
Token: 35	2652	7zFM.exe
Token: SeSecurityPrivilege	2652	7zFM.exe

Suspicious use of FindShellTrayWindow 16 IoCs

pid	Process
2652	7zFM.exe
2652	7zFM.exe
2892	vlc.exe
2892	vlc.exe
2892	vlc.exe
2892	vlc.exe
2892	vlc.exe
2892	vlc.exe
2892	vlc.exe
2892	vlc.exe
2892	vlc.exe
2892	vlc.exe
2892	vlc.exe
2892	vlc.exe
2892	vlc.exe
2892	vlc.exe

Suspicious use of SendNotifyMessage 13 IoCs

pid	Process
2892	vlc.exe
2892	vlc.exe
2892	vlc.exe
2892	vlc.exe
2892	vlc.exe
2892	vlc.exe
2892	vlc.exe
2892	vlc.exe
2892	vlc.exe
2892	vlc.exe
2892	vlc.exe
2892	vlc.exe
2892	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2892	vlc.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 2652	2092	cmd.exe	29
PID 2092 wrote to memory of 2652	2092	cmd.exe	29
PID 2092 wrote to memory of 2652	2092	cmd.exe	29

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Alundra (USA) (v1.1).7z"
1⤵
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Alundra (USA) (v1.1).7z"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2652

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\Alundra (USA) (v1.1).cue"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\Alundra (USA) (v1.1).cue

Filesize
86B

MD5
9320ab2f63f3efa4109479eca54795fc

SHA1
d7df45cc620f02c4e09e7c560180b69d4b292c37

SHA256
2b5af873b80bbeeae210574e8f5e5ed44f834a871dd4eccd08732707e242ea63

SHA512
8713cd6cc3d527e755532b3a01c4ba616ecf4a6d66e4d1035cd50bf122b18c234714614ca77743ad968413b01970eb622f96a55ce0f33544bbfbd4f940bb69c3

Download Submit
memory/2892-40-0x000007FEF75F0000-0x000007FEF7624000-memory.dmp

Filesize
208KB

Download
memory/2892-39-0x000000013F980000-0x000000013FA78000-memory.dmp

Filesize
992KB

Download
memory/2892-43-0x000007FEF8340000-0x000007FEF8357000-memory.dmp

Filesize
92KB

Download
memory/2892-44-0x000007FEF7540000-0x000007FEF7551000-memory.dmp

Filesize
68KB

Download
memory/2892-42-0x000007FEFB730000-0x000007FEFB748000-memory.dmp

Filesize
96KB

Download
memory/2892-45-0x000007FEF7520000-0x000007FEF7537000-memory.dmp

Filesize
92KB

Download
memory/2892-46-0x000007FEF7500000-0x000007FEF7511000-memory.dmp

Filesize
68KB

Download
memory/2892-48-0x000007FEF6CC0000-0x000007FEF6CD1000-memory.dmp

Filesize
68KB

Download
memory/2892-47-0x000007FEF74E0000-0x000007FEF74FD000-memory.dmp

Filesize
116KB

Download
memory/2892-41-0x000007FEF61A0000-0x000007FEF6454000-memory.dmp

Filesize
2.7MB

Download
memory/2892-49-0x000007FEF5FA0000-0x000007FEF61A0000-memory.dmp

Filesize
2.0MB

Download
memory/2892-53-0x000007FEF6C30000-0x000007FEF6C48000-memory.dmp

Filesize
96KB

Download
memory/2892-56-0x000007FEF69A0000-0x000007FEF69B1000-memory.dmp

Filesize
68KB

Download
memory/2892-61-0x000007FEF6820000-0x000007FEF6887000-memory.dmp

Filesize
412KB

Download
memory/2892-66-0x000007FEF4DF0000-0x000007FEF4E14000-memory.dmp

Filesize
144KB

Download
memory/2892-65-0x000007FEF67D0000-0x000007FEF67F8000-memory.dmp

Filesize
160KB

Download
memory/2892-64-0x000007FEF4E20000-0x000007FEF4E76000-memory.dmp

Filesize
344KB

Download
memory/2892-68-0x000007FEF4DA0000-0x000007FEF4DC3000-memory.dmp

Filesize
140KB

Download
memory/2892-67-0x000007FEF4DD0000-0x000007FEF4DE7000-memory.dmp

Filesize
92KB

Download
memory/2892-63-0x000007FEF6800000-0x000007FEF6811000-memory.dmp

Filesize
68KB

Download
memory/2892-69-0x000007FEF4D80000-0x000007FEF4D91000-memory.dmp

Filesize
68KB

Download
memory/2892-72-0x000007FEF4150000-0x000007FEF4168000-memory.dmp

Filesize
96KB

Download
memory/2892-71-0x000007FEF4170000-0x000007FEF4182000-memory.dmp

Filesize
72KB

Download
memory/2892-70-0x000007FEF4D60000-0x000007FEF4D72000-memory.dmp

Filesize
72KB

Download
memory/2892-62-0x000007FEF4E80000-0x000007FEF4EEF000-memory.dmp

Filesize
444KB

Download
memory/2892-60-0x000007FEF6890000-0x000007FEF68C0000-memory.dmp

Filesize
192KB

Download
memory/2892-59-0x000007FEF68C0000-0x000007FEF68D8000-memory.dmp

Filesize
96KB

Download
memory/2892-57-0x000007FEF6980000-0x000007FEF699B000-memory.dmp

Filesize
108KB

Download
memory/2892-55-0x000007FEF6BB0000-0x000007FEF6BC1000-memory.dmp

Filesize
68KB

Download
memory/2892-54-0x000007FEF6C10000-0x000007FEF6C21000-memory.dmp

Filesize
68KB

Download
memory/2892-52-0x000007FEF6C50000-0x000007FEF6C71000-memory.dmp

Filesize
132KB

Download
memory/2892-58-0x000007FEF6960000-0x000007FEF6971000-memory.dmp

Filesize
68KB

Download
memory/2892-51-0x000007FEF6C80000-0x000007FEF6CBF000-memory.dmp

Filesize
252KB

Download
memory/2892-50-0x000007FEF4EF0000-0x000007FEF5F9B000-memory.dmp

Filesize
16.7MB

Download
memory/2892-85-0x000007FEF61A0000-0x000007FEF6454000-memory.dmp

Filesize
2.7MB

Download
memory/2892-84-0x000007FEF75F0000-0x000007FEF7624000-memory.dmp

Filesize
208KB

Download
memory/2892-83-0x000000013F980000-0x000000013FA78000-memory.dmp

Filesize
992KB

Download
memory/2892-86-0x000007FEF4EF0000-0x000007FEF5F9B000-memory.dmp

Filesize
16.7MB

Download