55b7d24cefb8793f271bc910bc45dcdcd007d12655a1e311f25835fcbcd8affc

Analysis

max time kernel
35s
max time network
17s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30-04-2024 18:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bombaclat2.exe
Size

16.8MB
MD5

24669cf992c3daad92955430b133615c
SHA1

f2a90c7b952bb2c224224c5154b12083ecfdba84
SHA256

55b7d24cefb8793f271bc910bc45dcdcd007d12655a1e311f25835fcbcd8affc
SHA512

1de9a4e63ec73f46738b1afd0fa561156958c5b49e9735e6bd93db6e3399e80e944bf3771c23ab1485197e23580a96222d1c208c6730b37d16ee476baae20065
SSDEEP

393216:kmAzc28DEkMgP8AxYDwdQ2lR+9JCe48rBLFdxJd6o:k1D8D0bXsdQv9JCe48Fd

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2252	bombaclat2.exe
2252	bombaclat2.exe
2252	bombaclat2.exe
2252	bombaclat2.exe
2252	bombaclat2.exe
2252	bombaclat2.exe
2252	bombaclat2.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
380	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
380	vlc.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe

Suspicious use of SendNotifyMessage 37 IoCs

pid	Process
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe
380	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
380	vlc.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 2252	1908	bombaclat2.exe	28
PID 1908 wrote to memory of 2252	1908	bombaclat2.exe	28
PID 1908 wrote to memory of 2252	1908	bombaclat2.exe	28

C:\Users\Admin\AppData\Local\Temp\bombaclat2.exe
"C:\Users\Admin\AppData\Local\Temp\bombaclat2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Users\Admin\AppData\Local\Temp\bombaclat2.exe
  "C:\Users\Admin\AppData\Local\Temp\bombaclat2.exe"
  2⤵
  - Loads dropped DLL
  PID:2252

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\AddSkip.3gpp"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI19082\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
b4ddbd37774dfb7e830363e5322eef7a

SHA1
84586ba617f9c69f710bbe4ea8cdc713f2847fd6

SHA256
93cd0bcebb9216923aa65dd367e4d61e96abf4c7ebdcc607d1b98948c6440132

SHA512
f725602e613d1305c81273faae2ee5dd0f729faac70228d920596f11bb3e446cfb5cc27a1310151d159b8af544f5eaca12f8d0e988b3de5d3c3516af631e41d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19082\api-ms-win-core-file-l2-1-0.dll

Filesize
21KB

MD5
3d33809b15e4c5be123af92d077daa50

SHA1
28d676a1803544fd116cf9af208bece5acef4175

SHA256
18f0eff7867ef0f2840c4661958f8c368477d95cf45f6cd4b593d221275dbd3a

SHA512
6dbb828caf4dc29c14c8e30e4208b005c96d24260425e552512ab48869f8a7ef95e6d4314428a07c4afaa7594bd67b526109cb25b0fb5785e6fc9610c97c3735

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19082\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
6b83d4eb10cffd5f2b924d158bf49ac7

SHA1
b1739727be764ab9a28ce144afb1ee66b33572a7

SHA256
378b3d06d2bac4c1bbed114d12137ebaa8118ae602c97f57f866992617eb20e6

SHA512
01e532fb2d604b7fc49a30b1ac9829873399d130433a5c3885e448356b501334d49afffc77d23dccfa731b7a319e930c20db5a7d1f2dbeee9f891582afbd8ca5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19082\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
80fd27f237fd1b89e58ac6e0479067ea

SHA1
71d3af4414d1f134640d98c567fb7c8b3130e4e8

SHA256
daacea53ff46a34a84d10aefc9cafa97edd102b60d19a98cf655fcfd4a484d9d

SHA512
046efa819565515addb2e9a53fb5964f02ee69dfd67de13c7269718169c49b111557352285967c639dd827bbef86bf65e8a04dca22375b6bc35518d45184d944

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19082\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
2664cc03c9c88d3012e905b98475e80f

SHA1
69eefed9612943fb2cb1d8177df18a72dcad03c9

SHA256
fba01ae42c54b0abe17633f9e65d72a8374343d5960990b4cdf200abe839a583

SHA512
79406164a62c31bf5bad24781d26fbf135dab8570de7caf3bb7b8e3f987d98eb8b8cc07c71860af4a482a4656e6ed018e4d45d6cca5df51ebe7b16d036842a1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19082\python311.dll

Filesize
5.5MB

MD5
a72993488cecd88b3e19487d646f88f6

SHA1
5d359f4121e0be04a483f9ad1d8203ffc958f9a0

SHA256
aa1e959dcff75a343b448a797d8a5a041eb03b27565a30f70fd081df7a285038

SHA512
c895176784b9ac89c9b996c02ec0d0a3f7cd6ebf653a277c20dec104da6a11db084c53dd47c7b6653a448d877ad8e5e79c27db4ea6365ebb8ca2a78aa9c61b38

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19082\ucrtbase.dll

Filesize
1.1MB

MD5
55f2308bb0ac1bf91e8bb7f047045b58

SHA1
9a5f16cd17e44bc05b9d7ac6a6ee24b59126f842

SHA256
c29304964f5ad5b0c4050176cf82ee51214e55fe8bea58acf2685b60af4589e8

SHA512
ac715bbbf50ff43c28a556ae19d265ff56fff0ba35de91069cef07240af83338b90ea7e994d027a5acafbdd1e0fb6ae1d7288837d3ef9a2b43c7932c8ceb4042

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
73B

MD5
e4f6c2fda3da90af5e18891e12b7127f

SHA1
2f53db3a7f57ee45e0cb336b583946b7763a8d96

SHA256
10872c86432483eb6e12cfb0071cba0f8a175d9087cd43be5023b0ac71071639

SHA512
ccce30ca49326b7a75e2ae41069a0f788b96d941fcf5dc66b5a307d3a6d729899f820dcfaa2e5e3e0a4a7ec3f11266e83866c71377d0988a09888b87b129cd17

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

Filesize
17B

MD5
004982d6beee118c169289d03679a6f2

SHA1
50ec1749a04d5374b382129adc697680e6883722

SHA256
fb3f6d0efeb1d0eaafcedd60c75ef56100b1e704e5c8f0a2c48036780190d635

SHA512
8f68c135bed592f97d3a1a22f07d7a5e7a3f9ff1f6efb91d431082db52e19d8ed58aa48f63649e4c641ed0446cbfe053e4157eebde91ad70a39f4d5938bc4e25

Download Submit
memory/380-288-0x000007FEFAA10000-0x000007FEFAA44000-memory.dmp

Filesize
208KB

Download
memory/380-287-0x000000013F9B0000-0x000000013FAA8000-memory.dmp

Filesize
992KB

Download
memory/380-291-0x000007FEFAC70000-0x000007FEFAC87000-memory.dmp

Filesize
92KB

Download
memory/380-290-0x000007FEFBB20000-0x000007FEFBB38000-memory.dmp

Filesize
96KB

Download
memory/380-292-0x000007FEF8290000-0x000007FEF82A1000-memory.dmp

Filesize
68KB

Download
memory/380-293-0x000007FEF73A0000-0x000007FEF73B7000-memory.dmp

Filesize
92KB

Download
memory/380-294-0x000007FEF6A00000-0x000007FEF6A11000-memory.dmp

Filesize
68KB

Download
memory/380-295-0x000007FEF69E0000-0x000007FEF69FD000-memory.dmp

Filesize
116KB

Download
memory/380-296-0x000007FEF6900000-0x000007FEF6911000-memory.dmp

Filesize
68KB

Download
memory/380-289-0x000007FEF5E30000-0x000007FEF60E4000-memory.dmp

Filesize
2.7MB

Download
memory/380-298-0x000007FEF68C0000-0x000007FEF68FF000-memory.dmp

Filesize
252KB

Download
memory/380-297-0x000007FEF5C30000-0x000007FEF5E30000-memory.dmp

Filesize
2.0MB

Download
memory/380-301-0x000007FEF6870000-0x000007FEF6888000-memory.dmp

Filesize
96KB

Download
memory/380-300-0x000007FEF6890000-0x000007FEF68B1000-memory.dmp

Filesize
132KB

Download
memory/380-302-0x000007FEF4B60000-0x000007FEF4B71000-memory.dmp

Filesize
68KB

Download
memory/380-303-0x000007FEF4B40000-0x000007FEF4B51000-memory.dmp

Filesize
68KB

Download
memory/380-304-0x000007FEF4B20000-0x000007FEF4B31000-memory.dmp

Filesize
68KB

Download
memory/380-305-0x000007FEF4B00000-0x000007FEF4B1B000-memory.dmp

Filesize
108KB

Download
memory/380-306-0x000007FEF4AE0000-0x000007FEF4AF1000-memory.dmp

Filesize
68KB

Download
memory/380-307-0x000007FEF4AC0000-0x000007FEF4AD8000-memory.dmp

Filesize
96KB

Download
memory/380-308-0x000007FEF4A90000-0x000007FEF4AC0000-memory.dmp

Filesize
192KB

Download
memory/380-309-0x000007FEF4A20000-0x000007FEF4A87000-memory.dmp

Filesize
412KB

Download
memory/380-314-0x000007FEF48D0000-0x000007FEF48F4000-memory.dmp

Filesize
144KB

Download
memory/380-319-0x000007FEF2360000-0x000007FEF2381000-memory.dmp

Filesize
132KB

Download
memory/380-323-0x000007FEF1F30000-0x000007FEF1F5F000-memory.dmp

Filesize
188KB

Download
memory/380-322-0x000007FEFB1A0000-0x000007FEFB1B0000-memory.dmp

Filesize
64KB

Download
memory/380-324-0x000007FEF1F10000-0x000007FEF1F21000-memory.dmp

Filesize
68KB

Download
memory/380-321-0x000007FEF1F60000-0x000007FEF1F77000-memory.dmp

Filesize
92KB

Download
memory/380-325-0x000007FEF1EF0000-0x000007FEF1F06000-memory.dmp

Filesize
88KB

Download
memory/380-318-0x000007FEF4840000-0x000007FEF4852000-memory.dmp

Filesize
72KB

Download
memory/380-317-0x000007FEF4860000-0x000007FEF4871000-memory.dmp

Filesize
68KB

Download
memory/380-316-0x000007FEF4880000-0x000007FEF48A3000-memory.dmp

Filesize
140KB

Download
memory/380-315-0x000007FEF48B0000-0x000007FEF48C7000-memory.dmp

Filesize
92KB

Download
memory/380-320-0x000007FEF1F80000-0x000007FEF1F91000-memory.dmp

Filesize
68KB

Download
memory/380-313-0x000007FEF4900000-0x000007FEF4928000-memory.dmp

Filesize
160KB

Download
memory/380-312-0x000007FEF4930000-0x000007FEF4986000-memory.dmp

Filesize
344KB

Download
memory/380-311-0x000007FEF4990000-0x000007FEF49A1000-memory.dmp

Filesize
68KB

Download
memory/380-310-0x000007FEF49B0000-0x000007FEF4A1F000-memory.dmp

Filesize
444KB

Download
memory/380-326-0x000007FEF1DA0000-0x000007FEF1E65000-memory.dmp

Filesize
788KB

Download
memory/380-329-0x000007FEF1C40000-0x000007FEF1CAD000-memory.dmp

Filesize
436KB

Download
memory/380-328-0x000007FEF1CB0000-0x000007FEF1D12000-memory.dmp

Filesize
392KB

Download
memory/380-327-0x000007FEF1D20000-0x000007FEF1D95000-memory.dmp

Filesize
468KB

Download
memory/380-330-0x000007FEF1AC0000-0x000007FEF1C38000-memory.dmp

Filesize
1.5MB

Download
memory/380-299-0x000007FEF4B80000-0x000007FEF5C2B000-memory.dmp

Filesize
16.7MB

Download
memory/380-343-0x000007FEF5E30000-0x000007FEF60E4000-memory.dmp

Filesize
2.7MB

Download
memory/380-342-0x000007FEFAA10000-0x000007FEFAA44000-memory.dmp

Filesize
208KB

Download
memory/380-341-0x000000013F9B0000-0x000000013FAA8000-memory.dmp

Filesize
992KB

Download
memory/380-344-0x000007FEF4B80000-0x000007FEF5C2B000-memory.dmp

Filesize
16.7MB

Download