Overview

overview

3

Static

static

1

Stardock W...m].rar

windows10-1703-x64

3

Stardock W...m].rar

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-05-2024 00:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Stardock WindowBlinds 11.02 (x64) [PeskTop.com].rar

  • Size

    68.9MB

  • MD5

    1ea63fb3c6d4d61cf4934f2c3d701f62

  • SHA1

    45d3924a3d426419293ea2f0bfb1c05c6a9e8185

  • SHA256

    8f29698c20852d8aeafe00be38a687a7727d9d47bfba1bab8bcd89fc57f65278

  • SHA512

    4315088154d060ee2f2e78df64daa47fbe93be30ff60e56e4857c4298e905a37460d5250bebe56979f9e4101c981f344000e9acd4fa2474861a1cd7e224a99b9

  • SSDEEP

    1572864:55JE5d91VmfaU4dSIfX5l9a0PL9SUyvQqq0kK8mxprEcr:55mfHVmft4dSrkSUy19kKJprEY

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 22 IoCs
  • Suspicious use of SendNotifyMessage 21 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Stardock WindowBlinds 11.02 (x64) [PeskTop.com].rar"
    1⤵
    • Modifies registry class
    PID:4388
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2880
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Stardock WindowBlinds 11.02 (x64) [PeskTop.com].rar"
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:5056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.Ax5056
    Filesize

    139B

    MD5

    fa7753cb591052df9dbecb02c534a6f4

    SHA1

    4067e51aaf5102c57395631c75a73f0867d0ee08

    SHA256

    61c6117833186296f17cfd14a21569c99fedfb2f76b6c355ca3bc51abe300adf

    SHA512

    1054030ba7be51b9199b61979fc88b9cc73a1f64e4560e2a46f908175f73f8b2bacb81aa9b32b95b63eb690139db7335137c0567de0b301ec5ac8a07c8e9a9ec

    Download Submit

  • memory/5056-29-0x00007FFDD6670000-0x00007FFDD66A4000-memory.dmp

    Filesize

    208KB

    Download

  • memory/5056-28-0x00007FF7BA990000-0x00007FF7BAA88000-memory.dmp

    Filesize

    992KB

    Download

  • memory/5056-30-0x00007FFDD4900000-0x00007FFDD4BB6000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/5056-31-0x00007FFDD3850000-0x00007FFDD4900000-memory.dmp

    Filesize

    16.7MB

    Download