Resubmissions

08/05/2024, 20:54

240508-zp39cafa8v 3

08/05/2024, 20:54

240508-zpv8qshe76 8

Analysis

  • max time kernel
    144s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    08/05/2024, 20:54

General

  • Target

    4VGn41i.rar

  • Size

    15.6MB

  • MD5

    929404f5beeff2bb071bf734c6876bb6

  • SHA1

    8cf3da10245e99705ce70beb883aca70db032490

  • SHA256

    b2a909fe089d1e70a8e67b048dd1dcc9884bcedafd02a9a32135530088720f7e

  • SHA512

    ea3a6607f22e48e1fc601814126e873d773c1a2527147995429a28b2c2771853af9e1983b9477d310e0237691121b84b0e03f82f0668b634b1e84943c3695fde

  • SSDEEP

    393216:8ldJw8WDSALid+uGVWDvpVzZ836ioGE7ywkX8MB9/SfdRzTp9:8KPOpDQ8GgYVB96fdRH

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\4VGn41i.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1924
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\4VGn41i.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2632
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\4VGn41i.rar
        3⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2720
        • C:\Program Files\VideoLAN\VLC\vlc.exe
          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\4VGn41i.rar"
          4⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:2576

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2576-30-0x000007FEFA8F0000-0x000007FEFA924000-memory.dmp

          Filesize

          208KB

        • memory/2576-29-0x000000013F6B0000-0x000000013F7A8000-memory.dmp

          Filesize

          992KB

        • memory/2576-33-0x000007FEFA8B0000-0x000007FEFA8C7000-memory.dmp

          Filesize

          92KB

        • memory/2576-37-0x000007FEF78F0000-0x000007FEF790D000-memory.dmp

          Filesize

          116KB

        • memory/2576-36-0x000007FEF7B70000-0x000007FEF7B81000-memory.dmp

          Filesize

          68KB

        • memory/2576-35-0x000007FEFA870000-0x000007FEFA887000-memory.dmp

          Filesize

          92KB

        • memory/2576-34-0x000007FEFA890000-0x000007FEFA8A1000-memory.dmp

          Filesize

          68KB

        • memory/2576-31-0x000007FEF5A10000-0x000007FEF5CC6000-memory.dmp

          Filesize

          2.7MB

        • memory/2576-32-0x000007FEFA8D0000-0x000007FEFA8E8000-memory.dmp

          Filesize

          96KB

        • memory/2576-39-0x000007FEF78D0000-0x000007FEF78E1000-memory.dmp

          Filesize

          68KB

        • memory/2576-38-0x000007FEF56D0000-0x000007FEF58DB000-memory.dmp

          Filesize

          2.0MB

        • memory/2576-40-0x000007FEF6D80000-0x000007FEF6DC1000-memory.dmp

          Filesize

          260KB

        • memory/2576-42-0x000007FEF6D50000-0x000007FEF6D71000-memory.dmp

          Filesize

          132KB

        • memory/2576-43-0x000007FEF6D30000-0x000007FEF6D48000-memory.dmp

          Filesize

          96KB

        • memory/2576-44-0x000007FEF6D10000-0x000007FEF6D21000-memory.dmp

          Filesize

          68KB

        • memory/2576-45-0x000007FEF6120000-0x000007FEF6131000-memory.dmp

          Filesize

          68KB

        • memory/2576-46-0x000007FEF6100000-0x000007FEF6111000-memory.dmp

          Filesize

          68KB

        • memory/2576-47-0x000007FEF60E0000-0x000007FEF60FB000-memory.dmp

          Filesize

          108KB

        • memory/2576-55-0x000007FEF5550000-0x000007FEF5578000-memory.dmp

          Filesize

          160KB

        • memory/2576-48-0x000007FEF60C0000-0x000007FEF60D1000-memory.dmp

          Filesize

          68KB

        • memory/2576-49-0x000007FEF60A0000-0x000007FEF60B8000-memory.dmp

          Filesize

          96KB

        • memory/2576-62-0x000007FEF6E20000-0x000007FEF6E77000-memory.dmp

          Filesize

          348KB

        • memory/2576-41-0x000007FEF3FE0000-0x000007FEF5090000-memory.dmp

          Filesize

          16.7MB

        • memory/2576-61-0x000007FEF6E80000-0x000007FEF6E91000-memory.dmp

          Filesize

          68KB

        • memory/2576-60-0x000007FEF5490000-0x000007FEF54A2000-memory.dmp

          Filesize

          72KB

        • memory/2576-59-0x000007FEF54B0000-0x000007FEF54C1000-memory.dmp

          Filesize

          68KB

        • memory/2576-58-0x000007FEF54D0000-0x000007FEF54F3000-memory.dmp

          Filesize

          140KB

        • memory/2576-57-0x000007FEF5500000-0x000007FEF5518000-memory.dmp

          Filesize

          96KB

        • memory/2576-56-0x000007FEF5520000-0x000007FEF5544000-memory.dmp

          Filesize

          144KB

        • memory/2576-54-0x000007FEF5580000-0x000007FEF55D7000-memory.dmp

          Filesize

          348KB

        • memory/2576-53-0x000007FEF6050000-0x000007FEF6061000-memory.dmp

          Filesize

          68KB

        • memory/2576-52-0x000007FEF55E0000-0x000007FEF565C000-memory.dmp

          Filesize

          496KB

        • memory/2576-51-0x000007FEF5660000-0x000007FEF56C7000-memory.dmp

          Filesize

          412KB

        • memory/2576-50-0x000007FEF6070000-0x000007FEF60A0000-memory.dmp

          Filesize

          192KB