Malware Analysis Report

2025-01-02 07:52

Sample ID 240509-zbk6lsgd26
Target 2023-11-15 20-48-56.mp4
SHA256 93da68a3c1c40a9f76351b3fa152818e82e0e854459d47c404bffd461334fc6a
Tags
privateloader loader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

93da68a3c1c40a9f76351b3fa152818e82e0e854459d47c404bffd461334fc6a

Threat Level: Known bad

The file 2023-11-15 20-48-56.mp4 was found to be: Known bad.

Malicious Activity Summary

privateloader loader

PrivateLoader

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-09 20:32

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 20:32

Reported

2024-05-09 20:35

Platform

win7-20240508-ja

Max time kernel

81s

Max time network

17s

Command Line

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\2023-11-15 20-48-56.mp4"

Signatures

PrivateLoader

loader privateloader

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Processes

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\2023-11-15 20-48-56.mp4"

Network

N/A

Files

memory/1624-8-0x000007FEFAD10000-0x000007FEFAD44000-memory.dmp

memory/1624-7-0x000000013F5F0000-0x000000013F6E8000-memory.dmp

memory/1624-12-0x000007FEF7B50000-0x000007FEF7B61000-memory.dmp

memory/1624-16-0x000007FEF7AD0000-0x000007FEF7AE1000-memory.dmp

memory/1624-15-0x000007FEF7AF0000-0x000007FEF7B0D000-memory.dmp

memory/1624-9-0x000007FEF6180000-0x000007FEF6436000-memory.dmp

memory/1624-14-0x000007FEF7B10000-0x000007FEF7B21000-memory.dmp

memory/1624-13-0x000007FEF7B30000-0x000007FEF7B47000-memory.dmp

memory/1624-11-0x000007FEFAE20000-0x000007FEFAE37000-memory.dmp

memory/1624-10-0x000007FEFBB80000-0x000007FEFBB98000-memory.dmp

memory/1624-17-0x000007FEF5F70000-0x000007FEF617B000-memory.dmp

memory/1624-18-0x000007FEF7A80000-0x000007FEF7AC1000-memory.dmp

memory/1624-23-0x000007FEF78F0000-0x000007FEF7901000-memory.dmp

memory/1624-27-0x000007FEF6D50000-0x000007FEF6D68000-memory.dmp

memory/1624-30-0x000007FEF67F0000-0x000007FEF686C000-memory.dmp

memory/1624-32-0x000007FEF4E60000-0x000007FEF4EB7000-memory.dmp

memory/1624-34-0x000007FEF67D0000-0x000007FEF67E7000-memory.dmp

memory/1624-19-0x000007FEF4EC0000-0x000007FEF5F70000-memory.dmp

memory/1624-33-0x000007FEF4CE0000-0x000007FEF4E60000-memory.dmp

memory/1624-31-0x000007FEF6D00000-0x000007FEF6D11000-memory.dmp

memory/1624-29-0x000007FEF6870000-0x000007FEF68D7000-memory.dmp

memory/1624-28-0x000007FEF6D20000-0x000007FEF6D50000-memory.dmp

memory/1624-26-0x000007FEF6D70000-0x000007FEF6D81000-memory.dmp

memory/1624-25-0x000007FEF78A0000-0x000007FEF78BB000-memory.dmp

memory/1624-24-0x000007FEF78C0000-0x000007FEF78D1000-memory.dmp

memory/1624-22-0x000007FEF7990000-0x000007FEF79A1000-memory.dmp

memory/1624-21-0x000007FEF79B0000-0x000007FEF79C8000-memory.dmp

memory/1624-20-0x000007FEF79D0000-0x000007FEF79F1000-memory.dmp

memory/1624-39-0x000007FEF31C0000-0x000007FEF320D000-memory.dmp

memory/1624-38-0x000007FEF3210000-0x000007FEF3252000-memory.dmp

memory/1624-40-0x000007FEF3050000-0x000007FEF31BB000-memory.dmp

memory/1624-45-0x000007FEF2D30000-0x000007FEF2D46000-memory.dmp

memory/1624-44-0x000007FEF2D50000-0x000007FEF2D61000-memory.dmp

memory/1624-43-0x000007FEF2D70000-0x000007FEF2D9F000-memory.dmp

memory/1624-42-0x000007FEFAFA0000-0x000007FEFAFB0000-memory.dmp

memory/1624-41-0x000007FEF2FF0000-0x000007FEF3047000-memory.dmp

memory/1624-35-0x000007FEF3470000-0x000007FEF4CDF000-memory.dmp

memory/1624-37-0x000007FEF67B0000-0x000007FEF67C2000-memory.dmp

memory/1624-36-0x000007FEF3260000-0x000007FEF3466000-memory.dmp

memory/1624-48-0x000007FEF2BA0000-0x000007FEF2C02000-memory.dmp

memory/1624-47-0x000007FEF2C10000-0x000007FEF2C52000-memory.dmp

memory/1624-49-0x000007FEF2B80000-0x000007FEF2B95000-memory.dmp

memory/1624-46-0x000007FEF2C60000-0x000007FEF2D25000-memory.dmp

memory/1624-52-0x000007FEF28B0000-0x000007FEF28C2000-memory.dmp

memory/1624-51-0x000007FEF26F0000-0x000007FEF2701000-memory.dmp

memory/1624-50-0x000007FEF28D0000-0x000007FEF2B80000-memory.dmp

memory/1624-56-0x000007FEF2350000-0x000007FEF2361000-memory.dmp

memory/1624-55-0x000007FEF26A0000-0x000007FEF26C3000-memory.dmp

memory/1624-54-0x000007FEF26D0000-0x000007FEF26E5000-memory.dmp

memory/1624-57-0x000007FEF22E0000-0x000007FEF2341000-memory.dmp

memory/1624-58-0x000007FEF2290000-0x000007FEF22D7000-memory.dmp

memory/1624-53-0x000007FEF2730000-0x000007FEF28AA000-memory.dmp

memory/1624-59-0x000007FEF2210000-0x000007FEF2284000-memory.dmp

memory/1624-62-0x000007FEEFE40000-0x000007FEEFE97000-memory.dmp

memory/1624-63-0x000007FEEFE00000-0x000007FEEFE34000-memory.dmp

memory/1624-61-0x000007FEEFEA0000-0x000007FEEFEEE000-memory.dmp

memory/1624-60-0x000007FEF20A0000-0x000007FEF20B1000-memory.dmp

memory/1624-66-0x000007FEF6180000-0x000007FEF6436000-memory.dmp