dc0826657a005009f43bdc3a0933d08352f8b22b2b9b961697a2db6e9913e871

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 12:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VencordInstaller.exe
Size

9.9MB
MD5

1b8ee61ddcfd1d425821d76ea54ca829
SHA1

f8daf2bea3d4a6bfc99455d69c3754054de3baa5
SHA256

dc0826657a005009f43bdc3a0933d08352f8b22b2b9b961697a2db6e9913e871
SHA512

75ba16ddc75564e84f5d248326908065942ad50631ec30d7952069caee15b8c5411a8802d25d38e9d80e042f1dde97a0326f4ab4f1c90f8e4b81396ca69c229a
SSDEEP

98304:jmPUf5A91QP5oToUsbeRwcyHekFeSpc12EKw+KVktWHBLmpTN5huJd3kMerGpNTt:SqqQP5oKswpLi3gOW

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	POWERPNT.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	POWERPNT.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
64	vlc.exe
4300	POWERPNT.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
64	vlc.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
64	vlc.exe
64	vlc.exe
64	vlc.exe
64	vlc.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
64	vlc.exe
64	vlc.exe
64	vlc.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3524	VencordInstaller.exe
64	vlc.exe
4300	POWERPNT.EXE
4300	POWERPNT.EXE
4300	POWERPNT.EXE
4300	POWERPNT.EXE

C:\Users\Admin\AppData\Local\Temp\VencordInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\VencordInstaller.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3524

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SetFormat.3gp"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:64

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\Desktop\ResolveSplit.odp" /ou ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/64-9-0x00007FFF23D30000-0x00007FFF23D64000-memory.dmp

Filesize
208KB

Download
memory/64-8-0x00007FF7E6020000-0x00007FF7E6118000-memory.dmp

Filesize
992KB

Download
memory/64-10-0x00007FFF10AB0000-0x00007FFF10D66000-memory.dmp

Filesize
2.7MB

Download
memory/64-11-0x00007FFF0F090000-0x00007FFF10140000-memory.dmp

Filesize
16.7MB

Download
memory/3524-0-0x00007FF6BFAC0000-0x00007FF6C0D39000-memory.dmp

Filesize
18.5MB

Download
memory/4300-15-0x00007FFEEE9B0000-0x00007FFEEE9C0000-memory.dmp

Filesize
64KB

Download
memory/4300-14-0x00007FFEEE9B0000-0x00007FFEEE9C0000-memory.dmp

Filesize
64KB

Download
memory/4300-13-0x00007FFEEE9B0000-0x00007FFEEE9C0000-memory.dmp

Filesize
64KB

Download
memory/4300-12-0x00007FFEEE9B0000-0x00007FFEEE9C0000-memory.dmp

Filesize
64KB

Download
memory/4300-16-0x00007FFEEE9B0000-0x00007FFEEE9C0000-memory.dmp

Filesize
64KB

Download
memory/4300-17-0x00007FFEEC7C0000-0x00007FFEEC7D0000-memory.dmp

Filesize
64KB

Download
memory/4300-18-0x00007FFEEC7C0000-0x00007FFEEC7D0000-memory.dmp

Filesize
64KB

Download
memory/4300-39-0x00007FFEEE9B0000-0x00007FFEEE9C0000-memory.dmp

Filesize
64KB

Download
memory/4300-38-0x00007FFEEE9B0000-0x00007FFEEE9C0000-memory.dmp

Filesize
64KB

Download
memory/4300-37-0x00007FFEEE9B0000-0x00007FFEEE9C0000-memory.dmp

Filesize
64KB

Download
memory/4300-36-0x00007FFEEE9B0000-0x00007FFEEE9C0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads