cf798a7400592909303c9a47f7ef3a7f0aecb20a03bf51ccaa9528fb90bcaa87

Analysis

max time kernel
28s
max time network
16s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dll_injector32.exe
Size

335KB
MD5

899de6f7d13cedab53eba18764c5af9a
SHA1

590ee04270212f9e5329b1c938e24f4d3ce84dbb
SHA256

cf798a7400592909303c9a47f7ef3a7f0aecb20a03bf51ccaa9528fb90bcaa87
SHA512

ab09ef30630db09e72a22275bb1f6f4cf0db8d58d801c6e64820a0cb8888696f7734b83e379b6f5a9f1bd0eccd9a2862931695e46587cdab3bb5cfe41b6193c1
SSDEEP

6144:iEHBYLyhigSCvaiVf5RlZE6s7SI8CcNAO6wZenQ:iyBAb1CvJ5RDEBuxenQ

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

vlc.exevlc.exe

pid process

2496 vlc.exe
2036 vlc.exe
Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

vlc.exevlc.exe

pid process

2496 vlc.exe
2036 vlc.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

vlc.exevlc.exe

pid	process
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2036	vlc.exe
2036	vlc.exe
2036	vlc.exe
2036	vlc.exe
2036	vlc.exe
2036	vlc.exe
2036	vlc.exe
2036	vlc.exe
2036	vlc.exe
2036	vlc.exe

Suspicious use of SendNotifyMessage 23 IoCs

Processes:

vlc.exevlc.exe

pid	process
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2496	vlc.exe
2036	vlc.exe
2036	vlc.exe
2036	vlc.exe
2036	vlc.exe
2036	vlc.exe
2036	vlc.exe
2036	vlc.exe
2036	vlc.exe
2036	vlc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

vlc.exevlc.exe

pid process

2496 vlc.exe
2036 vlc.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

dll_injector32.exe

description	pid	process	target process
PID 2240 wrote to memory of 1100	2240	dll_injector32.exe	cmd.exe
PID 2240 wrote to memory of 1100	2240	dll_injector32.exe	cmd.exe
PID 2240 wrote to memory of 1100	2240	dll_injector32.exe	cmd.exe
PID 2240 wrote to memory of 1100	2240	dll_injector32.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\dll_injector32.exe
"C:\Users\Admin\AppData\Local\Temp\dll_injector32.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c pause
  2⤵
  PID:1100

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2112

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\ExitRead.3gp2"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\ApproveStep.mp2"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\vlc\ml.xspf

Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
531B

MD5
c3c2ba01217f2a4b3f37ed253f9b2d6a

SHA1
cbfb05911713bc950de61c294a4cb35929e887d4

SHA256
2d373663b7148728a259d9215b2417c6922326ff71f10be6a90e9e3d10a6e290

SHA512
1278c450fd1fdf7f064bb191a8d49b2943c21256e37e64babd5e44c5ae2b1ba19919790bde604741168340f987f0d57cc543997f2b69c81a3a5b76c8323f5db1

Download Submit
memory/2036-37-0x000007FEF5A80000-0x000007FEF5AB4000-memory.dmp

Filesize
208KB

Download
memory/2036-36-0x000000013FDC0000-0x000000013FEB8000-memory.dmp

Filesize
992KB

Download
memory/2036-38-0x000007FEF5480000-0x000007FEF5734000-memory.dmp

Filesize
2.7MB

Download
memory/2036-39-0x000007FEF4DE0000-0x000007FEF4EF2000-memory.dmp

Filesize
1.1MB

Download
memory/2036-40-0x000007FEF3D30000-0x000007FEF4DDB000-memory.dmp

Filesize
16.7MB

Download
memory/2496-17-0x000000013F480000-0x000000013F578000-memory.dmp

Filesize
992KB

Download
memory/2496-18-0x000007FEF5BC0000-0x000007FEF5BF4000-memory.dmp

Filesize
208KB

Download
memory/2496-19-0x000007FEF5900000-0x000007FEF5BB4000-memory.dmp

Filesize
2.7MB

Download
memory/2496-20-0x000007FEF43D0000-0x000007FEF547B000-memory.dmp

Filesize
16.7MB

Download