Overview

overview

6

Static

static

1

Goofy%20So...29.rar

windows7-x64

3

Goofy%20So...29.rar

windows10-2004-x64

3

Goofy Soun...sh.wav

windows7-x64

1

Goofy Soun...sh.wav

windows10-2004-x64

6

Goofy Soun... 1.wav

windows7-x64

1

Goofy Soun... 1.wav

windows10-2004-x64

6

Goofy Soun... 2.wav

windows7-x64

1

Goofy Soun... 2.wav

windows10-2004-x64

6

Goofy Soun...il.wav

windows7-x64

1

Goofy Soun...il.wav

windows10-2004-x64

6

Goofy Soun...ry.wav

windows7-x64

1

Goofy Soun...ry.wav

windows10-2004-x64

6

Goofy Soun... 1.wav

windows7-x64

1

Goofy Soun... 1.wav

windows10-2004-x64

6

Goofy Soun... 2.wav

windows7-x64

1

Goofy Soun... 2.wav

windows10-2004-x64

6

Goofy Soun...op.wav

windows7-x64

1

Goofy Soun...op.wav

windows10-2004-x64

6

Goofy Soun...on.wav

windows7-x64

1

Goofy Soun...on.wav

windows10-2004-x64

6

Goofy Soun...ke.wav

windows7-x64

1

Goofy Soun...ke.wav

windows10-2004-x64

6

Goofy Soun...ds.wav

windows7-x64

1

Goofy Soun...ds.wav

windows10-2004-x64

6

Goofy Soun...te.wav

windows7-x64

1

Goofy Soun...te.wav

windows10-2004-x64

6

Goofy Soun...ye.wav

windows7-x64

1

Goofy Soun...ye.wav

windows10-2004-x64

6

Goofy Soun... 1.wav

windows7-x64

1

Goofy Soun... 1.wav

windows10-2004-x64

6

Goofy Soun... 2.wav

windows7-x64

1

Goofy Soun... 2.wav

windows10-2004-x64

6

Analysis

  • max time kernel
    1725s
  • max time network
    1153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/05/2024, 05:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Goofy Sounds Sample Pack (200+ Sounds Version)/Bite.wav

  • Size

    82KB

  • MD5

    2a9aeb730e0d856ed4a23bcf75201c54

  • SHA1

    25fb6f2389bdfd7e010734145786fd43c67a333d

  • SHA256

    b203b7162a85c0a9e5a0e0f5f7c9910b8d74c787018cb790c62499dbb4b5957a

  • SHA512

    cb6cb1635c06f9ccdac273727f0aff6ff825d02a0dfd8fa34c5c218bb20ad9d1b18a4289cc813a1149a6a9a477e0f3602371b04e4882677d5cd264b7c1652596

  • SSDEEP

    1536:+thOIMLvNrOeGdrJ2PvojhhkAJbosh1i6kw5jQwVsdw53ATDH:mhr0NOLrJokc8EQi6ow00Af

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Users\Admin\AppData\Local\Temp\Goofy Sounds Sample Pack (200+ Sounds Version)\Bite.wav"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1232
    • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
      "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Users\Admin\AppData\Local\Temp\Goofy Sounds Sample Pack (200+ Sounds Version)\Bite.wav"
      2⤵
        PID:4428
      • C:\Windows\SysWOW64\unregmp2.exe
        "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1748
        • C:\Windows\system32\unregmp2.exe
          "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
          3⤵
          • Enumerates connected drives
          • Suspicious use of AdjustPrivilegeToken
          PID:4220

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
      Filesize

      384KB

      MD5

      063793e4ba784832026ec8bc3528f7f1

      SHA1

      687d03823d7ab8954826f753a645426cff3c5db4

      SHA256

      cb153cb703aea1ba1afe2614cffb086fa781646a285c5ac37354ee933a29cedd

      SHA512

      225910c24052dfdf7fca574b12ecef4eb68e990167010f80d7136f03ac6e7faa33233685cbf37b38ee626bb22ff3afeee39e597080e429be3ec241fb30af40c6

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
      Filesize

      9KB

      MD5

      7050d5ae8acfbe560fa11073fef8185d

      SHA1

      5bc38e77ff06785fe0aec5a345c4ccd15752560e

      SHA256

      cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

      SHA512

      a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
      Filesize

      1KB

      MD5

      86340f8e32ea0a19da057d5cafb69d1a

      SHA1

      bef6126ac6ded72ce3382d25fc87c59a88a5ff62

      SHA256

      fb26b93e0b4c8c24a0095817c2a879f695747c23384d86a73a9b94238ead01c5

      SHA512

      1d5744492ecd324b965ce7b6450867b9ff828e9bc2d54543259f158ccc140f56b39cfa5fee972e0ca67a7fe5f3b69275d3ee770dfba18895d9c01a8f8a4010ed

      Download Submit