Overview
overview
10Static
static
7SpySheriff.zip
windows7-x64
1SpySheriff.zip
windows10-2004-x64
1IESecurity.dll
windows7-x64
6IESecurity.dll
windows10-2004-x64
6ProcMon.dll
windows7-x64
1ProcMon.dll
windows10-2004-x64
1ReadME.txt
windows7-x64
1ReadME.txt
windows10-2004-x64
1SpySheriff.dvm
windows7-x64
3SpySheriff.dvm
windows10-2004-x64
3SpySheriff.exe
windows7-x64
7SpySheriff.exe
windows10-2004-x64
7Uninstall.exe
windows7-x64
1Uninstall.exe
windows10-2004-x64
1base.avd
windows7-x64
3base.avd
windows10-2004-x64
3base001.avd
windows7-x64
3base001.avd
windows10-2004-x64
3base002.avd
windows7-x64
3base002.avd
windows10-2004-x64
3found.wav
windows7-x64
1found.wav
windows10-2004-x64
6heur000.dll
windows7-x64
1heur000.dll
windows10-2004-x64
1heur001.dll
windows7-x64
1heur001.dll
windows10-2004-x64
1heur002.dll
windows7-x64
4heur002.dll
windows10-2004-x64
4heur003.dll
windows7-x64
10heur003.dll
windows10-2004-x64
10notfound.wav
windows7-x64
1notfound.wav
windows10-2004-x64
6Analysis
-
max time kernel
140s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
24-05-2024 20:20
Behavioral task
behavioral1
Sample
SpySheriff.zip
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
SpySheriff.zip
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
IESecurity.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
IESecurity.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
ProcMon.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
ProcMon.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
ReadME.txt
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
ReadME.txt
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
SpySheriff.dvm
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
SpySheriff.dvm
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
SpySheriff.exe
Resource
win7-20240419-en
Behavioral task
behavioral12
Sample
SpySheriff.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
Uninstall.exe
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
Uninstall.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
base.avd
Resource
win7-20240220-en
Behavioral task
behavioral16
Sample
base.avd
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
base001.avd
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
base001.avd
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
base002.avd
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
base002.avd
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
found.wav
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
found.wav
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
heur000.dll
Resource
win7-20240215-en
Behavioral task
behavioral24
Sample
heur000.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
heur001.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
heur001.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
heur002.dll
Resource
win7-20240220-en
Behavioral task
behavioral28
Sample
heur002.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
heur003.dll
Resource
win7-20240508-en
Behavioral task
behavioral30
Sample
heur003.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral31
Sample
notfound.wav
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
notfound.wav
Resource
win10v2004-20240426-en
General
-
Target
notfound.wav
-
Size
20KB
-
MD5
b6db2d81423853ca8e82bd42e04e9ab2
-
SHA1
cfe0832bd5b107c94a54dc3c64df930462955dcf
-
SHA256
05c118e5a69fb0603c4e4d6357d3b92e3aca6e93883955eb9ec08110edc65fd5
-
SHA512
56ab7ad06fa0e55f44674279e9957cb96b13b090c0a61dd613c062654c37da2bff3dcf4a7d765db313de7fa19bb859794d3c06dfdadca23e45acf7c5c5fa6c19
-
SSDEEP
384:fWkYjsRliyvEwE5KDNYRcxHw6m6PV7WnG2q5FN2Kli+C:fuj04yvEwEM6Rcxjt4Bm0
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
vlc.exepid process 2980 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
vlc.exepid process 2980 vlc.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
vlc.exedescription pid process Token: 33 2980 vlc.exe Token: SeIncBasePriorityPrivilege 2980 vlc.exe -
Suspicious use of FindShellTrayWindow 8 IoCs
Processes:
vlc.exepid process 2980 vlc.exe 2980 vlc.exe 2980 vlc.exe 2980 vlc.exe 2980 vlc.exe 2980 vlc.exe 2980 vlc.exe 2980 vlc.exe -
Suspicious use of SendNotifyMessage 7 IoCs
Processes:
vlc.exepid process 2980 vlc.exe 2980 vlc.exe 2980 vlc.exe 2980 vlc.exe 2980 vlc.exe 2980 vlc.exe 2980 vlc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
vlc.exepid process 2980 vlc.exe
Processes
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\notfound.wav"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2980