Overview

overview

10

Static

static

7

SpySheriff.zip

windows7-x64

1

SpySheriff.zip

windows10-2004-x64

1

IESecurity.dll

windows7-x64

6

IESecurity.dll

windows10-2004-x64

6

ProcMon.dll

windows7-x64

1

ProcMon.dll

windows10-2004-x64

1

ReadME.txt

windows7-x64

1

ReadME.txt

windows10-2004-x64

1

SpySheriff.dvm

windows7-x64

3

SpySheriff.dvm

windows10-2004-x64

3

SpySheriff.exe

windows7-x64

7

SpySheriff.exe

windows10-2004-x64

7

Uninstall.exe

windows7-x64

1

Uninstall.exe

windows10-2004-x64

1

base.avd

windows7-x64

3

base.avd

windows10-2004-x64

3

base001.avd

windows7-x64

3

base001.avd

windows10-2004-x64

3

base002.avd

windows7-x64

3

base002.avd

windows10-2004-x64

3

found.wav

windows7-x64

1

found.wav

windows10-2004-x64

6

heur000.dll

windows7-x64

1

heur000.dll

windows10-2004-x64

1

heur001.dll

windows7-x64

1

heur001.dll

windows10-2004-x64

1

heur002.dll

windows7-x64

4

heur002.dll

windows10-2004-x64

4

heur003.dll

windows7-x64

10

heur003.dll

windows10-2004-x64

10

notfound.wav

windows7-x64

1

notfound.wav

windows10-2004-x64

6

Analysis

  • max time kernel
    140s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 20:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    notfound.wav

  • Size

    20KB

  • MD5

    b6db2d81423853ca8e82bd42e04e9ab2

  • SHA1

    cfe0832bd5b107c94a54dc3c64df930462955dcf

  • SHA256

    05c118e5a69fb0603c4e4d6357d3b92e3aca6e93883955eb9ec08110edc65fd5

  • SHA512

    56ab7ad06fa0e55f44674279e9957cb96b13b090c0a61dd613c062654c37da2bff3dcf4a7d765db313de7fa19bb859794d3c06dfdadca23e45acf7c5c5fa6c19

  • SSDEEP

    384:fWkYjsRliyvEwE5KDNYRcxHw6m6PV7WnG2q5FN2Kli+C:fuj04yvEwEM6Rcxjt4Bm0

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\notfound.wav"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2980-6-0x000007FEFACC0000-0x000007FEFACF4000-memory.dmp
    Filesize

    208KB

    Download
  • memory/2980-5-0x000000013FAF0000-0x000000013FBE8000-memory.dmp
    Filesize

    992KB

    Download
  • memory/2980-8-0x000007FEFB9E0000-0x000007FEFB9F8000-memory.dmp
    Filesize

    96KB

    Download
  • memory/2980-9-0x000007FEFAD10000-0x000007FEFAD27000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2980-10-0x000007FEFACA0000-0x000007FEFACB1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/2980-11-0x000007FEFA940000-0x000007FEFA957000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2980-12-0x000007FEF7760000-0x000007FEF7771000-memory.dmp
    Filesize

    68KB

    Download
  • memory/2980-14-0x000007FEF7620000-0x000007FEF7631000-memory.dmp
    Filesize

    68KB

    Download
  • memory/2980-13-0x000007FEF7640000-0x000007FEF765D000-memory.dmp
    Filesize

    116KB

    Download
  • memory/2980-7-0x000007FEF5F80000-0x000007FEF6236000-memory.dmp
    Filesize

    2.7MB

    Download
  • memory/2980-15-0x000007FEF5D70000-0x000007FEF5F7B000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/2980-17-0x000007FEF6F30000-0x000007FEF6F71000-memory.dmp
    Filesize

    260KB

    Download
  • memory/2980-19-0x000007FEF6EE0000-0x000007FEF6EF8000-memory.dmp
    Filesize

    96KB

    Download
  • memory/2980-18-0x000007FEF6F00000-0x000007FEF6F21000-memory.dmp
    Filesize

    132KB

    Download
  • memory/2980-20-0x000007FEF68D0000-0x000007FEF68E1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/2980-21-0x000007FEF68B0000-0x000007FEF68C1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/2980-22-0x000007FEF6890000-0x000007FEF68A1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/2980-23-0x000007FEF6870000-0x000007FEF688B000-memory.dmp
    Filesize

    108KB

    Download
  • memory/2980-24-0x000007FEF4CA0000-0x000007FEF4CB1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/2980-25-0x000007FEF4C80000-0x000007FEF4C98000-memory.dmp
    Filesize

    96KB

    Download
  • memory/2980-26-0x000007FEF4C50000-0x000007FEF4C80000-memory.dmp
    Filesize

    192KB

    Download
  • memory/2980-27-0x000007FEF4BE0000-0x000007FEF4C47000-memory.dmp
    Filesize

    412KB

    Download
  • memory/2980-28-0x000007FEF4B60000-0x000007FEF4BDC000-memory.dmp
    Filesize

    496KB

    Download
  • memory/2980-29-0x000007FEF4B40000-0x000007FEF4B51000-memory.dmp
    Filesize

    68KB

    Download
  • memory/2980-31-0x000007FEF4AB0000-0x000007FEF4AD8000-memory.dmp
    Filesize

    160KB

    Download
  • memory/2980-30-0x000007FEF4AE0000-0x000007FEF4B37000-memory.dmp
    Filesize

    348KB

    Download
  • memory/2980-35-0x000007FEF4A10000-0x000007FEF4A21000-memory.dmp
    Filesize

    68KB

    Download
  • memory/2980-34-0x000007FEF4A30000-0x000007FEF4A53000-memory.dmp
    Filesize

    140KB

    Download
  • memory/2980-37-0x000007FEFAD60000-0x000007FEFAD70000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2980-36-0x000007FEF49F0000-0x000007FEF4A02000-memory.dmp
    Filesize

    72KB

    Download
  • memory/2980-16-0x000007FEF4CC0000-0x000007FEF5D70000-memory.dmp
    Filesize

    16.7MB

    Download
  • memory/2980-33-0x000007FEF4A60000-0x000007FEF4A78000-memory.dmp
    Filesize

    96KB

    Download
  • memory/2980-32-0x000007FEF4A80000-0x000007FEF4AA4000-memory.dmp
    Filesize

    144KB

    Download
  • memory/2980-38-0x000007FEF47D0000-0x000007FEF47FF000-memory.dmp
    Filesize

    188KB

    Download
  • memory/2980-39-0x000007FEF47B0000-0x000007FEF47C1000-memory.dmp
    Filesize

    68KB

    Download
  • memory/2980-40-0x000007FEF4790000-0x000007FEF47A6000-memory.dmp
    Filesize

    88KB

    Download
  • memory/2980-41-0x000007FEF4770000-0x000007FEF4785000-memory.dmp
    Filesize

    84KB

    Download
  • memory/2980-42-0x000007FEF4730000-0x000007FEF4741000-memory.dmp
    Filesize

    68KB

    Download
  • memory/2980-43-0x000007FEF4710000-0x000007FEF4722000-memory.dmp
    Filesize

    72KB

    Download
  • memory/2980-44-0x000007FEF4590000-0x000007FEF470A000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/2980-45-0x000007FEF4570000-0x000007FEF4583000-memory.dmp
    Filesize

    76KB

    Download
  • memory/2980-46-0x000007FEF4550000-0x000007FEF4564000-memory.dmp
    Filesize

    80KB

    Download
  • memory/2980-47-0x000007FEF4530000-0x000007FEF4541000-memory.dmp
    Filesize

    68KB

    Download
  • memory/2980-48-0x000007FEF4510000-0x000007FEF4521000-memory.dmp
    Filesize

    68KB

    Download
  • memory/2980-49-0x000007FEF44F0000-0x000007FEF4501000-memory.dmp
    Filesize

    68KB

    Download
  • memory/2980-50-0x000007FEF44D0000-0x000007FEF44E6000-memory.dmp
    Filesize

    88KB

    Download