Overview

overview

3

Static

static

3

ED62B6BD122.exe

windows7-x64

1

ED62B6BD122.exe

windows10-2004-x64

1

Resubmissions

27-05-2024 12:54

240527-p5cq8ada7v 3

27-05-2024 12:52

240527-p36arach6x 3

Analysis

  • max time kernel
    80s
  • max time network
    85s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-05-2024 12:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ED62B6BD122.exe

  • Size

    22.1MB

  • MD5

    68eca888cb479f840503bcdbda3acc88

  • SHA1

    609c73cd16d6a483dafb76179b21f329ea1fef00

  • SHA256

    0f7ff1dda72f7da756a8efb610c9bba0a574442a8a8b48413dda54981d28c4af

  • SHA512

    557b9c3743e5286ab3f21026dfab97c2608f47855a456aaf7cc893b39cfa57dc0df3000715b5da1f0993c4e6d06e84713329e2b190fd10f0d5a67b045da344db

  • SSDEEP

    393216:H7UhQ5zzPiYfcLYnzjbLYg/GXv2pXpH9P3il/gsHoEl8h/lt8/QH:EQpKYf+CLHGm9PggsHzylt8i

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 63 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ED62B6BD122.exe
    "C:\Users\Admin\AppData\Local\Temp\ED62B6BD122.exe"
    1⤵
      PID:2624
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3836
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1576
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\ShowRevoke.AAC"
        1⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:3916

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
        Filesize

        77B

        MD5

        8eef0fe431b987cb31b666b746a0f3c2

        SHA1

        cfeace2740e1cfa87e130f95433fdd55fe78291f

        SHA256

        9696427a3ab2b870345e67f0f3259f09e0b531a42b39c3247ac583b7b6551fab

        SHA512

        d6a8532368d08eebf94534be8289915f8c1d83de9ddeb9191c286436ab7c9cb1872f3326a45941895d93765eaa1bdc6f17632ae1b68842983267e3bdb4097878

        Download Submit

      • memory/3836-0-0x0000026EBA420000-0x0000026EBA421000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3836-1-0x0000026EBA420000-0x0000026EBA421000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3836-2-0x0000026EBA420000-0x0000026EBA421000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3836-12-0x0000026EBA420000-0x0000026EBA421000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3836-11-0x0000026EBA420000-0x0000026EBA421000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3836-10-0x0000026EBA420000-0x0000026EBA421000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3836-6-0x0000026EBA420000-0x0000026EBA421000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3836-9-0x0000026EBA420000-0x0000026EBA421000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3836-8-0x0000026EBA420000-0x0000026EBA421000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3836-7-0x0000026EBA420000-0x0000026EBA421000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3916-34-0x00007FF82FDD0000-0x00007FF82FDE7000-memory.dmp

        Filesize

        92KB

        Download

      • memory/3916-40-0x00007FF82FAE0000-0x00007FF82FB01000-memory.dmp

        Filesize

        132KB

        Download

      • memory/3916-32-0x00007FF82FE10000-0x00007FF82FE27000-memory.dmp

        Filesize

        92KB

        Download

      • memory/3916-36-0x00007FF82FD90000-0x00007FF82FDAD000-memory.dmp

        Filesize

        116KB

        Download

      • memory/3916-35-0x00007FF82FDB0000-0x00007FF82FDC1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/3916-28-0x00007FF699D20000-0x00007FF699E18000-memory.dmp

        Filesize

        992KB

        Download

      • memory/3916-33-0x00007FF82FDF0000-0x00007FF82FE01000-memory.dmp

        Filesize

        68KB

        Download

      • memory/3916-30-0x00007FF8305F0000-0x00007FF8308A6000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/3916-31-0x00007FF8424B0000-0x00007FF8424C8000-memory.dmp

        Filesize

        96KB

        Download

      • memory/3916-38-0x00007FF82FB60000-0x00007FF82FB71000-memory.dmp

        Filesize

        68KB

        Download

      • memory/3916-41-0x00007FF82FAC0000-0x00007FF82FAD8000-memory.dmp

        Filesize

        96KB

        Download

      • memory/3916-29-0x00007FF842380000-0x00007FF8423B4000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3916-39-0x00007FF82FB10000-0x00007FF82FB51000-memory.dmp

        Filesize

        260KB

        Download

      • memory/3916-37-0x00007FF82FB80000-0x00007FF82FD8B000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3916-45-0x00007FF82E9B0000-0x00007FF82E9C1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/3916-44-0x00007FF82E9D0000-0x00007FF82E9E1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/3916-43-0x00007FF82E9F0000-0x00007FF82EA01000-memory.dmp

        Filesize

        68KB

        Download

      • memory/3916-42-0x00007FF82EA10000-0x00007FF82FAC0000-memory.dmp

        Filesize

        16.7MB

        Download

      • memory/3916-46-0x0000019B67B70000-0x0000019B693DF000-memory.dmp

        Filesize

        24.4MB

        Download

      • memory/3916-55-0x00007FF842380000-0x00007FF8423B4000-memory.dmp

        Filesize

        208KB

        Download

      • memory/3916-56-0x00007FF8305F0000-0x00007FF8308A6000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/3916-54-0x00007FF699D20000-0x00007FF699E18000-memory.dmp

        Filesize

        992KB

        Download

      • memory/3916-57-0x00007FF82EA10000-0x00007FF82FAC0000-memory.dmp

        Filesize

        16.7MB

        Download