Overview
overview
7Static
static
7virtualdub...up.exe
windows7-x64
1virtualdub...up.exe
windows10-2004-x64
1virtualdub...er.dll
windows7-x64
7virtualdub...er.dll
windows10-2004-x64
7virtualdub...rt.dll
windows7-x64
3virtualdub...rt.dll
windows10-2004-x64
3virtualdub...er.dll
windows7-x64
1virtualdub...er.dll
windows10-2004-x64
1virtualdub...er.dll
windows7-x64
7virtualdub...er.dll
windows10-2004-x64
7audio-filters.html
windows7-x64
1audio-filters.html
windows10-2004-x64
1capwarn.html
windows7-x64
1capwarn.html
windows10-2004-x64
1crash.html
windows7-x64
1crash.html
windows10-2004-x64
1d-audiocom...n.html
windows7-x64
1d-audiocom...n.html
windows10-2004-x64
1d-audiocon...n.html
windows7-x64
1d-audiocon...n.html
windows10-2004-x64
1d-audiofilters.html
windows7-x64
1d-audiofilters.html
windows10-2004-x64
1d-audioint...g.html
windows7-x64
1d-audioint...g.html
windows10-2004-x64
1d-audiovolume.html
windows7-x64
1d-audiovolume.html
windows10-2004-x64
1d-capturep...s.html
windows7-x64
1d-capturep...s.html
windows10-2004-x64
1d-captures...s.html
windows7-x64
1d-captures...s.html
windows10-2004-x64
1d-capturevumeter.html
windows7-x64
1d-capturevumeter.html
windows10-2004-x64
1Analysis
-
max time kernel
130s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 01:05
Behavioral task
behavioral1
Sample
virtualdubmod/AuxSetup.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
virtualdubmod/AuxSetup.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
virtualdubmod/AviSynthLexer.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
virtualdubmod/AviSynthLexer.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
virtualdubmod/PlugIns/Smart.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
virtualdubmod/PlugIns/Smart.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
virtualdubmod/PlugIns/Subtitler.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
virtualdubmod/PlugIns/Subtitler.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
virtualdubmod/SciLexer.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
virtualdubmod/SciLexer.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
audio-filters.html
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
audio-filters.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
capwarn.html
Resource
win7-20240419-en
Behavioral task
behavioral14
Sample
capwarn.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
crash.html
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
crash.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
d-audiocompression.html
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
d-audiocompression.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
d-audioconversion.html
Resource
win7-20240215-en
Behavioral task
behavioral20
Sample
d-audioconversion.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
d-audiofilters.html
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
d-audiofilters.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral23
Sample
d-audiointerleaving.html
Resource
win7-20231129-en
Behavioral task
behavioral24
Sample
d-audiointerleaving.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
d-audiovolume.html
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
d-audiovolume.html
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
d-capturepreferences.html
Resource
win7-20240419-en
Behavioral task
behavioral28
Sample
d-capturepreferences.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
d-capturesettings.html
Resource
win7-20240508-en
Behavioral task
behavioral30
Sample
d-capturesettings.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
d-capturevumeter.html
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
d-capturevumeter.html
Resource
win10v2004-20240426-en
General
-
Target
d-audiofilters.html
-
Size
3KB
-
MD5
d84ffb379e9de66fcb6fbff5b9551452
-
SHA1
f37e8f8fed356dfc07936fa0d7665b1543086c22
-
SHA256
028a10b99aef5f381ce2799eb43da550e12e16db5c419ff64a57730af319f223
-
SHA512
3bf78a071a1ae51255e539d16380731863278fdbbdeba3d7eca08981e2d45877413b715f2408ab94bd8b3ede10cdd1b104d927e612092ac9caba3ee89baf1eb3
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000005a34169f798c94cbec955842d416c76000000000200000000001066000000010000200000005b1db17b50ecd55a120c6bf333b391f031812a67eec11887cf2fbe20b6042b63000000000e8000000002000020000000941ad3bda78e1f99c90d52f82e2523a7208af5c6befa53f38cbbb36e8a03f52120000000e43ee8f167e1cc83f8a7d1c7182d1771ebfcc515bdabb23f6fb69bf632fb6f5740000000ccc4360ca1108ec3185dcc9bfa9f9d8d78f1e48e25f590511e14db8c50ea67422da5d7d5f554fe3adb394d8a2e23cce622707477a631e9b28d547e6fa4534839 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000005a34169f798c94cbec955842d416c76000000000200000000001066000000010000200000003e403d5f51a71a216490c4aa3bf22aec7184aaebf777e60d76da7fefb221ecea000000000e800000000200002000000052b2ef755b4c1c85ef84e50b83acae503bf68956f6571f50b9dd84381c4b2b1490000000c15b7e808995cc21094d6dddc78a00c9ffc1c26bbfd88ac8f4bfe568d0e61d550ad32d39b7e85c5b8dc1165a3c4bdbb9ff4a3013f8a94d32bbf08dcc38dcb7cec45da5150229fc0fa976bc6b02abd32c6da2ae3259e932f45085360d1a3944d100c76327bd737e66141e620a61475770e465edb3648089797fd90e8992b6321da22203c828fd8f5b9ea1ef1b01aa116f400000002996db18d836c8634c74a939cabded9f2b0e157adb027917bc7db0f597b08d2636f3eee3383fe32a45a909f14609fdeb6d1bdeaaaa6e63962d453ad2d0ea92d5 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{43130C11-207C-11EF-8414-4A4F109F65B0} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 908e871789b4da01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423452248" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3000 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3000 iexplore.exe 3000 iexplore.exe 2200 IEXPLORE.EXE 2200 IEXPLORE.EXE 2200 IEXPLORE.EXE 2200 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3000 wrote to memory of 2200 3000 iexplore.exe 28 PID 3000 wrote to memory of 2200 3000 iexplore.exe 28 PID 3000 wrote to memory of 2200 3000 iexplore.exe 28 PID 3000 wrote to memory of 2200 3000 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d-audiofilters.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3000 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2200
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c7b83ec92643e88b8e59552edd9422b1
SHA1740dd0652dee3d9872ece1637b4a2a875e0776b9
SHA25659b570f7675e673d67c49164aaeedf5207c19c30dfc796b327e8d7ea941ffaa2
SHA5121ce6d61c3b767490613ce49415f56799b1e44bb02d3e14a07f06dd2411c79d21629abbee5e51ecffa2b9ec8f7ccf6af8d580919ffbe8cfe5a55c6213283ff8b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51b9904b3c0fd3081a26c8755832bc52d
SHA1f499b2e4fff92c6a4c7ebe1b5827907f61e0957b
SHA25656a3a1942b6ec8b9c95d89f17537c8bdc73e063541a296ef61d7581c0aa4b490
SHA51275ec5f85a1ebca5529806dd158b2aed904c0e62be0f6a42d591ba8a4631c76c9ba53d7e5daf9d1195a4e4ad5e2163f40c1886567b1a084bae34488cbead5806a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD574f58b8dab8385cce503d36e0bfdf25f
SHA1da9ded2d081287cd602690668c1e5d4ea89e8c6c
SHA256baa3d19a2c76902768d0db6a3b5700d5d238873671c16f436688e9e07eda712f
SHA512a91d1e8b9646d9d8dadbb70246c68ae162a3540f1089638052a2eb394394204323bab414cde314d72cf8e14a18a04c9b43c13f027bf6b302387043db6953e757
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD516cea2f2f21c2efc89310d42b7f5e10e
SHA1d210232a3247b8418da27cb3e71e1b9ce98ce891
SHA25688c7f4c431990f203d168259ee5780e512dd0b404b1a8f09322d5ee3bcdd0bf4
SHA5125a8fd1af7b90b4a4dde8bd6248fd425664dbde856617d37eb7a8446b9c1f158894d83aa9afe5eaddf815aac9cfe26b8d6260dce9237b976b21558fdaf43d2963
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d4a1aaf7fe38b0069e04639ae2656d87
SHA121a7baa0cedbd2b2b5e2a32bcb94bbffa815e961
SHA25657b862d4472e1bab2de01eaf26c7136a0301c2943cf94c120e4c2dce2d23e318
SHA512ce1deb4403e7a31f42436e4d78dde8c86a36176c243b7f2d91b4439d4eadb560901a088c060ab82d9c9d1eb627d3e33835a76d9793e8488a46b6a3f07c2bf4da
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5030d4ba93d875d61f56542ab26071675
SHA192128e42a4a99839f28f54e1a72e3c511faab606
SHA2568e831f683e6af19f8226de7163b1c954450f61dfbceae29310256f1883ae1607
SHA512734d93a808052660c6080fa02ad467efdf47645ff5f8b115c4a932c5e0bcf6db6d712957692dae86a53ab56de7244cc520717218dea2521576645057c1289de6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5107b289346f32df7d23284c72d651f7a
SHA1294a852ce35ba5606bf678b5568965904967d660
SHA256cc9882751ecdf122ed824b9cb44a3441d2850fffcd5cb8e3cbb58a154e617633
SHA5124f72fa1a40d9fdf6b01dedde698ef5479f0bca600236cb341ae127f8cb1ebefd8b53dfeca9c6165d020ae6d9704efb722991575ce67705b57dd955ed31486221
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fefbcc81cb46a738ea89dff2f4b8379c
SHA154f51ff1535726a2efcad7eaf2ee846a883dae44
SHA2563dcce16e635d405dee8d064c3f508d38b8b158f443dae75002dbce53624890d7
SHA512fb4fc11b8abf9d33f5f196d8fbd73fdbd716ebe56bcf90d83d6ff78677aa3d06d7a2ca263747bbd9eb317fdcc39fccd7fa6bf2ba5629ae0de74a0762bf6fc889
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59b49466c6d0996bfcf27fca6e46bf8f2
SHA11e368b9b12bf82e777ff35fde4a94f76bc7ae5b5
SHA256b102023f67ac1ad45bc822fd8d019364a09332636b9cbae4047366d790605734
SHA51208fa9acc23c81c6aaf237faa320b21e0e720468c61ff361dc8e887431fe2e44514c1329ce8eefe75e4571d8576932608e84e0cb4e2b31fa9dbb7390af75fbe26
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD503e6e7fa8c3f53bbbcd407fa5a323de4
SHA1aad3afd7028af178b35b4afa0f36fb1dccd9603d
SHA2560b97225c736f7f0b626b624f2612ec7f13e7fdadf20516e7fe609e2f9d468e3d
SHA512904d2a4eec4b6f33ffa40afa9c0d686a2ae641b7887199be526c42ca37b51847c49084012d6204575f00b7ecdd63a549c9a870766091735136a196645e73da2a
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b