Overview
overview
7Static
static
7virtualdub...up.exe
windows7-x64
1virtualdub...up.exe
windows10-2004-x64
1virtualdub...er.dll
windows7-x64
7virtualdub...er.dll
windows10-2004-x64
7virtualdub...rt.dll
windows7-x64
3virtualdub...rt.dll
windows10-2004-x64
3virtualdub...er.dll
windows7-x64
1virtualdub...er.dll
windows10-2004-x64
1virtualdub...er.dll
windows7-x64
7virtualdub...er.dll
windows10-2004-x64
7audio-filters.html
windows7-x64
1audio-filters.html
windows10-2004-x64
1capwarn.html
windows7-x64
1capwarn.html
windows10-2004-x64
1crash.html
windows7-x64
1crash.html
windows10-2004-x64
1d-audiocom...n.html
windows7-x64
1d-audiocom...n.html
windows10-2004-x64
1d-audiocon...n.html
windows7-x64
1d-audiocon...n.html
windows10-2004-x64
1d-audiofilters.html
windows7-x64
1d-audiofilters.html
windows10-2004-x64
1d-audioint...g.html
windows7-x64
1d-audioint...g.html
windows10-2004-x64
1d-audiovolume.html
windows7-x64
1d-audiovolume.html
windows10-2004-x64
1d-capturep...s.html
windows7-x64
1d-capturep...s.html
windows10-2004-x64
1d-captures...s.html
windows7-x64
1d-captures...s.html
windows10-2004-x64
1d-capturevumeter.html
windows7-x64
1d-capturevumeter.html
windows10-2004-x64
1Analysis
-
max time kernel
119s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 01:05
Behavioral task
behavioral1
Sample
virtualdubmod/AuxSetup.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
virtualdubmod/AuxSetup.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
virtualdubmod/AviSynthLexer.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
virtualdubmod/AviSynthLexer.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
virtualdubmod/PlugIns/Smart.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
virtualdubmod/PlugIns/Smart.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
virtualdubmod/PlugIns/Subtitler.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
virtualdubmod/PlugIns/Subtitler.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
virtualdubmod/SciLexer.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
virtualdubmod/SciLexer.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
audio-filters.html
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
audio-filters.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
capwarn.html
Resource
win7-20240419-en
Behavioral task
behavioral14
Sample
capwarn.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
crash.html
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
crash.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
d-audiocompression.html
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
d-audiocompression.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
d-audioconversion.html
Resource
win7-20240215-en
Behavioral task
behavioral20
Sample
d-audioconversion.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
d-audiofilters.html
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
d-audiofilters.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral23
Sample
d-audiointerleaving.html
Resource
win7-20231129-en
Behavioral task
behavioral24
Sample
d-audiointerleaving.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
d-audiovolume.html
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
d-audiovolume.html
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
d-capturepreferences.html
Resource
win7-20240419-en
Behavioral task
behavioral28
Sample
d-capturepreferences.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
d-capturesettings.html
Resource
win7-20240508-en
Behavioral task
behavioral30
Sample
d-capturesettings.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
d-capturevumeter.html
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
d-capturevumeter.html
Resource
win10v2004-20240426-en
General
-
Target
d-audiovolume.html
-
Size
2KB
-
MD5
84c5cc10ac3158b32bad24cc37ee134f
-
SHA1
5bb0d38a82cee55e9dad92fcda058031749c679d
-
SHA256
e9a4266f40d8aa6e38b67ef5bc4fef668f6449997f4421fc68cb7a4565ccd866
-
SHA512
2ed9ae28e7bc963173662e1aecfb151896a052557943462d0d50a929a0bdf28af59052e02a9afc739557e0812253d98507633e785b2a1370d99fce3441f334c6
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50de2a1989b4da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4446E891-207C-11EF-8706-CEEE273A2359} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423452230" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000edf26cee4dcd9b4ab11ca58f92a8c5ce00000000020000000000106600000001000020000000fbb4687cabf972cca086393b2955e6e1004f04c7ff5f91de71c1ec3b8ca80b80000000000e80000000020000200000001a3e8e973ba9118dec0daac53b1d7827d3634956c9a47d56a6fd126c61e1828b9000000094a70f38ade6517d662454c82e8136c79e6b1e3374a26905fc241f8f15c6b60852130a5ee4b8fe65a7bba541729b439b7eedff43aa1a62961a37751f1b9dcde95d7a4781a98b056c2e45ff6b6171ae8365ca4cb52d8230968a1adf96fa55ea6619099e58265435a900b49537f316ba0248208be37eb2816d8ad128fc6e923616695ace5eab34559127ef3a7f7981e1b340000000b9ea7508c705e9c8af31a07a534d4d38ccca4970a8949a3060e649ded5c9848f4746f341027cf3c552006d1e29013c6c9e1bd319d371d442e373bc0105d3bc7c iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000edf26cee4dcd9b4ab11ca58f92a8c5ce00000000020000000000106600000001000020000000dd6d2466ab932723826e12fa7944e0b44adca156a95818ec9fc748fc22f184a8000000000e800000000200002000000074f4675b3188bc4d3f1035baf0c005e794a3f0b3b91d9485ddafa0e60f4dbde3200000008b62307b4864ca4ac1d810cb1757568f6c9417e96a045529cddbf03e7d009dba40000000e785139a4eeb49398f4d9f88cd47853b1d1e9954f0c23140762dfcbd2ad3dd3e6f756e3a85fdada2ee8fd7d6e8073d6be253b3b95b2630d203ff90f9807a34f6 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1152 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1152 iexplore.exe 1152 iexplore.exe 2232 IEXPLORE.EXE 2232 IEXPLORE.EXE 2232 IEXPLORE.EXE 2232 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1152 wrote to memory of 2232 1152 iexplore.exe 28 PID 1152 wrote to memory of 2232 1152 iexplore.exe 28 PID 1152 wrote to memory of 2232 1152 iexplore.exe 28 PID 1152 wrote to memory of 2232 1152 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d-audiovolume.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1152 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1152 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2232
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55ba057610d28cb4d08437415161b7a47
SHA165820d069518c2b4b9fce0f5e417787957f9da47
SHA256173e0759437e1c452fd2255e113f69ef129ceadb59091c8be610482ae3ae7868
SHA512f2b54ec8f3fac3f2df1f204a5963b12e265d3a29559117153b077f3161782c90eac9509a8f3f13ad669fd87fbd843feade7b224bbcc37c2aa6a403010b59b34b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59bee5ee29d7578f19b0faaf9c0389971
SHA19a2ec4f34c1f2a58efc3bb0d919c14423f222e67
SHA256111b08b67034d64a221ad08ea57a3f41d90545506fcc722c0594c1c8f42d524a
SHA5125a96eaa2bb5e9e37b3481b7110e1f7b1e971c3164e4619c29557bca142ed4693da7179e07de4bc13994bb5dbcfddcdc5a3574cb371d93bc7c746b822ff4b1e49
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d129e6cbc094649da64c94bde07fbfe6
SHA16c3e7c67b15764ef8bbdc00f7ead9212d1165b00
SHA256833a38a72e9b281c2bc0ee9842e21f54e3dd1293e14393ff0ed5d5344be7318f
SHA512714681b6ee126b38ce02d7437bc0fd348e602597f98380f000e6ac91ba52c99916046c5f9e1f9dbe0c50fa2ec4f258fb94084da4f180ce419064e6bfeb271673
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d7f2c32cd1cd3f472e03e6c5c16dd3eb
SHA14290ddb18819a9b23932cd8c6be6ee3d745df636
SHA2568d683dea3a3bc1dcad1ca7ef9d1b7c6d48aea230dd02653c5b913cee4c26c2e1
SHA512e090840ee7ae34d2855f4daedb5a57907a17fbb1286fddc812db215c485bcbd9c1b1eb4cfe0635a8b2d3713ba831cf511c877dceef71852edab5867432c09276
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dbf8d8e63be6bd5485279f45b9f23013
SHA1cbfd6f136a775ac00ad4d981cf1cad708d6d27a2
SHA256c282fa120d3e2c0b14ac765c12979fe8466021011c75c060f6e82f02ca4dd2c7
SHA512b1f344b5aa7b96e21086e84e752bf72ef73c2e6aca50c9349958da5beae9cf96fa66ce52a4f3f1c22416c210f240396186600a49c886cb0d64a3b8f48004795a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5922f99de1cfa7fb482d4004e83f114ff
SHA1aedeef0e52c0582598953434b45ae9e5ea8a6ae2
SHA256237a95e67842fd8a4e60ed28a354fb62464d80e56ad9133316259d5bde6a28a3
SHA5120524e2ef08ed1a406c353c9366c71e7308b3963f978d59060b90593e72cbaeec622053b4f521e67ab7dd4f3ac8cf7bed1e479a82be2361ba047ca9e1237f1f56
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56e921b9a37351fb011d057cabd7800cb
SHA1ba3da6bf5570d704f71996dca3e2773313364146
SHA2566de24266b8434281691aa7df74c8020b50d2a36a65d0e2d808c464f91694913d
SHA5125651d5ab8da35ed12d72886dd707bf4346dec484d1a2cdb9f4f2600b89d6db55a965449589224321838efbe2b83f0f5ebfd101bfe9fd89cd472ad75376703cc7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5604182df415ebf1eb6b69fdf4237e949
SHA133c0a70ccb541cb54a927c6405bf4368ce44dcd0
SHA2567f9cb9a582eac3282a4dc2e4d2e5d1070a54f1b69a477130185c277dfc9498f3
SHA512878c90cd54b55411b016e3c360a30f872ed7ebcf4408d749c7b22fffb0d25fad584c9bfe8bd79ed9c8a14b872b929a1b5bd6ccb37e463a9d5f0e05af1dc228bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50eeacdac1a93f97e63038a99116bd77b
SHA172be2ebf32b47988e122058cbc6815d3b0b53593
SHA25622425c23c0aa0ed72358ee3423fb605389c56734ba17cefff925f31c8aa5db0b
SHA512baaa94273a64db6d8cb9b3d0050c34fdda7b81c71ac6f8f93302c0732eb5086e01b795517e6fd5280dafa623c1364e28075c2eabef613143a03481cf3540b709
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5efaeafc91dbc6db21839cee7b92ae767
SHA1ee89d1474a81cfb216046fb080ac93b1d2845cd8
SHA256cf147bf058b1c0647935b5ac1f72a5de9059a1f1c22c2aabf936c339a0b150fc
SHA512d7380a01ba55d24a3b3808f71393b17155f4dcaf0eb875d404b7527c41ae4ed5662339f233f73483029533efe6a84b9ba7df6e05041a6a00f33bb3bb0b473c68
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b