b46ce5e37a3a0de709e057b3f3629182570068340cef8a1c1d2aeaa65dc35174

Resubmissions

08/06/2024, 16:30

240608-tz8nxsdc8v 8

08/06/2024, 16:18

240608-tscmxadb9t 5

08/06/2024, 02:27

240608-cxkqmsff7v 5

Analysis

max time kernel
5s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/06/2024, 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DisplyyMapper.exe
Size

13.6MB
MD5

69ecc872198af00462376f967c35dccd
SHA1

fb974099b3e01f541659895fe50221c760a5f381
SHA256

b46ce5e37a3a0de709e057b3f3629182570068340cef8a1c1d2aeaa65dc35174
SHA512

cd874c72f8a414d473a7f51953ad96cf9fff29c9ba46281eb12f1c261af712243695c0b3f2dca1c634984347368f7e0e6cd69ef4686c0432ef9b753547279ba0
SSDEEP

196608:bybt7UZOGLHah64d9cD498zVztRLKSaqmD39fZFS4z+D63tkV46SlmBGcmpr:b2QOoHaht9598zpttm5xA4WUw46SEmR

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe
1412	DisplyyMapper.exe

C:\Users\Admin\AppData\Local\Temp\DisplyyMapper.exe
"C:\Users\Admin\AppData\Local\Temp\DisplyyMapper.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:1412

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\BackupSend.rmi"
1⤵
PID:2940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6489758,0x7fef6489768,0x7fef6489778
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1368,i,2886689616341710312,88718308372962877,131072 /prefetch:2
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1368,i,2886689616341710312,88718308372962877,131072 /prefetch:8
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1368,i,2886689616341710312,88718308372962877,131072 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1584 --field-trial-handle=1368,i,2886689616341710312,88718308372962877,131072 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1720 --field-trial-handle=1368,i,2886689616341710312,88718308372962877,131072 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1396 --field-trial-handle=1368,i,2886689616341710312,88718308372962877,131072 /prefetch:2
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1456 --field-trial-handle=1368,i,2886689616341710312,88718308372962877,131072 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3740 --field-trial-handle=1368,i,2886689616341710312,88718308372962877,131072 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3744 --field-trial-handle=1368,i,2886689616341710312,88718308372962877,131072 /prefetch:8
  2⤵
  PID:964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6489758,0x7fef6489768,0x7fef6489778
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1268,i,16004316225751110588,6590216272852885669,131072 /prefetch:2
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1268,i,16004316225751110588,6590216272852885669,131072 /prefetch:8
  2⤵
  PID:1296

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7c1a827d-9f51-4ecf-ab86-778a9cc16bb7.tmp

Filesize
256KB

MD5
623e752362a2a82d26f2457af0f02dbe

SHA1
47d959699f441198f6d9099f833367cf081febad

SHA256
e8b0303db94144451a542c9b73fb7aa2e0ff341138d02a581c66373499f1fbe3

SHA512
30779a6999a88f67b290f4299984555ce02b4254826a36c2caa0d88e66c3ae8f9cf9fca2b916550d403881f34e113640c46f0a409d53c0fe11704e80d89bb037

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
ecd8ebd0d441c0b49b641fbcd5444d17

SHA1
75760164655f0e440880cfb868a10a01b67b6c90

SHA256
f46d8cdf1812d342e3b49ee242fdba78935d597ccdf86989d165e28696cf62b7

SHA512
99913f343bc9df93bcd6d789c4ddb2378e7f49778836e844bee55de79a98c39a9793331a22c2e6b6f171fd3289c77586a4e32b9d9bbcefd68a0029f6d11d2256

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
74aa2098a30ef23d9e9d206425a92ec1

SHA1
516684fcc129c4001a7593bbf0f2e565c3278d81

SHA256
1d1273978fffcdf9674367dd404fa85cdce310b92a4cf3205209453044d641a4

SHA512
eef32ca298e4f070876078b494d69867d484094cca3b796dedb289c22e0f327a40af3bcfa60a7a4a5dc6990b6beba62e7a2507f69f1a81e8039839e63fbd3efc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
76B

MD5
4be8a1414e56c2ee9f239d1de835416e

SHA1
36d7ecc86a204a485764e43ca8d2cbf972e17035

SHA256
b279922919da6ad1e136ba611fb3078a23126c8bcad2a2aa4dd42872396b2c06

SHA512
18cb9558d3be3384ffa715283ebbd863e96117a2bfa5c1954df9c82cd42f993f18dadbbd4c166a362f11e4c839b511d61d85ba0237ba6d8dc8dc90ffe57ad26a

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.Ya2940

Filesize
75B

MD5
de456d3a633b68cc6a56318f2938b918

SHA1
b91ff408951583b423d458507cc5e1d313a400d4

SHA256
eb4ad1fe9a9f67562a99a17d7e68f0be8d85f872c16cab2070ea144525521608

SHA512
fdd5c42f05a4e38568e5453b569f0363b5a01e0b2ff526b4ac9d126aa43c1abfb9c3d5c95080dc92af6978daee729119608502e83d3ead4b1723faac8c52f80b

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

Filesize
18B

MD5
d133d8ce956f261396573e2c597dd341

SHA1
50efd296766b4ef47564ab2afb984705cb7a9c2a

SHA256
6316d560dbfd25f508eacd41b9c91633f67121eda79e236e194ff7853ebb49bd

SHA512
4ceb28cad3c953c17d5658edf1ca5f33f86912dcbac4332fc5eebb53bc813a3083df21227176f70c14520239d835c6f7c6accc99c0f6883e9132f1b9b46bba05

Download Submit
memory/1412-8-0x00000000770B0000-0x00000000770B2000-memory.dmp

Filesize
8KB

Download
memory/1412-6-0x00000000770B0000-0x00000000770B2000-memory.dmp

Filesize
8KB

Download
memory/1412-0-0x000000014000B000-0x000000014082C000-memory.dmp

Filesize
8.1MB

Download
memory/1412-12-0x0000000140000000-0x00000001415D0000-memory.dmp

Filesize
21.8MB

Download
memory/1412-1-0x00000000770A0000-0x00000000770A2000-memory.dmp

Filesize
8KB

Download
memory/1412-10-0x00000000770B0000-0x00000000770B2000-memory.dmp

Filesize
8KB

Download
memory/1412-173-0x0000000140000000-0x00000001415D0000-memory.dmp

Filesize
21.8MB

Download
memory/1412-172-0x000000014000B000-0x000000014082C000-memory.dmp

Filesize
8.1MB

Download
memory/1412-3-0x00000000770A0000-0x00000000770A2000-memory.dmp

Filesize
8KB

Download
memory/1412-5-0x00000000770A0000-0x00000000770A2000-memory.dmp

Filesize
8KB

Download
memory/1412-11-0x0000000140000000-0x00000001415D0000-memory.dmp

Filesize
21.8MB

Download
memory/2940-43-0x000007FEF4530000-0x000007FEF459F000-memory.dmp

Filesize
444KB

Download
memory/2940-26-0x000007FEF65C0000-0x000007FEF65D7000-memory.dmp

Filesize
92KB

Download
memory/2940-48-0x000007FEF4430000-0x000007FEF4447000-memory.dmp

Filesize
92KB

Download
memory/2940-47-0x000007FEF4450000-0x000007FEF4474000-memory.dmp

Filesize
144KB

Download
memory/2940-46-0x000007FEF4480000-0x000007FEF44A8000-memory.dmp

Filesize
160KB

Download
memory/2940-45-0x000007FEF44B0000-0x000007FEF4506000-memory.dmp

Filesize
344KB

Download
memory/2940-44-0x000007FEF4510000-0x000007FEF4521000-memory.dmp

Filesize
68KB

Download
memory/2940-50-0x000007FEF43E0000-0x000007FEF43F1000-memory.dmp

Filesize
68KB

Download
memory/2940-42-0x000007FEF45A0000-0x000007FEF4607000-memory.dmp

Filesize
412KB

Download
memory/2940-36-0x000007FEF5750000-0x000007FEF5761000-memory.dmp

Filesize
68KB

Download
memory/2940-35-0x000007FEF5770000-0x000007FEF5781000-memory.dmp

Filesize
68KB

Download
memory/2940-34-0x000007FEF5790000-0x000007FEF57A1000-memory.dmp

Filesize
68KB

Download
memory/2940-33-0x000007FEF57B0000-0x000007FEF57C8000-memory.dmp

Filesize
96KB

Download
memory/2940-32-0x000007FEF57D0000-0x000007FEF57F1000-memory.dmp

Filesize
132KB

Download
memory/2940-31-0x000007FEF5800000-0x000007FEF583F000-memory.dmp

Filesize
252KB

Download
memory/2940-30-0x000007FEF5840000-0x000007FEF5A40000-memory.dmp

Filesize
2.0MB

Download
memory/2940-27-0x000007FEF5D30000-0x000007FEF5D41000-memory.dmp

Filesize
68KB

Download
memory/2940-49-0x000007FEF4400000-0x000007FEF4423000-memory.dmp

Filesize
140KB

Download
memory/2940-25-0x000007FEF6600000-0x000007FEF6611000-memory.dmp

Filesize
68KB

Download
memory/2940-24-0x000007FEF6620000-0x000007FEF6637000-memory.dmp

Filesize
92KB

Download
memory/2940-23-0x000007FEF6640000-0x000007FEF6658000-memory.dmp

Filesize
96KB

Download
memory/2940-17-0x000007FEF5D50000-0x000007FEF6004000-memory.dmp

Filesize
2.7MB

Download
memory/2940-41-0x000007FEF4610000-0x000007FEF56BB000-memory.dmp

Filesize
16.7MB

Download
memory/2940-70-0x000007FEF5D50000-0x000007FEF6004000-memory.dmp

Filesize
2.7MB

Download
memory/2940-51-0x000007FEF43C0000-0x000007FEF43D2000-memory.dmp

Filesize
72KB

Download
memory/2940-53-0x000007FEF4370000-0x000007FEF4383000-memory.dmp

Filesize
76KB

Download
memory/2940-52-0x000007FEF4390000-0x000007FEF43B1000-memory.dmp

Filesize
132KB

Download
memory/2940-37-0x000007FEF5730000-0x000007FEF574B000-memory.dmp

Filesize
108KB

Download
memory/2940-38-0x000007FEF5710000-0x000007FEF5721000-memory.dmp

Filesize
68KB

Download
memory/2940-39-0x000007FEF56F0000-0x000007FEF5708000-memory.dmp

Filesize
96KB

Download
memory/2940-40-0x000007FEF56C0000-0x000007FEF56F0000-memory.dmp

Filesize
192KB

Download
memory/2940-28-0x000007FEF5D10000-0x000007FEF5D2D000-memory.dmp

Filesize
116KB

Download
memory/2940-29-0x000007FEF5A40000-0x000007FEF5A51000-memory.dmp

Filesize
68KB

Download
memory/2940-16-0x000007FEF7680000-0x000007FEF76B4000-memory.dmp

Filesize
208KB

Download
memory/2940-15-0x000000013F450000-0x000000013F548000-memory.dmp

Filesize
992KB

Download