Analysis

  • max time kernel
    41s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240611-en
  • resource tags

    arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13-06-2024 13:13

General

  • Target

    LastActivityView.exe

  • Size

    130KB

  • MD5

    f27a284ef9b018cdd2a98a7b78ccdcb3

  • SHA1

    67e260b11e6227c18cae8925b4f6899103c607f2

  • SHA256

    af86dc3f76d39b67b967a3b714e9e70ed43eec8d3871e9691cb45d84372b53fb

  • SHA512

    9a8811f13517748539308a70933b126a3348407f397bf30f903019379f927532c64015853b94acf21bdbc554d638a0265d4394d026e289103db06fe93fe5524b

  • SSDEEP

    3072:5e69eWHZXp1nPDhhloZqX6EsSiEF4Gw1aqL1p7BZ5CJ/:5e/+1nrhPKqX6EsS94H8B

Score
4/10

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 41 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe
    "C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:4272
  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\MovePing.mp4"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:4320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4320-5-0x00007FF6BD890000-0x00007FF6BD988000-memory.dmp
    Filesize

    992KB

  • memory/4320-6-0x00007FFE9C6C0000-0x00007FFE9C6F4000-memory.dmp
    Filesize

    208KB

  • memory/4320-10-0x00007FFE9C4B0000-0x00007FFE9C4C1000-memory.dmp
    Filesize

    68KB

  • memory/4320-14-0x00007FFE9C3B0000-0x00007FFE9C3C1000-memory.dmp
    Filesize

    68KB

  • memory/4320-13-0x00007FFE9C3D0000-0x00007FFE9C3ED000-memory.dmp
    Filesize

    116KB

  • memory/4320-12-0x00007FFE9C3F0000-0x00007FFE9C401000-memory.dmp
    Filesize

    68KB

  • memory/4320-16-0x00007FFE9C360000-0x00007FFE9C3A1000-memory.dmp
    Filesize

    260KB

  • memory/4320-15-0x00007FFE8A4E0000-0x00007FFE8A6EB000-memory.dmp
    Filesize

    2.0MB

  • memory/4320-11-0x00007FFE9C490000-0x00007FFE9C4A7000-memory.dmp
    Filesize

    92KB

  • memory/4320-9-0x00007FFE9D380000-0x00007FFE9D397000-memory.dmp
    Filesize

    92KB

  • memory/4320-8-0x00007FFEA00A0000-0x00007FFEA00B8000-memory.dmp
    Filesize

    96KB

  • memory/4320-7-0x00007FFE8B0E0000-0x00007FFE8B396000-memory.dmp
    Filesize

    2.7MB

  • memory/4320-29-0x00007FFE918D0000-0x00007FFE918E1000-memory.dmp
    Filesize

    68KB

  • memory/4320-33-0x000001D12F460000-0x000001D12F495000-memory.dmp
    Filesize

    212KB

  • memory/4320-32-0x000001D130430000-0x000001D13053E000-memory.dmp
    Filesize

    1.1MB

  • memory/4320-31-0x00007FFE89080000-0x00007FFE890DC000-memory.dmp
    Filesize

    368KB

  • memory/4320-30-0x00007FFE8B480000-0x00007FFE8B4D7000-memory.dmp
    Filesize

    348KB

  • memory/4320-28-0x00007FFE8B4E0000-0x00007FFE8B55C000-memory.dmp
    Filesize

    496KB

  • memory/4320-27-0x00007FFE8BA30000-0x00007FFE8BA97000-memory.dmp
    Filesize

    412KB

  • memory/4320-26-0x00007FFE92820000-0x00007FFE92850000-memory.dmp
    Filesize

    192KB

  • memory/4320-25-0x00007FFE92850000-0x00007FFE92868000-memory.dmp
    Filesize

    96KB

  • memory/4320-24-0x00007FFE92870000-0x00007FFE92881000-memory.dmp
    Filesize

    68KB

  • memory/4320-23-0x00007FFE97290000-0x00007FFE972AB000-memory.dmp
    Filesize

    108KB

  • memory/4320-22-0x00007FFE99BE0000-0x00007FFE99BF1000-memory.dmp
    Filesize

    68KB

  • memory/4320-21-0x00007FFE99C00000-0x00007FFE99C11000-memory.dmp
    Filesize

    68KB

  • memory/4320-20-0x00007FFE99C20000-0x00007FFE99C31000-memory.dmp
    Filesize

    68KB

  • memory/4320-19-0x00007FFE9C100000-0x00007FFE9C118000-memory.dmp
    Filesize

    96KB

  • memory/4320-18-0x00007FFE9C330000-0x00007FFE9C351000-memory.dmp
    Filesize

    132KB

  • memory/4320-17-0x00007FFE89430000-0x00007FFE8A4E0000-memory.dmp
    Filesize

    16.7MB

  • memory/4320-46-0x00007FFE89430000-0x00007FFE8A4E0000-memory.dmp
    Filesize

    16.7MB