Analysis
-
max time kernel
41s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
13-06-2024 13:13
Static task
static1
Behavioral task
behavioral1
Sample
LastActivityView.exe
Resource
win11-20240611-en
General
-
Target
LastActivityView.exe
-
Size
130KB
-
MD5
f27a284ef9b018cdd2a98a7b78ccdcb3
-
SHA1
67e260b11e6227c18cae8925b4f6899103c607f2
-
SHA256
af86dc3f76d39b67b967a3b714e9e70ed43eec8d3871e9691cb45d84372b53fb
-
SHA512
9a8811f13517748539308a70933b126a3348407f397bf30f903019379f927532c64015853b94acf21bdbc554d638a0265d4394d026e289103db06fe93fe5524b
-
SSDEEP
3072:5e69eWHZXp1nPDhhloZqX6EsSiEF4Gw1aqL1p7BZ5CJ/:5e/+1nrhPKqX6EsS94H8B
Malware Config
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
vlc.exepid process 4320 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
Processes:
LastActivityView.exevlc.exepid process 4272 LastActivityView.exe 4320 vlc.exe -
Suspicious use of AdjustPrivilegeToken 41 IoCs
Processes:
LastActivityView.exedescription pid process Token: SeBackupPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeBackupPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeBackupPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe Token: SeSecurityPrivilege 4272 LastActivityView.exe -
Suspicious use of FindShellTrayWindow 8 IoCs
Processes:
vlc.exepid process 4320 vlc.exe 4320 vlc.exe 4320 vlc.exe 4320 vlc.exe 4320 vlc.exe 4320 vlc.exe 4320 vlc.exe 4320 vlc.exe -
Suspicious use of SendNotifyMessage 7 IoCs
Processes:
vlc.exepid process 4320 vlc.exe 4320 vlc.exe 4320 vlc.exe 4320 vlc.exe 4320 vlc.exe 4320 vlc.exe 4320 vlc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
vlc.exepid process 4320 vlc.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe"C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:4272
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\MovePing.mp4"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4320
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4320-5-0x00007FF6BD890000-0x00007FF6BD988000-memory.dmpFilesize
992KB
-
memory/4320-6-0x00007FFE9C6C0000-0x00007FFE9C6F4000-memory.dmpFilesize
208KB
-
memory/4320-10-0x00007FFE9C4B0000-0x00007FFE9C4C1000-memory.dmpFilesize
68KB
-
memory/4320-14-0x00007FFE9C3B0000-0x00007FFE9C3C1000-memory.dmpFilesize
68KB
-
memory/4320-13-0x00007FFE9C3D0000-0x00007FFE9C3ED000-memory.dmpFilesize
116KB
-
memory/4320-12-0x00007FFE9C3F0000-0x00007FFE9C401000-memory.dmpFilesize
68KB
-
memory/4320-16-0x00007FFE9C360000-0x00007FFE9C3A1000-memory.dmpFilesize
260KB
-
memory/4320-15-0x00007FFE8A4E0000-0x00007FFE8A6EB000-memory.dmpFilesize
2.0MB
-
memory/4320-11-0x00007FFE9C490000-0x00007FFE9C4A7000-memory.dmpFilesize
92KB
-
memory/4320-9-0x00007FFE9D380000-0x00007FFE9D397000-memory.dmpFilesize
92KB
-
memory/4320-8-0x00007FFEA00A0000-0x00007FFEA00B8000-memory.dmpFilesize
96KB
-
memory/4320-7-0x00007FFE8B0E0000-0x00007FFE8B396000-memory.dmpFilesize
2.7MB
-
memory/4320-29-0x00007FFE918D0000-0x00007FFE918E1000-memory.dmpFilesize
68KB
-
memory/4320-33-0x000001D12F460000-0x000001D12F495000-memory.dmpFilesize
212KB
-
memory/4320-32-0x000001D130430000-0x000001D13053E000-memory.dmpFilesize
1.1MB
-
memory/4320-31-0x00007FFE89080000-0x00007FFE890DC000-memory.dmpFilesize
368KB
-
memory/4320-30-0x00007FFE8B480000-0x00007FFE8B4D7000-memory.dmpFilesize
348KB
-
memory/4320-28-0x00007FFE8B4E0000-0x00007FFE8B55C000-memory.dmpFilesize
496KB
-
memory/4320-27-0x00007FFE8BA30000-0x00007FFE8BA97000-memory.dmpFilesize
412KB
-
memory/4320-26-0x00007FFE92820000-0x00007FFE92850000-memory.dmpFilesize
192KB
-
memory/4320-25-0x00007FFE92850000-0x00007FFE92868000-memory.dmpFilesize
96KB
-
memory/4320-24-0x00007FFE92870000-0x00007FFE92881000-memory.dmpFilesize
68KB
-
memory/4320-23-0x00007FFE97290000-0x00007FFE972AB000-memory.dmpFilesize
108KB
-
memory/4320-22-0x00007FFE99BE0000-0x00007FFE99BF1000-memory.dmpFilesize
68KB
-
memory/4320-21-0x00007FFE99C00000-0x00007FFE99C11000-memory.dmpFilesize
68KB
-
memory/4320-20-0x00007FFE99C20000-0x00007FFE99C31000-memory.dmpFilesize
68KB
-
memory/4320-19-0x00007FFE9C100000-0x00007FFE9C118000-memory.dmpFilesize
96KB
-
memory/4320-18-0x00007FFE9C330000-0x00007FFE9C351000-memory.dmpFilesize
132KB
-
memory/4320-17-0x00007FFE89430000-0x00007FFE8A4E0000-memory.dmpFilesize
16.7MB
-
memory/4320-46-0x00007FFE89430000-0x00007FFE8A4E0000-memory.dmpFilesize
16.7MB