Analysis Overview
SHA256
af86dc3f76d39b67b967a3b714e9e70ed43eec8d3871e9691cb45d84372b53fb
Threat Level: Known bad
The file LastActivityView.exe was found to be: Known bad.
Malicious Activity Summary
Nirsoft
Checks installed software on the system
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:13
Signatures
Nirsoft
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:13
Reported
2024-06-13 13:14
Platform
win11-20240611-en
Max time kernel
41s
Command Line
Signatures
Checks installed software on the system
Enumerates physical storage devices
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe
"C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\MovePing.mp4"
Network
Files
memory/4320-5-0x00007FF6BD890000-0x00007FF6BD988000-memory.dmp
memory/4320-6-0x00007FFE9C6C0000-0x00007FFE9C6F4000-memory.dmp
memory/4320-10-0x00007FFE9C4B0000-0x00007FFE9C4C1000-memory.dmp
memory/4320-14-0x00007FFE9C3B0000-0x00007FFE9C3C1000-memory.dmp
memory/4320-13-0x00007FFE9C3D0000-0x00007FFE9C3ED000-memory.dmp
memory/4320-12-0x00007FFE9C3F0000-0x00007FFE9C401000-memory.dmp
memory/4320-16-0x00007FFE9C360000-0x00007FFE9C3A1000-memory.dmp
memory/4320-15-0x00007FFE8A4E0000-0x00007FFE8A6EB000-memory.dmp
memory/4320-11-0x00007FFE9C490000-0x00007FFE9C4A7000-memory.dmp
memory/4320-9-0x00007FFE9D380000-0x00007FFE9D397000-memory.dmp
memory/4320-8-0x00007FFEA00A0000-0x00007FFEA00B8000-memory.dmp
memory/4320-7-0x00007FFE8B0E0000-0x00007FFE8B396000-memory.dmp
memory/4320-29-0x00007FFE918D0000-0x00007FFE918E1000-memory.dmp
memory/4320-33-0x000001D12F460000-0x000001D12F495000-memory.dmp
memory/4320-32-0x000001D130430000-0x000001D13053E000-memory.dmp
memory/4320-31-0x00007FFE89080000-0x00007FFE890DC000-memory.dmp
memory/4320-30-0x00007FFE8B480000-0x00007FFE8B4D7000-memory.dmp
memory/4320-28-0x00007FFE8B4E0000-0x00007FFE8B55C000-memory.dmp
memory/4320-27-0x00007FFE8BA30000-0x00007FFE8BA97000-memory.dmp
memory/4320-26-0x00007FFE92820000-0x00007FFE92850000-memory.dmp
memory/4320-25-0x00007FFE92850000-0x00007FFE92868000-memory.dmp
memory/4320-24-0x00007FFE92870000-0x00007FFE92881000-memory.dmp
memory/4320-23-0x00007FFE97290000-0x00007FFE972AB000-memory.dmp
memory/4320-22-0x00007FFE99BE0000-0x00007FFE99BF1000-memory.dmp
memory/4320-21-0x00007FFE99C00000-0x00007FFE99C11000-memory.dmp
memory/4320-20-0x00007FFE99C20000-0x00007FFE99C31000-memory.dmp
memory/4320-19-0x00007FFE9C100000-0x00007FFE9C118000-memory.dmp
memory/4320-18-0x00007FFE9C330000-0x00007FFE9C351000-memory.dmp
memory/4320-17-0x00007FFE89430000-0x00007FFE8A4E0000-memory.dmp
memory/4320-46-0x00007FFE89430000-0x00007FFE8A4E0000-memory.dmp