Malware Analysis Report

2024-10-10 12:07

Sample ID 240613-qghs1avaln
Target LastActivityView.exe
SHA256 af86dc3f76d39b67b967a3b714e9e70ed43eec8d3871e9691cb45d84372b53fb
Tags
discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

af86dc3f76d39b67b967a3b714e9e70ed43eec8d3871e9691cb45d84372b53fb

Threat Level: Known bad

The file LastActivityView.exe was found to be: Known bad.

Malicious Activity Summary

discovery

Nirsoft

Checks installed software on the system

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:13

Signatures

Nirsoft

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:13

Reported

2024-06-13 13:14

Platform

win11-20240611-en

Max time kernel

41s

Command Line

"C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe"

Signatures

Checks installed software on the system

discovery

Enumerates physical storage devices

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe

"C:\Users\Admin\AppData\Local\Temp\LastActivityView.exe"

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\MovePing.mp4"

Network

N/A

Files

memory/4320-5-0x00007FF6BD890000-0x00007FF6BD988000-memory.dmp

memory/4320-6-0x00007FFE9C6C0000-0x00007FFE9C6F4000-memory.dmp

memory/4320-10-0x00007FFE9C4B0000-0x00007FFE9C4C1000-memory.dmp

memory/4320-14-0x00007FFE9C3B0000-0x00007FFE9C3C1000-memory.dmp

memory/4320-13-0x00007FFE9C3D0000-0x00007FFE9C3ED000-memory.dmp

memory/4320-12-0x00007FFE9C3F0000-0x00007FFE9C401000-memory.dmp

memory/4320-16-0x00007FFE9C360000-0x00007FFE9C3A1000-memory.dmp

memory/4320-15-0x00007FFE8A4E0000-0x00007FFE8A6EB000-memory.dmp

memory/4320-11-0x00007FFE9C490000-0x00007FFE9C4A7000-memory.dmp

memory/4320-9-0x00007FFE9D380000-0x00007FFE9D397000-memory.dmp

memory/4320-8-0x00007FFEA00A0000-0x00007FFEA00B8000-memory.dmp

memory/4320-7-0x00007FFE8B0E0000-0x00007FFE8B396000-memory.dmp

memory/4320-29-0x00007FFE918D0000-0x00007FFE918E1000-memory.dmp

memory/4320-33-0x000001D12F460000-0x000001D12F495000-memory.dmp

memory/4320-32-0x000001D130430000-0x000001D13053E000-memory.dmp

memory/4320-31-0x00007FFE89080000-0x00007FFE890DC000-memory.dmp

memory/4320-30-0x00007FFE8B480000-0x00007FFE8B4D7000-memory.dmp

memory/4320-28-0x00007FFE8B4E0000-0x00007FFE8B55C000-memory.dmp

memory/4320-27-0x00007FFE8BA30000-0x00007FFE8BA97000-memory.dmp

memory/4320-26-0x00007FFE92820000-0x00007FFE92850000-memory.dmp

memory/4320-25-0x00007FFE92850000-0x00007FFE92868000-memory.dmp

memory/4320-24-0x00007FFE92870000-0x00007FFE92881000-memory.dmp

memory/4320-23-0x00007FFE97290000-0x00007FFE972AB000-memory.dmp

memory/4320-22-0x00007FFE99BE0000-0x00007FFE99BF1000-memory.dmp

memory/4320-21-0x00007FFE99C00000-0x00007FFE99C11000-memory.dmp

memory/4320-20-0x00007FFE99C20000-0x00007FFE99C31000-memory.dmp

memory/4320-19-0x00007FFE9C100000-0x00007FFE9C118000-memory.dmp

memory/4320-18-0x00007FFE9C330000-0x00007FFE9C351000-memory.dmp

memory/4320-17-0x00007FFE89430000-0x00007FFE8A4E0000-memory.dmp

memory/4320-46-0x00007FFE89430000-0x00007FFE8A4E0000-memory.dmp