Analysis

  • max time kernel
    147s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 17:31

General

  • Target

    Lossless.Scaling.2.9.rar

  • Size

    1.6MB

  • MD5

    c0d004bb137d3cc7a6085ba0b332e66b

  • SHA1

    1f80983452365c05a00d13247845d17253c4a601

  • SHA256

    2d12142fd2f399a53ebcc2355d73589e05e92307151a1da00055637902e45245

  • SHA512

    1c123dc54b582dcad4a395cd1f1b37ca056fccc781668f420fa831d18b8610dfc75c28ef1e1575416bbb04e1a9a344ea854c1897f558316262ee0f1202b4406c

  • SSDEEP

    24576:W8XjCLN61ARp4tYG5XFmmWX8+UBX8fD89UkYScsAwmfrlLAqSYrjkYbTKAwMXhBz:hXmLN61Az8J5XFbUfD89REs0AFgnxNF

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Lossless.Scaling.2.9.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1960
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Lossless.Scaling.2.9.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2116
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Lossless.Scaling.2.9.rar"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:2864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2864-30-0x000007FEF72A0000-0x000007FEF72D4000-memory.dmp

    Filesize

    208KB

  • memory/2864-29-0x000000013F340000-0x000000013F438000-memory.dmp

    Filesize

    992KB

  • memory/2864-32-0x000007FEFBB90000-0x000007FEFBBA8000-memory.dmp

    Filesize

    96KB

  • memory/2864-33-0x000007FEF7150000-0x000007FEF7167000-memory.dmp

    Filesize

    92KB

  • memory/2864-35-0x000007FEF6B80000-0x000007FEF6B97000-memory.dmp

    Filesize

    92KB

  • memory/2864-34-0x000007FEF7130000-0x000007FEF7141000-memory.dmp

    Filesize

    68KB

  • memory/2864-38-0x000007FEF6B20000-0x000007FEF6B31000-memory.dmp

    Filesize

    68KB

  • memory/2864-37-0x000007FEF6B40000-0x000007FEF6B5D000-memory.dmp

    Filesize

    116KB

  • memory/2864-36-0x000007FEF6B60000-0x000007FEF6B71000-memory.dmp

    Filesize

    68KB

  • memory/2864-31-0x000007FEF6500000-0x000007FEF67B4000-memory.dmp

    Filesize

    2.7MB

  • memory/2864-39-0x000007FEF6300000-0x000007FEF6500000-memory.dmp

    Filesize

    2.0MB

  • memory/2864-41-0x000007FEF6AE0000-0x000007FEF6B1F000-memory.dmp

    Filesize

    252KB

  • memory/2864-44-0x000007FEF6A70000-0x000007FEF6A81000-memory.dmp

    Filesize

    68KB

  • memory/2864-43-0x000007FEF6A90000-0x000007FEF6AA8000-memory.dmp

    Filesize

    96KB

  • memory/2864-47-0x000007FEF6A10000-0x000007FEF6A2B000-memory.dmp

    Filesize

    108KB

  • memory/2864-46-0x000007FEF6A30000-0x000007FEF6A41000-memory.dmp

    Filesize

    68KB

  • memory/2864-45-0x000007FEF6A50000-0x000007FEF6A61000-memory.dmp

    Filesize

    68KB

  • memory/2864-42-0x000007FEF6AB0000-0x000007FEF6AD1000-memory.dmp

    Filesize

    132KB

  • memory/2864-48-0x000007FEF5230000-0x000007FEF5241000-memory.dmp

    Filesize

    68KB

  • memory/2864-49-0x000007FEF5210000-0x000007FEF5228000-memory.dmp

    Filesize

    96KB

  • memory/2864-52-0x000007FEF5100000-0x000007FEF516F000-memory.dmp

    Filesize

    444KB

  • memory/2864-54-0x000007FEF5080000-0x000007FEF50D6000-memory.dmp

    Filesize

    344KB

  • memory/2864-53-0x000007FEF50E0000-0x000007FEF50F1000-memory.dmp

    Filesize

    68KB

  • memory/2864-51-0x000007FEF5170000-0x000007FEF51D7000-memory.dmp

    Filesize

    412KB

  • memory/2864-50-0x000007FEF51E0000-0x000007FEF5210000-memory.dmp

    Filesize

    192KB

  • memory/2864-66-0x000007FEF1CD0000-0x000007FEF1CE6000-memory.dmp

    Filesize

    88KB

  • memory/2864-65-0x000007FEF1CF0000-0x000007FEF1D01000-memory.dmp

    Filesize

    68KB

  • memory/2864-64-0x000007FEF1D10000-0x000007FEF1D3F000-memory.dmp

    Filesize

    188KB

  • memory/2864-63-0x000007FEF7CB0000-0x000007FEF7CC0000-memory.dmp

    Filesize

    64KB

  • memory/2864-62-0x000007FEF42B0000-0x000007FEF42C1000-memory.dmp

    Filesize

    68KB

  • memory/2864-61-0x000007FEF4400000-0x000007FEF4411000-memory.dmp

    Filesize

    68KB

  • memory/2864-60-0x000007FEF4F90000-0x000007FEF4FA2000-memory.dmp

    Filesize

    72KB

  • memory/2864-59-0x000007FEF4FB0000-0x000007FEF4FC1000-memory.dmp

    Filesize

    68KB

  • memory/2864-67-0x000007FEF03D0000-0x000007FEF0495000-memory.dmp

    Filesize

    788KB

  • memory/2864-58-0x000007FEF4FD0000-0x000007FEF4FF3000-memory.dmp

    Filesize

    140KB

  • memory/2864-57-0x000007FEF5000000-0x000007FEF5017000-memory.dmp

    Filesize

    92KB

  • memory/2864-56-0x000007FEF5020000-0x000007FEF5044000-memory.dmp

    Filesize

    144KB

  • memory/2864-55-0x000007FEF5050000-0x000007FEF5078000-memory.dmp

    Filesize

    160KB

  • memory/2864-40-0x000007FEF5250000-0x000007FEF62FB000-memory.dmp

    Filesize

    16.7MB

  • memory/2864-68-0x000007FEF1C50000-0x000007FEF1CC5000-memory.dmp

    Filesize

    468KB

  • memory/2864-69-0x000007FEF0360000-0x000007FEF03C2000-memory.dmp

    Filesize

    392KB

  • memory/2864-70-0x000007FEF02F0000-0x000007FEF035D000-memory.dmp

    Filesize

    436KB