Analysis
-
max time kernel
23s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
17-06-2024 16:59
Behavioral task
behavioral1
Sample
SploitXE_BEta.rar
Resource
win7-20240508-en
8 signatures
150 seconds
General
-
Target
SploitXE_BEta.rar
-
Size
3.3MB
-
MD5
68f23738f5bf5e2612eb02d5e1526b8a
-
SHA1
f59898686617dab7a596f5c452e4a38d90b90449
-
SHA256
e9c4cdb578c440ae2f25590d9ad7b155ae309d4f0cdc67c1f9528e070b30fac9
-
SHA512
3897abe5798c11bbe8ca45c59c1a73d055313bc41b42ef7feba9a504f01d7fa155d4a7b26193c51cbb1ccc245305ad71f7c900dbee15316261d09f997119bcb2
-
SSDEEP
98304:oEc3CcFLpIlSZfA9l0N4MRpJ7BwsE60b81jvO:+lVugOlCRpJ7BwsEGZm
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
rundll32.exerundll32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
vlc.exepid process 1596 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
vlc.exepid process 1596 vlc.exe -
Suspicious use of FindShellTrayWindow 9 IoCs
Processes:
vlc.exepid process 1596 vlc.exe 1596 vlc.exe 1596 vlc.exe 1596 vlc.exe 1596 vlc.exe 1596 vlc.exe 1596 vlc.exe 1596 vlc.exe 1596 vlc.exe -
Suspicious use of SendNotifyMessage 8 IoCs
Processes:
vlc.exepid process 1596 vlc.exe 1596 vlc.exe 1596 vlc.exe 1596 vlc.exe 1596 vlc.exe 1596 vlc.exe 1596 vlc.exe 1596 vlc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
vlc.exepid process 1596 vlc.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
cmd.exerundll32.exerundll32.exedescription pid process target process PID 2068 wrote to memory of 2676 2068 cmd.exe rundll32.exe PID 2068 wrote to memory of 2676 2068 cmd.exe rundll32.exe PID 2068 wrote to memory of 2676 2068 cmd.exe rundll32.exe PID 2676 wrote to memory of 2740 2676 rundll32.exe rundll32.exe PID 2676 wrote to memory of 2740 2676 rundll32.exe rundll32.exe PID 2676 wrote to memory of 2740 2676 rundll32.exe rundll32.exe PID 2740 wrote to memory of 1596 2740 rundll32.exe vlc.exe PID 2740 wrote to memory of 1596 2740 rundll32.exe vlc.exe PID 2740 wrote to memory of 1596 2740 rundll32.exe vlc.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\SploitXE_BEta.rar1⤵
- Suspicious use of WriteProcessMemory
PID:2068 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\SploitXE_BEta.rar2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2676 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\SploitXE_BEta.rar3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2740 -
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\SploitXE_BEta.rar"4⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1596