Overview
overview
6Static
static
19375a86ba8682fe.mp3
windows10-1703-x64
69375a86ba8682fe.mp3
windows7-x64
19375a86ba8682fe.mp3
android-9-x86
9375a86ba8682fe.mp3
macos-10.15-amd64
19375a86ba8682fe.mp3
ubuntu-18.04-amd64
9375a86ba8682fe.mp3
debian-9-armhf
9375a86ba8682fe.mp3
debian-9-mips
9375a86ba8682fe.mp3
debian-9-mipsel
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
19-06-2024 08:54
Static task
static1
Behavioral task
behavioral1
Sample
9375a86ba8682fe.mp3
Resource
win10-20240611-en
Behavioral task
behavioral2
Sample
9375a86ba8682fe.mp3
Resource
win7-20240221-en
Behavioral task
behavioral3
Sample
9375a86ba8682fe.mp3
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral4
Sample
9375a86ba8682fe.mp3
Resource
macos-20240611-en
Behavioral task
behavioral5
Sample
9375a86ba8682fe.mp3
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral6
Sample
9375a86ba8682fe.mp3
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral7
Sample
9375a86ba8682fe.mp3
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral8
Sample
9375a86ba8682fe.mp3
Resource
debian9-mipsel-20240418-en
General
-
Target
9375a86ba8682fe.mp3
-
Size
500KB
-
MD5
d5aa6db98c337e30c4c56ff3154d504d
-
SHA1
eb8195a092370e5010a4e1703b0ba142c1e4d16c
-
SHA256
a97b00ee3561353942fab71041e7e48d8b4da2a3ee51523d011541b6c8f45159
-
SHA512
4a9c47214c1f74c7137f206c646f435228fc0480ec2aa687f9c9e17898f1ae0c834190a28d5f2e90c742b1d39d109275b25ae6e51c62414aef7d354123fad04c
-
SSDEEP
12288:i8IRLEXuGx5k9ZwtCbobJVzpvy3JcpCMxjgUs1X6p2puGJ+:dIhyuctYoNVNv5CCnyqpAJ+
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
vlc.exepid process 1584 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
vlc.exepid process 1584 vlc.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
vlc.exedescription pid process Token: 33 1584 vlc.exe Token: SeIncBasePriorityPrivilege 1584 vlc.exe -
Suspicious use of FindShellTrayWindow 18 IoCs
Processes:
vlc.exeSndVol.exepid process 1584 vlc.exe 1584 vlc.exe 1584 vlc.exe 1584 vlc.exe 1584 vlc.exe 1584 vlc.exe 1584 vlc.exe 1584 vlc.exe 1584 vlc.exe 1584 vlc.exe 1584 vlc.exe 1584 vlc.exe 2888 SndVol.exe 2888 SndVol.exe 1584 vlc.exe 1584 vlc.exe 1584 vlc.exe 1584 vlc.exe -
Suspicious use of SendNotifyMessage 19 IoCs
Processes:
vlc.exeSndVol.exepid process 1584 vlc.exe 1584 vlc.exe 1584 vlc.exe 1584 vlc.exe 1584 vlc.exe 1584 vlc.exe 1584 vlc.exe 1584 vlc.exe 1584 vlc.exe 1584 vlc.exe 1584 vlc.exe 2888 SndVol.exe 2888 SndVol.exe 2888 SndVol.exe 2888 SndVol.exe 1584 vlc.exe 1584 vlc.exe 1584 vlc.exe 1584 vlc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
vlc.exepid process 1584 vlc.exe
Processes
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\9375a86ba8682fe.mp3"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1584
-
C:\Windows\system32\SndVol.exeSndVol.exe -f 46466202 141701⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2888
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵PID:2352