Analysis Overview
SHA256
a97b00ee3561353942fab71041e7e48d8b4da2a3ee51523d011541b6c8f45159
Threat Level: Shows suspicious behavior
The file 9375a86ba8682fe.mp3 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Drops desktop.ini file(s)
Enumerates connected drives
Drops file in Windows directory
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-19 08:54
Signatures
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-19 08:54
Reported
2024-06-19 08:55
Platform
debian9-armhf-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-19 08:54
Reported
2024-06-19 08:55
Platform
debian9-mipsel-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-19 08:54
Reported
2024-06-19 08:57
Platform
win10-20240611-en
Max time kernel
129s
Max time network
137s
Command Line
Signatures
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Admin\Videos\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Admin\Music\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| File opened for modification | C:\Users\Public\desktop.ini | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
Enumerates connected drives
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll | \??\c:\windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll | \??\c:\windows\system32\svchost.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\unregmp2.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\unregmp2.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2980 wrote to memory of 3708 | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | C:\Windows\SysWOW64\unregmp2.exe |
| PID 2980 wrote to memory of 3708 | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | C:\Windows\SysWOW64\unregmp2.exe |
| PID 2980 wrote to memory of 3708 | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | C:\Windows\SysWOW64\unregmp2.exe |
| PID 3708 wrote to memory of 4332 | N/A | C:\Windows\SysWOW64\unregmp2.exe | C:\Windows\System32\unregmp2.exe |
| PID 3708 wrote to memory of 4332 | N/A | C:\Windows\SysWOW64\unregmp2.exe | C:\Windows\System32\unregmp2.exe |
Processes
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\9375a86ba8682fe.mp3"
C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
C:\Windows\System32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s upnphost
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d4
Network
| Country | Destination | Domain | Proto |
| US | 199.232.210.172:80 | tcp | |
| US | 199.232.210.172:80 | tcp | |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 98df921f667bf303621c789390ed9f2e |
| SHA1 | d9c82e51534cf1c2eb5a255286de6a09ca364d1a |
| SHA256 | 8b8497d37fa9ddd44e275aa7631d7c7173c384a501d11e73e3d4401513c4bbe3 |
| SHA512 | 58e896295763c2729c5a19986356e7cc7706265bbda5cd9cec98201ec9ce86c4b68a3e388c86aba198870ca4b8ab1a7876f2d8e1fff7437216dd2789b3ed3796 |
C:\Users\Admin\AppData\Local\Temp\wmsetup.log
| MD5 | 7b3f2fea9a840d62c1bd18215a841a16 |
| SHA1 | 7398ba3f8bdc5bac04b4e9cee6db4e920ff65c91 |
| SHA256 | 0df83587cbc16cf9dd5fdd7e5a073dd7d214fdf6e29084130984959ccfb00d40 |
| SHA512 | 3aabe3e031b6ff54fb29f49a2c2f5a64e3276f8bf66ad9a7658bf42be03fb0cb597012bb4d0564ab0893cc5441680de4ad6150a61f3689643d8813565fc84ac4 |
memory/2980-33-0x0000000008440000-0x0000000008450000-memory.dmp
memory/2980-35-0x0000000008440000-0x0000000008450000-memory.dmp
memory/2980-34-0x0000000008440000-0x0000000008450000-memory.dmp
memory/2980-32-0x0000000008440000-0x0000000008450000-memory.dmp
memory/2980-36-0x0000000008440000-0x0000000008450000-memory.dmp
memory/2980-37-0x0000000008440000-0x0000000008450000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | c5d9f411dacbaebef9cede46eb33f42d |
| SHA1 | 871909956a1dde981958ea88813abc333cd2877b |
| SHA256 | b41ae524a0abba72ff43c36f33d7a80cea06d9dfefe88d9ddec85bd875c01a6d |
| SHA512 | 80cbfcf61adc8be359c0ff162d7cb71902d527f268213cd84c33896bd7aa5db8458e5f1464b545a71d0be9dcd5493e1e2d86dc7366d71f8ea134dc8b097e51a2 |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
| MD5 | 6b4cdbd9d2a70feada4390d1cad4cb3f |
| SHA1 | 431defcfb4211237a9a4e7258f70ae13fe839086 |
| SHA256 | f7f9f828968dc5cb2a40ecf66855ab80e6c22a387332856152122eb41abe31db |
| SHA512 | 3674f90ad1ecfb9706ef218e43864ab5f6859be3ad36ddcd34b3f7dc0d607a52d949975b60a8ed856decf7bba4642641fdeef192ef9fdc6477aa8a683e8424ce |
memory/2980-49-0x0000000008E90000-0x0000000008EA0000-memory.dmp
memory/2980-51-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-52-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-53-0x000000000A9F0000-0x000000000AA00000-memory.dmp
memory/2980-54-0x000000000A9F0000-0x000000000AA00000-memory.dmp
memory/2980-56-0x000000000A9F0000-0x000000000AA00000-memory.dmp
memory/2980-55-0x000000000A9F0000-0x000000000AA00000-memory.dmp
memory/2980-59-0x000000000A9F0000-0x000000000AA00000-memory.dmp
memory/2980-58-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-62-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-61-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-60-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-64-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-65-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-66-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-67-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-69-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-68-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-70-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-71-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-72-0x000000000A9F0000-0x000000000AA00000-memory.dmp
memory/2980-73-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-76-0x000000000A9F0000-0x000000000AA00000-memory.dmp
memory/2980-75-0x000000000A9F0000-0x000000000AA00000-memory.dmp
memory/2980-77-0x0000000008E90000-0x0000000008EA0000-memory.dmp
memory/2980-74-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-78-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-80-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-81-0x000000000A9F0000-0x000000000AA00000-memory.dmp
memory/2980-82-0x000000000A9F0000-0x000000000AA00000-memory.dmp
memory/2980-84-0x000000000A9F0000-0x000000000AA00000-memory.dmp
memory/2980-86-0x000000000A9F0000-0x000000000AA00000-memory.dmp
memory/2980-85-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-89-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-88-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-87-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-83-0x000000000A9F0000-0x000000000AA00000-memory.dmp
memory/2980-90-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-91-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-92-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-94-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-95-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-93-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-96-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-97-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-98-0x000000000A9F0000-0x000000000AA00000-memory.dmp
memory/2980-99-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-100-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-101-0x000000000A9F0000-0x000000000AA00000-memory.dmp
memory/2980-102-0x000000000A9F0000-0x000000000AA00000-memory.dmp
memory/2980-103-0x0000000008E90000-0x0000000008EA0000-memory.dmp
memory/2980-105-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-106-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-107-0x000000000A9F0000-0x000000000AA00000-memory.dmp
memory/2980-108-0x000000000A9F0000-0x000000000AA00000-memory.dmp
memory/2980-109-0x000000000A9F0000-0x000000000AA00000-memory.dmp
memory/2980-111-0x000000000A000000-0x000000000A010000-memory.dmp
memory/2980-110-0x000000000A9F0000-0x000000000AA00000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-19 08:54
Reported
2024-06-19 08:57
Platform
win7-20240221-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Windows\system32\SndVol.exe | N/A |
| N/A | N/A | C:\Windows\system32\SndVol.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Windows\system32\SndVol.exe | N/A |
| N/A | N/A | C:\Windows\system32\SndVol.exe | N/A |
| N/A | N/A | C:\Windows\system32\SndVol.exe | N/A |
| N/A | N/A | C:\Windows\system32\SndVol.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Processes
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\9375a86ba8682fe.mp3"
C:\Windows\system32\SndVol.exe
SndVol.exe -f 46466202 14170
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
Network
Files
memory/1584-5-0x000000013FF00000-0x000000013FFF8000-memory.dmp
memory/1584-6-0x000007FEFAF10000-0x000007FEFAF44000-memory.dmp
memory/1584-8-0x000007FEFB6E0000-0x000007FEFB6F8000-memory.dmp
memory/1584-12-0x000007FEF7360000-0x000007FEF7371000-memory.dmp
memory/1584-14-0x000007FEF6AC0000-0x000007FEF6AD1000-memory.dmp
memory/1584-13-0x000007FEF7340000-0x000007FEF735D000-memory.dmp
memory/1584-11-0x000007FEF7380000-0x000007FEF7397000-memory.dmp
memory/1584-7-0x000007FEF61F0000-0x000007FEF64A4000-memory.dmp
memory/1584-10-0x000007FEF8230000-0x000007FEF8241000-memory.dmp
memory/1584-9-0x000007FEFB1F0000-0x000007FEFB207000-memory.dmp
memory/1584-16-0x000007FEF4F40000-0x000007FEF5140000-memory.dmp
memory/1584-18-0x000007FEF6A50000-0x000007FEF6A71000-memory.dmp
memory/1584-19-0x000007FEF6A30000-0x000007FEF6A48000-memory.dmp
memory/1584-20-0x000007FEF6A10000-0x000007FEF6A21000-memory.dmp
memory/1584-21-0x000007FEF69F0000-0x000007FEF6A01000-memory.dmp
memory/1584-17-0x000007FEF6A80000-0x000007FEF6ABF000-memory.dmp
memory/1584-22-0x000007FEF69D0000-0x000007FEF69E1000-memory.dmp
memory/1584-23-0x000007FEF6780000-0x000007FEF679B000-memory.dmp
memory/1584-24-0x000007FEF6760000-0x000007FEF6771000-memory.dmp
memory/1584-25-0x000007FEF6740000-0x000007FEF6758000-memory.dmp
memory/1584-26-0x000007FEF6710000-0x000007FEF6740000-memory.dmp
memory/1584-27-0x000007FEF66A0000-0x000007FEF6707000-memory.dmp
memory/1584-28-0x000007FEF4ED0000-0x000007FEF4F3F000-memory.dmp
memory/1584-29-0x000007FEF6620000-0x000007FEF6631000-memory.dmp
memory/1584-30-0x000007FEF6600000-0x000007FEF6617000-memory.dmp
memory/1584-31-0x000007FEF4EB0000-0x000007FEF4EC1000-memory.dmp
memory/1584-32-0x000007FEF4E50000-0x000007FEF4EA7000-memory.dmp
memory/1584-34-0x000007FEF4E00000-0x000007FEF4E13000-memory.dmp
memory/1584-35-0x000007FEF4DE0000-0x000007FEF4DF1000-memory.dmp
memory/1584-36-0x000007FEF4D10000-0x000007FEF4DD5000-memory.dmp
memory/1584-33-0x000007FEF4E20000-0x000007FEF4E4F000-memory.dmp
memory/1584-37-0x000007FEF3160000-0x000007FEF31B6000-memory.dmp
memory/1584-38-0x000007FEF3130000-0x000007FEF3158000-memory.dmp
memory/1584-39-0x000007FEF2F20000-0x000007FEF2F31000-memory.dmp
memory/1584-40-0x000007FEF2F00000-0x000007FEF2F12000-memory.dmp
memory/1584-46-0x000007FEF2CE0000-0x000007FEF2CF1000-memory.dmp
memory/1584-45-0x000007FEF2D00000-0x000007FEF2D11000-memory.dmp
memory/1584-44-0x000007FEF2D20000-0x000007FEF2D31000-memory.dmp
memory/1584-43-0x000007FEF2D40000-0x000007FEF2D54000-memory.dmp
memory/1584-15-0x000007FEF5140000-0x000007FEF61EB000-memory.dmp
memory/1584-42-0x000007FEF2D60000-0x000007FEF2D73000-memory.dmp
memory/1584-41-0x000007FEF2D80000-0x000007FEF2EFA000-memory.dmp
memory/2888-306-0x00000000006B0000-0x00000000006B1000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-19 08:54
Reported
2024-06-19 08:55
Platform
android-x86-arm-20240611.1-en
Max time network
4s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-19 08:54
Reported
2024-06-19 08:55
Platform
debian9-mipsbe-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-19 08:54
Reported
2024-06-19 08:57
Platform
macos-20240611-en
Max time kernel
132s
Max time network
128s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/9375a86ba8682fe.mp3"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/9375a86ba8682fe.mp3"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/9375a86ba8682fe.mp3]
/bin/zsh
[/bin/zsh -c /Users/run/9375a86ba8682fe.mp3]
/Users/run/9375a86ba8682fe.mp3
[/Users/run/9375a86ba8682fe.mp3]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterBCBF2C69/OneDrive.app]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.42.65.93:443 | tcp | |
| US | 8.8.8.8:53 | api.apple-cloudkit.fe2.apple-dns.net | udp |
| US | 8.8.8.8:53 | h3.apis.apple.map.fastly.net | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-19 08:54
Reported
2024-06-19 08:55
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/9375a86ba8682fe.mp3
[/tmp/9375a86ba8682fe.mp3]