Malware Analysis Report

2024-10-16 06:44

Sample ID 240619-kt5kmsxenc
Target 9375a86ba8682fe.mp3
SHA256 a97b00ee3561353942fab71041e7e48d8b4da2a3ee51523d011541b6c8f45159
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

a97b00ee3561353942fab71041e7e48d8b4da2a3ee51523d011541b6c8f45159

Threat Level: Shows suspicious behavior

The file 9375a86ba8682fe.mp3 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Drops desktop.ini file(s)

Enumerates connected drives

Drops file in Windows directory

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-19 08:54

Signatures

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-19 08:54

Reported

2024-06-19 08:55

Platform

debian9-armhf-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-19 08:54

Reported

2024-06-19 08:55

Platform

debian9-mipsel-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-19 08:54

Reported

2024-06-19 08:57

Platform

win10-20240611-en

Max time kernel

129s

Max time network

137s

Command Line

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\9375a86ba8682fe.mp3"

Signatures

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Public\Music\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\H: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\R: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\Q: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\T: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\K: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\Y: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\N: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\M: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\U: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\unregmp2.exe N/A
File opened (read-only) \??\B: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\I: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
File opened (read-only) \??\Z: C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll \??\c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll \??\c:\windows\system32\svchost.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\unregmp2.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\unregmp2.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Windows Media Player\wmplayer.exe N/A

Processes

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\9375a86ba8682fe.mp3"

C:\Windows\SysWOW64\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon

C:\Windows\System32\unregmp2.exe

"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s upnphost

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3d4

Network

Country Destination Domain Proto
US 199.232.210.172:80 tcp
US 199.232.210.172:80 tcp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 98df921f667bf303621c789390ed9f2e
SHA1 d9c82e51534cf1c2eb5a255286de6a09ca364d1a
SHA256 8b8497d37fa9ddd44e275aa7631d7c7173c384a501d11e73e3d4401513c4bbe3
SHA512 58e896295763c2729c5a19986356e7cc7706265bbda5cd9cec98201ec9ce86c4b68a3e388c86aba198870ca4b8ab1a7876f2d8e1fff7437216dd2789b3ed3796

C:\Users\Admin\AppData\Local\Temp\wmsetup.log

MD5 7b3f2fea9a840d62c1bd18215a841a16
SHA1 7398ba3f8bdc5bac04b4e9cee6db4e920ff65c91
SHA256 0df83587cbc16cf9dd5fdd7e5a073dd7d214fdf6e29084130984959ccfb00d40
SHA512 3aabe3e031b6ff54fb29f49a2c2f5a64e3276f8bf66ad9a7658bf42be03fb0cb597012bb4d0564ab0893cc5441680de4ad6150a61f3689643d8813565fc84ac4

memory/2980-33-0x0000000008440000-0x0000000008450000-memory.dmp

memory/2980-35-0x0000000008440000-0x0000000008450000-memory.dmp

memory/2980-34-0x0000000008440000-0x0000000008450000-memory.dmp

memory/2980-32-0x0000000008440000-0x0000000008450000-memory.dmp

memory/2980-36-0x0000000008440000-0x0000000008450000-memory.dmp

memory/2980-37-0x0000000008440000-0x0000000008450000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 c5d9f411dacbaebef9cede46eb33f42d
SHA1 871909956a1dde981958ea88813abc333cd2877b
SHA256 b41ae524a0abba72ff43c36f33d7a80cea06d9dfefe88d9ddec85bd875c01a6d
SHA512 80cbfcf61adc8be359c0ff162d7cb71902d527f268213cd84c33896bd7aa5db8458e5f1464b545a71d0be9dcd5493e1e2d86dc7366d71f8ea134dc8b097e51a2

C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb

MD5 6b4cdbd9d2a70feada4390d1cad4cb3f
SHA1 431defcfb4211237a9a4e7258f70ae13fe839086
SHA256 f7f9f828968dc5cb2a40ecf66855ab80e6c22a387332856152122eb41abe31db
SHA512 3674f90ad1ecfb9706ef218e43864ab5f6859be3ad36ddcd34b3f7dc0d607a52d949975b60a8ed856decf7bba4642641fdeef192ef9fdc6477aa8a683e8424ce

memory/2980-49-0x0000000008E90000-0x0000000008EA0000-memory.dmp

memory/2980-51-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-52-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-53-0x000000000A9F0000-0x000000000AA00000-memory.dmp

memory/2980-54-0x000000000A9F0000-0x000000000AA00000-memory.dmp

memory/2980-56-0x000000000A9F0000-0x000000000AA00000-memory.dmp

memory/2980-55-0x000000000A9F0000-0x000000000AA00000-memory.dmp

memory/2980-59-0x000000000A9F0000-0x000000000AA00000-memory.dmp

memory/2980-58-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-62-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-61-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-60-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-64-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-65-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-66-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-67-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-69-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-68-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-70-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-71-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-72-0x000000000A9F0000-0x000000000AA00000-memory.dmp

memory/2980-73-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-76-0x000000000A9F0000-0x000000000AA00000-memory.dmp

memory/2980-75-0x000000000A9F0000-0x000000000AA00000-memory.dmp

memory/2980-77-0x0000000008E90000-0x0000000008EA0000-memory.dmp

memory/2980-74-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-78-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-80-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-81-0x000000000A9F0000-0x000000000AA00000-memory.dmp

memory/2980-82-0x000000000A9F0000-0x000000000AA00000-memory.dmp

memory/2980-84-0x000000000A9F0000-0x000000000AA00000-memory.dmp

memory/2980-86-0x000000000A9F0000-0x000000000AA00000-memory.dmp

memory/2980-85-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-89-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-88-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-87-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-83-0x000000000A9F0000-0x000000000AA00000-memory.dmp

memory/2980-90-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-91-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-92-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-94-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-95-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-93-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-96-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-97-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-98-0x000000000A9F0000-0x000000000AA00000-memory.dmp

memory/2980-99-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-100-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-101-0x000000000A9F0000-0x000000000AA00000-memory.dmp

memory/2980-102-0x000000000A9F0000-0x000000000AA00000-memory.dmp

memory/2980-103-0x0000000008E90000-0x0000000008EA0000-memory.dmp

memory/2980-105-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-106-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-107-0x000000000A9F0000-0x000000000AA00000-memory.dmp

memory/2980-108-0x000000000A9F0000-0x000000000AA00000-memory.dmp

memory/2980-109-0x000000000A9F0000-0x000000000AA00000-memory.dmp

memory/2980-111-0x000000000A000000-0x000000000A010000-memory.dmp

memory/2980-110-0x000000000A9F0000-0x000000000AA00000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-19 08:54

Reported

2024-06-19 08:57

Platform

win7-20240221-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\9375a86ba8682fe.mp3"

Signatures

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Processes

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\9375a86ba8682fe.mp3"

C:\Windows\system32\SndVol.exe

SndVol.exe -f 46466202 14170

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

Network

N/A

Files

memory/1584-5-0x000000013FF00000-0x000000013FFF8000-memory.dmp

memory/1584-6-0x000007FEFAF10000-0x000007FEFAF44000-memory.dmp

memory/1584-8-0x000007FEFB6E0000-0x000007FEFB6F8000-memory.dmp

memory/1584-12-0x000007FEF7360000-0x000007FEF7371000-memory.dmp

memory/1584-14-0x000007FEF6AC0000-0x000007FEF6AD1000-memory.dmp

memory/1584-13-0x000007FEF7340000-0x000007FEF735D000-memory.dmp

memory/1584-11-0x000007FEF7380000-0x000007FEF7397000-memory.dmp

memory/1584-7-0x000007FEF61F0000-0x000007FEF64A4000-memory.dmp

memory/1584-10-0x000007FEF8230000-0x000007FEF8241000-memory.dmp

memory/1584-9-0x000007FEFB1F0000-0x000007FEFB207000-memory.dmp

memory/1584-16-0x000007FEF4F40000-0x000007FEF5140000-memory.dmp

memory/1584-18-0x000007FEF6A50000-0x000007FEF6A71000-memory.dmp

memory/1584-19-0x000007FEF6A30000-0x000007FEF6A48000-memory.dmp

memory/1584-20-0x000007FEF6A10000-0x000007FEF6A21000-memory.dmp

memory/1584-21-0x000007FEF69F0000-0x000007FEF6A01000-memory.dmp

memory/1584-17-0x000007FEF6A80000-0x000007FEF6ABF000-memory.dmp

memory/1584-22-0x000007FEF69D0000-0x000007FEF69E1000-memory.dmp

memory/1584-23-0x000007FEF6780000-0x000007FEF679B000-memory.dmp

memory/1584-24-0x000007FEF6760000-0x000007FEF6771000-memory.dmp

memory/1584-25-0x000007FEF6740000-0x000007FEF6758000-memory.dmp

memory/1584-26-0x000007FEF6710000-0x000007FEF6740000-memory.dmp

memory/1584-27-0x000007FEF66A0000-0x000007FEF6707000-memory.dmp

memory/1584-28-0x000007FEF4ED0000-0x000007FEF4F3F000-memory.dmp

memory/1584-29-0x000007FEF6620000-0x000007FEF6631000-memory.dmp

memory/1584-30-0x000007FEF6600000-0x000007FEF6617000-memory.dmp

memory/1584-31-0x000007FEF4EB0000-0x000007FEF4EC1000-memory.dmp

memory/1584-32-0x000007FEF4E50000-0x000007FEF4EA7000-memory.dmp

memory/1584-34-0x000007FEF4E00000-0x000007FEF4E13000-memory.dmp

memory/1584-35-0x000007FEF4DE0000-0x000007FEF4DF1000-memory.dmp

memory/1584-36-0x000007FEF4D10000-0x000007FEF4DD5000-memory.dmp

memory/1584-33-0x000007FEF4E20000-0x000007FEF4E4F000-memory.dmp

memory/1584-37-0x000007FEF3160000-0x000007FEF31B6000-memory.dmp

memory/1584-38-0x000007FEF3130000-0x000007FEF3158000-memory.dmp

memory/1584-39-0x000007FEF2F20000-0x000007FEF2F31000-memory.dmp

memory/1584-40-0x000007FEF2F00000-0x000007FEF2F12000-memory.dmp

memory/1584-46-0x000007FEF2CE0000-0x000007FEF2CF1000-memory.dmp

memory/1584-45-0x000007FEF2D00000-0x000007FEF2D11000-memory.dmp

memory/1584-44-0x000007FEF2D20000-0x000007FEF2D31000-memory.dmp

memory/1584-43-0x000007FEF2D40000-0x000007FEF2D54000-memory.dmp

memory/1584-15-0x000007FEF5140000-0x000007FEF61EB000-memory.dmp

memory/1584-42-0x000007FEF2D60000-0x000007FEF2D73000-memory.dmp

memory/1584-41-0x000007FEF2D80000-0x000007FEF2EFA000-memory.dmp

memory/2888-306-0x00000000006B0000-0x00000000006B1000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-19 08:54

Reported

2024-06-19 08:55

Platform

android-x86-arm-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-19 08:54

Reported

2024-06-19 08:55

Platform

debian9-mipsbe-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-19 08:54

Reported

2024-06-19 08:57

Platform

macos-20240611-en

Max time kernel

132s

Max time network

128s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/9375a86ba8682fe.mp3"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/9375a86ba8682fe.mp3"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/9375a86ba8682fe.mp3"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/9375a86ba8682fe.mp3]

/bin/zsh

[/bin/zsh -c /Users/run/9375a86ba8682fe.mp3]

/Users/run/9375a86ba8682fe.mp3

[/Users/run/9375a86ba8682fe.mp3]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterBCBF2C69/OneDrive.app]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

Network

Country Destination Domain Proto
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.42.65.93:443 tcp
US 8.8.8.8:53 api.apple-cloudkit.fe2.apple-dns.net udp
US 8.8.8.8:53 h3.apis.apple.map.fastly.net udp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-19 08:54

Reported

2024-06-19 08:55

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Command Line

[/tmp/9375a86ba8682fe.mp3]

Signatures

N/A

Processes

/tmp/9375a86ba8682fe.mp3

[/tmp/9375a86ba8682fe.mp3]

Network

N/A

Files

N/A