1b68640aa8fd10bd30af2f5a3e0a2a04bc203300fabbbc2401473c07be264632

Analysis

max time kernel
614s
max time network
1613s
platform
windows10-1703_x64
resource
win10-20240404-es
resource tags

arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
20-06-2024 08:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$INSTDIR$_8_/Data/amp_models/Marshall JCM800 - Marshall Stock 70.wav
Size

4KB
MD5

f1cbfea4f4678704d895dc78cb24213a
SHA1

78515d6cd7d6911c40d4b7565a30121596c43a79
SHA256

48dcc27ee229502ec34ef863b8a867bb180156efccff2e2819260475a6f990c0
SHA512

e2196c00a1c49ad2a85b459f1139d9c7545f39ba6592e3d66e894200e33be6f2d4beafd62e2f0aa9ee1bd684f94d120623cd637394a52b405a2c8a5b3c090a29
SSDEEP

24:sfsx8+mvAQzAXBd1Z7k5GzkZ819paoI5wbRy2:xjqAQ831bc8uuNf

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
504	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
504	vlc.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	3008	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3008	AUDIODG.EXE
Token: 33	504	vlc.exe
Token: SeIncBasePriorityPrivilege	504	vlc.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
504	vlc.exe
504	vlc.exe
504	vlc.exe
504	vlc.exe
504	vlc.exe
504	vlc.exe
504	vlc.exe
504	vlc.exe
504	vlc.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
504	vlc.exe
504	vlc.exe
504	vlc.exe
504	vlc.exe
504	vlc.exe
504	vlc.exe
504	vlc.exe
504	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
504	vlc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\$INSTDIR$_8_\Data\amp_models\Marshall JCM800 - Marshall Stock 70.wav"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:504

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/504-8-0x00007FFC345F0000-0x00007FFC34624000-memory.dmp

Filesize
208KB

Download
memory/504-7-0x00007FF693A30000-0x00007FF693B28000-memory.dmp

Filesize
992KB

Download
memory/504-16-0x00007FFC31C50000-0x00007FFC31C61000-memory.dmp

Filesize
68KB

Download
memory/504-15-0x00007FFC32010000-0x00007FFC3202D000-memory.dmp

Filesize
116KB

Download
memory/504-14-0x00007FFC32030000-0x00007FFC32041000-memory.dmp

Filesize
68KB

Download
memory/504-13-0x00007FFC32050000-0x00007FFC32067000-memory.dmp

Filesize
92KB

Download
memory/504-12-0x00007FFC34560000-0x00007FFC34571000-memory.dmp

Filesize
68KB

Download
memory/504-11-0x00007FFC345D0000-0x00007FFC345E7000-memory.dmp

Filesize
92KB

Download
memory/504-10-0x00007FFC34E40000-0x00007FFC34E58000-memory.dmp

Filesize
96KB

Download
memory/504-9-0x00007FFC312D0000-0x00007FFC31586000-memory.dmp

Filesize
2.7MB

Download
memory/504-17-0x00007FFC22260000-0x00007FFC2246B000-memory.dmp

Filesize
2.0MB

Download
memory/504-25-0x00007FFC310E0000-0x00007FFC310FB000-memory.dmp

Filesize
108KB

Download
memory/504-24-0x00007FFC31100000-0x00007FFC31111000-memory.dmp

Filesize
68KB

Download
memory/504-23-0x00007FFC31B70000-0x00007FFC31B81000-memory.dmp

Filesize
68KB

Download
memory/504-22-0x00007FFC31B90000-0x00007FFC31BA1000-memory.dmp

Filesize
68KB

Download
memory/504-21-0x00007FFC31BB0000-0x00007FFC31BC8000-memory.dmp

Filesize
96KB

Download
memory/504-20-0x00007FFC31BD0000-0x00007FFC31BF1000-memory.dmp

Filesize
132KB

Download
memory/504-19-0x00007FFC31C00000-0x00007FFC31C41000-memory.dmp

Filesize
260KB

Download
memory/504-18-0x00007FFC211B0000-0x00007FFC22260000-memory.dmp

Filesize
16.7MB

Download
memory/504-56-0x00007FFC211B0000-0x00007FFC22260000-memory.dmp

Filesize
16.7MB

Download