1b68640aa8fd10bd30af2f5a3e0a2a04bc203300fabbbc2401473c07be264632

Analysis

max time kernel
1790s
max time network
1614s
platform
windows10-1703_x64
resource
win10-20240404-es
resource tags

arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
20-06-2024 08:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$INSTDIR$_8_/Data/amp_models/Marshall JCM800 - Matchless Chieftain.wav
Size

4KB
MD5

0dc1cdc06ecfdfa025de8c1bcf8c3003
SHA1

45a1a445aeebf56d9c45d4094532ab7954dd8fd2
SHA256

273250faa8df43799e9ba549544b8c4005bea371e4d6df537f1f9d97076a8636
SHA512

2a1ccbdbad13b362cf0adf1365b260e330f8e211a6a93a00ffd1a83c7c9f337ca9f4ada6f392999606ec8940df3ee8fc8c5738765c4d1a98d784cc8229a8f0b2
SSDEEP

12:WuoDZYKhN7W6xMWJqG8qKPfs6WzVJd/740BskczM+617Dy9kmzpr52kl+:qFYKD7LxMWJqGMWzu0L6ExDyVzpMs+

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2780	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2780	vlc.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	4304	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4304	AUDIODG.EXE
Token: 33	2780	vlc.exe
Token: SeIncBasePriorityPrivilege	2780	vlc.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
2780	vlc.exe
2780	vlc.exe
2780	vlc.exe
2780	vlc.exe
2780	vlc.exe
2780	vlc.exe
2780	vlc.exe
2780	vlc.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
2780	vlc.exe
2780	vlc.exe
2780	vlc.exe
2780	vlc.exe
2780	vlc.exe
2780	vlc.exe
2780	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2780	vlc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\$INSTDIR$_8_\Data\amp_models\Marshall JCM800 - Matchless Chieftain.wav"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2780-8-0x00007FF9B0C50000-0x00007FF9B0C84000-memory.dmp

Filesize
208KB

Download
memory/2780-7-0x00007FF664BC0000-0x00007FF664CB8000-memory.dmp

Filesize
992KB

Download
memory/2780-10-0x00007FF9B10F0000-0x00007FF9B1108000-memory.dmp

Filesize
96KB

Download
memory/2780-16-0x00007FF9AE1A0000-0x00007FF9AE1B1000-memory.dmp

Filesize
68KB

Download
memory/2780-15-0x00007FF9AE1C0000-0x00007FF9AE1DD000-memory.dmp

Filesize
116KB

Download
memory/2780-11-0x00007FF9B0780000-0x00007FF9B0797000-memory.dmp

Filesize
92KB

Download
memory/2780-14-0x00007FF9B0630000-0x00007FF9B0641000-memory.dmp

Filesize
68KB

Download
memory/2780-13-0x00007FF9B0740000-0x00007FF9B0757000-memory.dmp

Filesize
92KB

Download
memory/2780-12-0x00007FF9B0760000-0x00007FF9B0771000-memory.dmp

Filesize
68KB

Download
memory/2780-9-0x00007FF99E330000-0x00007FF99E5E6000-memory.dmp

Filesize
2.7MB

Download
memory/2780-17-0x00007FF9AD160000-0x00007FF9AD36B000-memory.dmp

Filesize
2.0MB

Download
memory/2780-25-0x00007FF9ADD00000-0x00007FF9ADD1B000-memory.dmp

Filesize
108KB

Download
memory/2780-24-0x00007FF9ADF00000-0x00007FF9ADF11000-memory.dmp

Filesize
68KB

Download
memory/2780-23-0x00007FF9ADF20000-0x00007FF9ADF31000-memory.dmp

Filesize
68KB

Download
memory/2780-22-0x00007FF9ADF70000-0x00007FF9ADF81000-memory.dmp

Filesize
68KB

Download
memory/2780-21-0x00007FF9AE180000-0x00007FF9AE198000-memory.dmp

Filesize
96KB

Download
memory/2780-20-0x00007FF9ADF90000-0x00007FF9ADFB1000-memory.dmp

Filesize
132KB

Download
memory/2780-19-0x00007FF9ADFC0000-0x00007FF9AE001000-memory.dmp

Filesize
260KB

Download
memory/2780-18-0x00007FF99D280000-0x00007FF99E330000-memory.dmp

Filesize
16.7MB

Download