1b68640aa8fd10bd30af2f5a3e0a2a04bc203300fabbbc2401473c07be264632

Analysis

max time kernel
1790s
max time network
1589s
platform
windows10-1703_x64
resource
win10-20240404-es
resource tags

arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
20-06-2024 08:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$INSTDIR$_8_/Data/amp_models/Marshall JTM45 - Matchless Chieftain.wav
Size

4KB
MD5

14071c09dc0fcddc7c946ca2bffeb959
SHA1

a130721134a1a173a7a35ca9e01a386aa0089049
SHA256

f48c5bb9d4515a0de774181e043856e444d29adbb46ffb454480b2824e43bf42
SHA512

c98d75605173f67935f425dc37a8316c6e8f911daa1e7660d433e60b68c9d235a29ba205a8a9c4336bb86fbcf62398685aca5399f9f1acc638e9c08c757e919d
SSDEEP

24:LU8hwj97QAxEmusQVpaXCUG/SI6Es6g8K:LU0wVXEmCVyGB6fv

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2112	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2112	vlc.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	5060	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5060	AUDIODG.EXE
Token: 33	2112	vlc.exe
Token: SeIncBasePriorityPrivilege	2112	vlc.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
2112	vlc.exe
2112	vlc.exe
2112	vlc.exe
2112	vlc.exe
2112	vlc.exe
2112	vlc.exe
2112	vlc.exe
2112	vlc.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
2112	vlc.exe
2112	vlc.exe
2112	vlc.exe
2112	vlc.exe
2112	vlc.exe
2112	vlc.exe
2112	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2112	vlc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\$INSTDIR$_8_\Data\amp_models\Marshall JTM45 - Matchless Chieftain.wav"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x40c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2112-7-0x00007FF768B20000-0x00007FF768C18000-memory.dmp

Filesize
992KB

Download
memory/2112-8-0x00007FFD44B20000-0x00007FFD44B54000-memory.dmp

Filesize
208KB

Download
memory/2112-13-0x00007FFD44A70000-0x00007FFD44A87000-memory.dmp

Filesize
92KB

Download
memory/2112-16-0x00007FFD44990000-0x00007FFD449A1000-memory.dmp

Filesize
68KB

Download
memory/2112-15-0x00007FFD44A30000-0x00007FFD44A4D000-memory.dmp

Filesize
116KB

Download
memory/2112-14-0x00007FFD44A50000-0x00007FFD44A61000-memory.dmp

Filesize
68KB

Download
memory/2112-9-0x00007FFD41730000-0x00007FFD419E6000-memory.dmp

Filesize
2.7MB

Download
memory/2112-11-0x00007FFD44AB0000-0x00007FFD44AC7000-memory.dmp

Filesize
92KB

Download
memory/2112-10-0x00007FFD44AD0000-0x00007FFD44AE8000-memory.dmp

Filesize
96KB

Download
memory/2112-12-0x00007FFD44A90000-0x00007FFD44AA1000-memory.dmp

Filesize
68KB

Download
memory/2112-19-0x00007FFD42170000-0x00007FFD421B1000-memory.dmp

Filesize
260KB

Download
memory/2112-17-0x00007FFD305C0000-0x00007FFD31670000-memory.dmp

Filesize
16.7MB

Download
memory/2112-24-0x00007FFD41470000-0x00007FFD41481000-memory.dmp

Filesize
68KB

Download
memory/2112-23-0x00007FFD41490000-0x00007FFD414A1000-memory.dmp

Filesize
68KB

Download
memory/2112-22-0x00007FFD414B0000-0x00007FFD414C1000-memory.dmp

Filesize
68KB

Download
memory/2112-21-0x00007FFD414D0000-0x00007FFD414E8000-memory.dmp

Filesize
96KB

Download
memory/2112-20-0x00007FFD414F0000-0x00007FFD41511000-memory.dmp

Filesize
132KB

Download
memory/2112-18-0x00007FFD41520000-0x00007FFD4172B000-memory.dmp

Filesize
2.0MB

Download
memory/2112-25-0x00007FFD41450000-0x00007FFD4146B000-memory.dmp

Filesize
108KB

Download