1b68640aa8fd10bd30af2f5a3e0a2a04bc203300fabbbc2401473c07be264632

Analysis

max time kernel
1791s
max time network
1610s
platform
windows10-1703_x64
resource
win10-20240404-es
resource tags

arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
20-06-2024 08:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$INSTDIR$_8_/Data/amp_models/Vox AC30 Non Top Boost - Vox AC30.wav
Size

4KB
MD5

15232e709d034a9d7e1abbefa11dea9f
SHA1

7a2f1ed27ccce9c7d18449e3d662b65740b34c80
SHA256

076519b0129fa16a806793b127928e72dba7c382ad876c43a8a1221450f5e0e6
SHA512

3fcc6f6c70b0188b34e2837a3504e89398ad153e331fb18788083ad75fab5b3ccabeeeea01cdcc8e056821cf0252d49b22f7ae9c6345ff6d974e1ae3ad481c4b
SSDEEP

12:/MwH3UR2bq6/bQbYySEvhPpwJTwjJZjwSrias/:0wXU4bqsaYyXvbwSz5Ps/

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4920	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4920	vlc.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	5084	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5084	AUDIODG.EXE
Token: 33	4920	vlc.exe
Token: SeIncBasePriorityPrivilege	4920	vlc.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
4920	vlc.exe
4920	vlc.exe
4920	vlc.exe
4920	vlc.exe
4920	vlc.exe
4920	vlc.exe
4920	vlc.exe
4920	vlc.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
4920	vlc.exe
4920	vlc.exe
4920	vlc.exe
4920	vlc.exe
4920	vlc.exe
4920	vlc.exe
4920	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4920	vlc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\$INSTDIR$_8_\Data\amp_models\Vox AC30 Non Top Boost - Vox AC30.wav"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4920

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4920-7-0x00007FF743980000-0x00007FF743A78000-memory.dmp

Filesize
992KB

Download
memory/4920-8-0x00007FFD633A0000-0x00007FFD633D4000-memory.dmp

Filesize
208KB

Download
memory/4920-16-0x00007FFD602C0000-0x00007FFD602D1000-memory.dmp

Filesize
68KB

Download
memory/4920-15-0x00007FFD602E0000-0x00007FFD602FD000-memory.dmp

Filesize
116KB

Download
memory/4920-9-0x00007FFD5FF10000-0x00007FFD601C6000-memory.dmp

Filesize
2.7MB

Download
memory/4920-14-0x00007FFD606B0000-0x00007FFD606C1000-memory.dmp

Filesize
68KB

Download
memory/4920-17-0x00007FFD5FB10000-0x00007FFD5FD1B000-memory.dmp

Filesize
2.0MB

Download
memory/4920-13-0x00007FFD606D0000-0x00007FFD606E7000-memory.dmp

Filesize
92KB

Download
memory/4920-12-0x00007FFD606F0000-0x00007FFD60701000-memory.dmp

Filesize
68KB

Download
memory/4920-11-0x00007FFD607D0000-0x00007FFD607E7000-memory.dmp

Filesize
92KB

Download
memory/4920-10-0x00007FFD63380000-0x00007FFD63398000-memory.dmp

Filesize
96KB

Download
memory/4920-25-0x00007FFD5FAB0000-0x00007FFD5FACB000-memory.dmp

Filesize
108KB

Download
memory/4920-24-0x00007FFD5FAD0000-0x00007FFD5FAE1000-memory.dmp

Filesize
68KB

Download
memory/4920-23-0x00007FFD5FAF0000-0x00007FFD5FB01000-memory.dmp

Filesize
68KB

Download
memory/4920-22-0x00007FFD5FEA0000-0x00007FFD5FEB1000-memory.dmp

Filesize
68KB

Download
memory/4920-21-0x00007FFD5FEC0000-0x00007FFD5FED8000-memory.dmp

Filesize
96KB

Download
memory/4920-20-0x00007FFD5FEE0000-0x00007FFD5FF01000-memory.dmp

Filesize
132KB

Download
memory/4920-19-0x00007FFD60270000-0x00007FFD602B1000-memory.dmp

Filesize
260KB

Download
memory/4920-18-0x00007FFD4F5C0000-0x00007FFD50670000-memory.dmp

Filesize
16.7MB

Download
memory/4920-37-0x00007FFD4F5C0000-0x00007FFD50670000-memory.dmp

Filesize
16.7MB

Download