9c3dd40b4539a812baabc3b8e1cec9ae45a39ec8d799c1bd6e53d9d64a2366f0

Resubmissions

07/07/2024, 20:29

240707-y91taaxgjk 4

07/07/2024, 20:21

240707-y48lyaxflq 4

20/04/2024, 11:56

240420-n355bagg7x 4

Analysis

max time kernel
136s
max time network
130s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
07/07/2024, 20:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Graillon-FREE-2.8/Windows/Graillon-2-FREE-2.8.0.exe
Size

9.4MB
MD5

b15e6247e307fe3438f17aa05688ae5e
SHA1

f68fe99bf6e6ed87b8d192406f01a3669e440cd2
SHA256

b17c4d698a7ff93edbe0512bbf180c896e3ff96c6be8495d3b08dfa1d5c1cf8d
SHA512

cdfe99a47ada756f5898dc91dda695926293b4ac5207d585d30d7572b17246443a9ddeba1f9d440e6e800cef535d8b9f6a4be21301f67c6f55cb0795ddf9032c
SSDEEP

196608:1tJV+nIDBO8XnlxYmRtxtGnScMHRAErNWw+xOE1h5hOUOkqkDioCnck10:1taIDBO8XlxYmttdcMHRzOxDOUO1CXCI

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2888	vlc.exe
2984	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2888	vlc.exe
2984	vlc.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
2888	vlc.exe
2888	vlc.exe
2888	vlc.exe
2888	vlc.exe
2888	vlc.exe
2888	vlc.exe
2888	vlc.exe
2888	vlc.exe
2888	vlc.exe
2888	vlc.exe
2888	vlc.exe
2888	vlc.exe
2888	vlc.exe
2888	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe

Suspicious use of SendNotifyMessage 41 IoCs

pid	Process
2888	vlc.exe
2888	vlc.exe
2888	vlc.exe
2888	vlc.exe
2888	vlc.exe
2888	vlc.exe
2888	vlc.exe
2888	vlc.exe
2888	vlc.exe
2888	vlc.exe
2888	vlc.exe
2888	vlc.exe
2888	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe
2984	vlc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2888	vlc.exe
2984	vlc.exe

C:\Users\Admin\AppData\Local\Temp\Graillon-FREE-2.8\Windows\Graillon-2-FREE-2.8.0.exe
"C:\Users\Admin\AppData\Local\Temp\Graillon-FREE-2.8\Windows\Graillon-2-FREE-2.8.0.exe"
1⤵
PID:1708

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\TraceSubmit.DVR-MS"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2888

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\TraceSubmit.DVR-MS"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2984

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\RestoreSet.mp4"
1⤵
PID:2380

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\RestoreSet.mp4"
1⤵
PID:1020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\vlc\ml.xspf

Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
80B

MD5
b4955943bb878a3839223a12973aa0da

SHA1
ea7b6a0580bc3cecaad0cd7061f67ecdf6bcfda3

SHA256
82c35c674b8e631a97f84f4cb10ced13fc206509efabd4c94df2b8859857c213

SHA512
dc0342b677955d9c2529239d3b268e3226abebb61b3c99d4ac03a028403b88fdb75cc1b3b87d278293cf06c86b3fac324bc22689c6cfe64fd03d86c2727aefef

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
534B

MD5
ca1ecba18b9bdd80a09f3ce0490d5367

SHA1
0b1ebbdc0d9bb92870f8c22221b6394721e625e6

SHA256
fa8d0c0ac1e6276aa9e39370757bdb4b7b4f90393347fe434abd51c2920a0e4b

SHA512
28cce2fd3f7df88aaa5d0ca715b8659373fc6cceef4929070f067b15da93d088ec8e38e64b5429634fa46adf83df23c2846dd2854ea4eaad248921605585f432

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
584B

MD5
3320675a04ce89ee1ec89ea08563e773

SHA1
8fece6d8cef90f61320aa3a1c020611e26186410

SHA256
bfb178c457ff67929c677cfba8a05f600585f472d797dbd8132ed4d4e304f951

SHA512
43ac132817b17f47b4479fd32dcec992cab27d69c8df576595e63f447ecc2abf72d294840ba5adebfc1a088c0df582071c137d80ad4c787a372ee9e9b1d15426

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

Filesize
18B

MD5
4a63c2269f576fd7de0d9c505a7226f2

SHA1
eef4c8aa77a9a925a843953631d0301ff69a08f0

SHA256
ca0f55f0c8ad4253f1a97a3b48acd24ea5001bd4fce037f32e9f7ea6757476c3

SHA512
a2e02cc8ee86d1e4ad99bea801748f49ec587c0234106c0390a517962ccd3952c0d6b500816a17cfda6900965928cc41ee40ce81b9f604d122423633e4dad8bc

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlcrc

Filesize
94KB

MD5
ec3bdb41d903f7f7569e7480d02999e3

SHA1
57c13d86e04a69e840f22092f75e9255fc81dbdf

SHA256
13f9604d1134251dbe1a950cd34cbde0ebb98c5cce8d3c81115e2fdee9f1270f

SHA512
82c2922003a03c853f9426f23c364503610a35301fe56917a97c72295ef0f8c23765734d84ed8d4c3748e14d4d3a23381671717102c3d4067f3d2383f2fc0ded

Download Submit
memory/2888-29-0x000007FEF5FD0000-0x000007FEF5FE8000-memory.dmp

Filesize
96KB

Download
memory/2888-48-0x000007FEF1C80000-0x000007FEF1D45000-memory.dmp

Filesize
788KB

Download
memory/2888-15-0x000007FEF65B0000-0x000007FEF65CD000-memory.dmp

Filesize
116KB

Download
memory/2888-16-0x000007FEF6590000-0x000007FEF65A1000-memory.dmp

Filesize
68KB

Download
memory/2888-17-0x000007FEF56F0000-0x000007FEF58FB000-memory.dmp

Filesize
2.0MB

Download
memory/2888-21-0x000007FEF60F0000-0x000007FEF6131000-memory.dmp

Filesize
260KB

Download
memory/2888-22-0x000007FEF6560000-0x000007FEF6581000-memory.dmp

Filesize
132KB

Download
memory/2888-25-0x000007FEF6050000-0x000007FEF6061000-memory.dmp

Filesize
68KB

Download
memory/2888-30-0x000007FEF5FA0000-0x000007FEF5FD0000-memory.dmp

Filesize
192KB

Download
memory/2888-31-0x000007FEF5F30000-0x000007FEF5F97000-memory.dmp

Filesize
412KB

Download
memory/2888-20-0x000007FEF4640000-0x000007FEF56F0000-memory.dmp

Filesize
16.7MB

Download
memory/2888-7-0x000000013FAB0000-0x000000013FBA8000-memory.dmp

Filesize
992KB

Download
memory/2888-28-0x000007FEF5FF0000-0x000007FEF6001000-memory.dmp

Filesize
68KB

Download
memory/2888-27-0x000007FEF6010000-0x000007FEF602B000-memory.dmp

Filesize
108KB

Download
memory/2888-26-0x000007FEF6030000-0x000007FEF6041000-memory.dmp

Filesize
68KB

Download
memory/2888-24-0x000007FEF6070000-0x000007FEF6081000-memory.dmp

Filesize
68KB

Download
memory/2888-23-0x000007FEF60D0000-0x000007FEF60E8000-memory.dmp

Filesize
96KB

Download
memory/2888-32-0x000007FEF45C0000-0x000007FEF463C000-memory.dmp

Filesize
496KB

Download
memory/2888-33-0x000007FEF45A0000-0x000007FEF45B1000-memory.dmp

Filesize
68KB

Download
memory/2888-34-0x000007FEF4540000-0x000007FEF4597000-memory.dmp

Filesize
348KB

Download
memory/2888-35-0x000007FEF4510000-0x000007FEF4538000-memory.dmp

Filesize
160KB

Download
memory/2888-36-0x000007FEF44E0000-0x000007FEF4504000-memory.dmp

Filesize
144KB

Download
memory/2888-37-0x000007FEF44C0000-0x000007FEF44D8000-memory.dmp

Filesize
96KB

Download
memory/2888-38-0x000007FEF4490000-0x000007FEF44B3000-memory.dmp

Filesize
140KB

Download
memory/2888-39-0x000007FEF4470000-0x000007FEF4481000-memory.dmp

Filesize
68KB

Download
memory/2888-40-0x000007FEF4450000-0x000007FEF4462000-memory.dmp

Filesize
72KB

Download
memory/2888-41-0x000007FEF3930000-0x000007FEF3941000-memory.dmp

Filesize
68KB

Download
memory/2888-43-0x000007FEF1DC0000-0x000007FEF1DD7000-memory.dmp

Filesize
92KB

Download
memory/2888-42-0x000007FEF3830000-0x000007FEF392F000-memory.dmp

Filesize
1020KB

Download
memory/2888-44-0x000007FEF70F0000-0x000007FEF7100000-memory.dmp

Filesize
64KB

Download
memory/2888-14-0x000007FEF65D0000-0x000007FEF65E1000-memory.dmp

Filesize
68KB

Download
memory/2888-45-0x000007FEF1D90000-0x000007FEF1DBF000-memory.dmp

Filesize
188KB

Download
memory/2888-69-0x000000013FAB0000-0x000000013FBA8000-memory.dmp

Filesize
992KB

Download
memory/2888-46-0x000007FEF1D70000-0x000007FEF1D81000-memory.dmp

Filesize
68KB

Download
memory/2888-49-0x000007FEF1C30000-0x000007FEF1C72000-memory.dmp

Filesize
264KB

Download
memory/2888-50-0x000007FEF1BC0000-0x000007FEF1C22000-memory.dmp

Filesize
392KB

Download
memory/2888-51-0x000007FEF1B50000-0x000007FEF1BBD000-memory.dmp

Filesize
436KB

Download
memory/2888-52-0x000007FEF19D0000-0x000007FEF1B50000-memory.dmp

Filesize
1.5MB

Download
memory/2888-13-0x000007FEF6B50000-0x000007FEF6B67000-memory.dmp

Filesize
92KB

Download
memory/2888-70-0x000007FEF7100000-0x000007FEF7134000-memory.dmp

Filesize
208KB

Download
memory/2888-47-0x000007FEF1D50000-0x000007FEF1D66000-memory.dmp

Filesize
88KB

Download
memory/2888-71-0x000007FEF5900000-0x000007FEF5BB6000-memory.dmp

Filesize
2.7MB

Download
memory/2888-72-0x000007FEF4640000-0x000007FEF56F0000-memory.dmp

Filesize
16.7MB

Download
memory/2888-12-0x000007FEF6B90000-0x000007FEF6BA1000-memory.dmp

Filesize
68KB

Download
memory/2888-11-0x000007FEF6BB0000-0x000007FEF6BC7000-memory.dmp

Filesize
92KB

Download
memory/2888-9-0x000007FEF5900000-0x000007FEF5BB6000-memory.dmp

Filesize
2.7MB

Download
memory/2888-8-0x000007FEF7100000-0x000007FEF7134000-memory.dmp

Filesize
208KB

Download
memory/2888-10-0x000007FEF73D0000-0x000007FEF73E8000-memory.dmp

Filesize
96KB

Download
memory/2984-92-0x000007FEF6640000-0x000007FEF6651000-memory.dmp

Filesize
68KB

Download
memory/2984-93-0x000007FEF6620000-0x000007FEF663B000-memory.dmp

Filesize
108KB

Download
memory/2984-84-0x000007FEF73D0000-0x000007FEF73E7000-memory.dmp

Filesize
92KB

Download
memory/2984-85-0x000007FEF7100000-0x000007FEF7111000-memory.dmp

Filesize
68KB

Download
memory/2984-94-0x000007FEF6600000-0x000007FEF6611000-memory.dmp

Filesize
68KB

Download
memory/2984-96-0x000007FEF65B0000-0x000007FEF65E0000-memory.dmp

Filesize
192KB

Download
memory/2984-83-0x000007FEF7120000-0x000007FEF7138000-memory.dmp

Filesize
96KB

Download
memory/2984-86-0x000007FEF59B0000-0x000007FEF5BBB000-memory.dmp

Filesize
2.0MB

Download
memory/2984-91-0x000007FEF6660000-0x000007FEF6671000-memory.dmp

Filesize
68KB

Download
memory/2984-81-0x000007FEF6B90000-0x000007FEF6BC4000-memory.dmp

Filesize
208KB

Download
memory/2984-90-0x000007FEF6680000-0x000007FEF6691000-memory.dmp

Filesize
68KB

Download
memory/2984-89-0x000007FEF6B50000-0x000007FEF6B68000-memory.dmp

Filesize
96KB

Download
memory/2984-88-0x000007FEF66A0000-0x000007FEF66C1000-memory.dmp

Filesize
132KB

Download
memory/2984-87-0x000007FEF66D0000-0x000007FEF6711000-memory.dmp

Filesize
260KB

Download
memory/2984-82-0x000007FEF6180000-0x000007FEF6436000-memory.dmp

Filesize
2.7MB

Download
memory/2984-80-0x000000013F5D0000-0x000000013F6C8000-memory.dmp

Filesize
992KB

Download