152ed75bb4b87c3830c6b353a2bf84cb6a4ea1ff9450207a7ccf07d0e1c633da

Analysis

max time kernel
590s
max time network
445s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/bgm.xm
Size

53KB
MD5

a30878984af33ee69ace5cf8e330b974
SHA1

916e9098ad80f3e79502adac42820b1ffbae1eb6
SHA256

498eadc5b3d65aaf34b8496954c3362f033297c489d7ef4559cba8890c530171
SHA512

f3ddaf6d3b4e12928efe5c167e8d010c858f19d4bf5a9698b4aabe21e53b5762ad667c81bd4e119083b6213bc96869056538dfc6fcdfc8147cfb1f1ea0c2162f
SSDEEP

1536:DGdQy+5/LlKjQy+5/LlK8g0tg09wVi91yOU:idQy+5/LlKQy+5/Ll/g0tg09wgzn

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1600	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1600	vlc.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	3448	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3448	AUDIODG.EXE
Token: 33	1600	vlc.exe
Token: SeIncBasePriorityPrivilege	1600	vlc.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
1600	vlc.exe
1600	vlc.exe
1600	vlc.exe
1600	vlc.exe
1600	vlc.exe
1600	vlc.exe
1600	vlc.exe
1600	vlc.exe
1600	vlc.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
1600	vlc.exe
1600	vlc.exe
1600	vlc.exe
1600	vlc.exe
1600	vlc.exe
1600	vlc.exe
1600	vlc.exe
1600	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1600	vlc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\$TEMP\bgm.xm"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x510
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1600-5-0x00007FF66EA30000-0x00007FF66EB28000-memory.dmp

Filesize
992KB

Download
memory/1600-6-0x00007FFBADCA0000-0x00007FFBADCD4000-memory.dmp

Filesize
208KB

Download
memory/1600-14-0x00007FFBA9640000-0x00007FFBA9651000-memory.dmp

Filesize
68KB

Download
memory/1600-7-0x00007FFBA7B70000-0x00007FFBA7E26000-memory.dmp

Filesize
2.7MB

Download
memory/1600-15-0x00007FFB99C30000-0x00007FFB99E3B000-memory.dmp

Filesize
2.0MB

Download
memory/1600-13-0x00007FFBADC00000-0x00007FFBADC1D000-memory.dmp

Filesize
116KB

Download
memory/1600-12-0x00007FFBADC20000-0x00007FFBADC31000-memory.dmp

Filesize
68KB

Download
memory/1600-11-0x00007FFBADC40000-0x00007FFBADC57000-memory.dmp

Filesize
92KB

Download
memory/1600-10-0x00007FFBADC60000-0x00007FFBADC71000-memory.dmp

Filesize
68KB

Download
memory/1600-9-0x00007FFBADC80000-0x00007FFBADC97000-memory.dmp

Filesize
92KB

Download
memory/1600-8-0x00007FFBAEC80000-0x00007FFBAEC98000-memory.dmp

Filesize
96KB

Download
memory/1600-22-0x00007FFBA8EA0000-0x00007FFBA8EB1000-memory.dmp

Filesize
68KB

Download
memory/1600-21-0x00007FFBA8EC0000-0x00007FFBA8ED1000-memory.dmp

Filesize
68KB

Download
memory/1600-20-0x00007FFBA8EE0000-0x00007FFBA8EF1000-memory.dmp

Filesize
68KB

Download
memory/1600-19-0x00007FFBA8F30000-0x00007FFBA8F48000-memory.dmp

Filesize
96KB

Download
memory/1600-18-0x00007FFBA8FD0000-0x00007FFBA8FF1000-memory.dmp

Filesize
132KB

Download
memory/1600-17-0x00007FFBA8F50000-0x00007FFBA8F91000-memory.dmp

Filesize
260KB

Download
memory/1600-16-0x00007FFB98B80000-0x00007FFB99C30000-memory.dmp

Filesize
16.7MB

Download
memory/1600-52-0x00007FFB98B80000-0x00007FFB99C30000-memory.dmp

Filesize
16.7MB

Download