152ed75bb4b87c3830c6b353a2bf84cb6a4ea1ff9450207a7ccf07d0e1c633da

Analysis

max time kernel
290s
max time network
298s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
13/07/2024, 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/bgm.xm
Size

53KB
MD5

a30878984af33ee69ace5cf8e330b974
SHA1

916e9098ad80f3e79502adac42820b1ffbae1eb6
SHA256

498eadc5b3d65aaf34b8496954c3362f033297c489d7ef4559cba8890c530171
SHA512

f3ddaf6d3b4e12928efe5c167e8d010c858f19d4bf5a9698b4aabe21e53b5762ad667c81bd4e119083b6213bc96869056538dfc6fcdfc8147cfb1f1ea0c2162f
SSDEEP

1536:DGdQy+5/LlKjQy+5/LlK8g0tg09wVi91yOU:idQy+5/LlKQy+5/Ll/g0tg09wgzn

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3296	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3296	vlc.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	196	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	196	AUDIODG.EXE
Token: 33	3296	vlc.exe
Token: SeIncBasePriorityPrivilege	3296	vlc.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe
3296	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3296	vlc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\$TEMP\bgm.xm"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3296

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3e8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3296-8-0x00007FFE2D4F0000-0x00007FFE2D524000-memory.dmp

Filesize
208KB

Download
memory/3296-7-0x00007FF6B6710000-0x00007FF6B6808000-memory.dmp

Filesize
992KB

Download
memory/3296-16-0x00007FFE2D420000-0x00007FFE2D431000-memory.dmp

Filesize
68KB

Download
memory/3296-15-0x00007FFE2D440000-0x00007FFE2D45D000-memory.dmp

Filesize
116KB

Download
memory/3296-9-0x00007FFE29A80000-0x00007FFE29D36000-memory.dmp

Filesize
2.7MB

Download
memory/3296-14-0x00007FFE2D460000-0x00007FFE2D471000-memory.dmp

Filesize
68KB

Download
memory/3296-13-0x00007FFE2D480000-0x00007FFE2D497000-memory.dmp

Filesize
92KB

Download
memory/3296-17-0x00007FFE19F10000-0x00007FFE1A11B000-memory.dmp

Filesize
2.0MB

Download
memory/3296-12-0x00007FFE2D4A0000-0x00007FFE2D4B1000-memory.dmp

Filesize
68KB

Download
memory/3296-11-0x00007FFE2D980000-0x00007FFE2D997000-memory.dmp

Filesize
92KB

Download
memory/3296-10-0x00007FFE30B90000-0x00007FFE30BA8000-memory.dmp

Filesize
96KB

Download
memory/3296-26-0x00007FFE26F50000-0x00007FFE26F62000-memory.dmp

Filesize
72KB

Download
memory/3296-25-0x00007FFE2A200000-0x00007FFE2A21B000-memory.dmp

Filesize
108KB

Download
memory/3296-24-0x00007FFE2A220000-0x00007FFE2A231000-memory.dmp

Filesize
68KB

Download
memory/3296-23-0x00007FFE2AA70000-0x00007FFE2AA81000-memory.dmp

Filesize
68KB

Download
memory/3296-22-0x00007FFE2AA90000-0x00007FFE2AAA1000-memory.dmp

Filesize
68KB

Download
memory/3296-21-0x00007FFE2AAB0000-0x00007FFE2AAC8000-memory.dmp

Filesize
96KB

Download
memory/3296-20-0x00007FFE2D2D0000-0x00007FFE2D2F1000-memory.dmp

Filesize
132KB

Download
memory/3296-19-0x00007FFE2D3D0000-0x00007FFE2D411000-memory.dmp

Filesize
260KB

Download
memory/3296-18-0x00007FFE18E60000-0x00007FFE19F10000-memory.dmp

Filesize
16.7MB

Download
memory/3296-58-0x00007FFE18E60000-0x00007FFE19F10000-memory.dmp

Filesize
16.7MB

Download