Overview

overview

6

Static

static

1

SPOILER_SP..._1.mp4

windows7-x64

4

SPOILER_SP..._1.mp4

windows10-2004-x64

6

Analysis

  • max time kernel
    95s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-07-2024 10:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SPOILER_SPOILER_SPOILER_L_bro_1.mp4

  • Size

    808KB

  • MD5

    6d9acee29da95749a1c01fe8022a2bc8

  • SHA1

    eac9b712618785fb44656df77e9731584a8488f0

  • SHA256

    752897e870fe4eb47ac1fc2bdec7b8f73acf1aa17ddaab37a3731760fccb5a7c

  • SHA512

    01ec7685bfd81168ae1663ee8717f6fee466cf4be327e9460a8913cf8826c935d89a3bdf6b40ec303a93a1e514180a5a593a7af8764eca68c3285e7d2faf81ea

  • SSDEEP

    12288:sm+KGY62VL7Gr2VXsAUnhcLeJnmIFg3DV8ijd85kre+mqHJmj:DOY68HGr2u5cKdmeg3DRGrqHJ+

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\SPOILER_SPOILER_SPOILER_L_bro_1.mp4"
    1⤵
    • Enumerates connected drives
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:4084
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2068
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:2852
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:4612
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x4dc 0x340
    1⤵
      PID:2072

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
      Filesize

      256KB

      MD5

      adbd8353954edbe5e0620c5bdcad4363

      SHA1

      aeb5c03e8c1b8bc5d55683ea113e6ce1be7ac6e6

      SHA256

      64eff10c4e866930d32d4d82cc88ec0e6f851ac49164122cae1b27eb3c9d9d55

      SHA512

      87bf4a2dc4dd5c833d96f3f5cb0b607796414ffee36d5c167a75644bcbb02ab5159aa4aa093ed43abe290481abc01944885c68b1755d9b2c4c583fcccd041fd2

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
      Filesize

      1024KB

      MD5

      1d350b0a866e794fbedc4d81488aa4a9

      SHA1

      98095fec794b1dc1f4e440e7b44f8278ff052852

      SHA256

      a9e857d79d3ad491ff7a299022760b4177cfbd6cb9398e9cea28f2feb38dcaa6

      SHA512

      0ed184ef96338c09f0ebcfc2bdead341055d3c34c91e26f19f32713341bc01770d5c31805dc7ec83a03259158dba37705b9b880131c27a5b7bcd4d1758f543dc

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
      Filesize

      498B

      MD5

      90be2701c8112bebc6bd58a7de19846e

      SHA1

      a95be407036982392e2e684fb9ff6602ecad6f1e

      SHA256

      644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

      SHA512

      d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
      Filesize

      9KB

      MD5

      5433eab10c6b5c6d55b7cbd302426a39

      SHA1

      c5b1604b3350dab290d081eecd5389a895c58de5

      SHA256

      23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131

      SHA512

      207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
      Filesize

      1KB

      MD5

      11ecd2dd920d73504accac3b7fba3e7b

      SHA1

      865bb362398560c855770e25fdbe9fe48c88512f

      SHA256

      c5627c884451e5b000ae6376b0d5d4cd6947c97108988bcdb1178c3a31322e29

      SHA512

      3841609e046f4a5866b5e36b4d2235d9458ef5e00fe8830e69182f38873d98691d8b2d032e364208476a65c6866fb40f42419a22279770485e8eed2114424746

      Download Submit

    • memory/4084-40-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4084-44-0x0000000004830000-0x0000000004840000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4084-32-0x0000000004830000-0x0000000004840000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4084-34-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4084-39-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4084-38-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4084-37-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4084-36-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4084-35-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4084-33-0x0000000004830000-0x0000000004840000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4084-41-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4084-43-0x0000000004830000-0x0000000004840000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4084-42-0x0000000004830000-0x0000000004840000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4084-31-0x0000000004830000-0x0000000004840000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4084-45-0x0000000004830000-0x0000000004840000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4084-46-0x0000000004830000-0x0000000004840000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4084-47-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4084-48-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4084-52-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4084-51-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4084-50-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4084-49-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4084-53-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4084-54-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4084-30-0x0000000004830000-0x0000000004840000-memory.dmp

      Filesize

      64KB

      Download