Overview

overview

6

Static

static

3

1v1.lol_Subz.rar

windows7-x64

3

1v1.lol_Subz.rar

windows10-2004-x64

6

subz 1v1.l...ol.dll

windows7-x64

1

subz 1v1.l...ol.dll

windows10-2004-x64

1

subz 1v1.lol/subz.exe

windows7-x64

6

subz 1v1.lol/subz.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    44s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    23-07-2024 08:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1v1.lol_Subz.rar

  • Size

    257KB

  • MD5

    646c0bcce5a1cbba02e12555e4ba0c3f

  • SHA1

    406d1e749f77b331c0c5cbc4977002c89704dd8b

  • SHA256

    11879aaf810fdacf73f694015e4b75ab1c68be8eb372b76f1c03d8b21d0dc1b7

  • SHA512

    16953b0c223f258e8d4e00628d3f018a665eab36708092cc8a5dfbdc5ec821de2d719f04489ff595459e9c50cb3dda66ab4bdb69eab570ef88c1205c12b52012

  • SSDEEP

    6144:wi8zD7uZ30sTaWbUBHTWWapGp3RdVJaEgLU1XG:sH6Z30sTaWQBzEMzdVNgLU12

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\1v1.lol_Subz.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1584
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\1v1.lol_Subz.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2072
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\1v1.lol_Subz.rar
        3⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2744
        • C:\Program Files\VideoLAN\VLC\vlc.exe
          "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\1v1.lol_Subz.rar"
          4⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:2564

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2564-30-0x000007FEFABD0000-0x000007FEFAC04000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2564-29-0x000000013F460000-0x000000013F558000-memory.dmp

    Filesize

    992KB

    Download

  • memory/2564-34-0x000007FEFAB90000-0x000007FEFABA1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2564-33-0x000007FEFABB0000-0x000007FEFABC7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2564-37-0x000007FEF7170000-0x000007FEF718D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/2564-36-0x000007FEFAB50000-0x000007FEFAB61000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2564-38-0x000007FEF7070000-0x000007FEF7081000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2564-35-0x000007FEFAB70000-0x000007FEFAB87000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2564-32-0x000007FEFAE30000-0x000007FEFAE48000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2564-31-0x000007FEF5F40000-0x000007FEF61F6000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2564-39-0x000007FEF5AB0000-0x000007FEF5CBB000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2564-40-0x000007FEF7020000-0x000007FEF7061000-memory.dmp

    Filesize

    260KB

    Download

  • memory/2564-41-0x000007FEF6FF0000-0x000007FEF7011000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2564-42-0x000007FEF6FD0000-0x000007FEF6FE8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2564-44-0x000007FEF6B00000-0x000007FEF6B11000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2564-46-0x000007FEF6580000-0x000007FEF6591000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2564-50-0x000007FEF4970000-0x000007FEF49A0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2564-51-0x000007FEF4900000-0x000007FEF4967000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2564-49-0x000007FEF49A0000-0x000007FEF49B8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2564-48-0x000007FEF49C0000-0x000007FEF49D1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2564-47-0x000007FEF49E0000-0x000007FEF49FB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2564-52-0x000007FEF4880000-0x000007FEF48FC000-memory.dmp

    Filesize

    496KB

    Download

  • memory/2564-45-0x000007FEF6AE0000-0x000007FEF6AF1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2564-53-0x000007FEF4860000-0x000007FEF4871000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2564-54-0x000007FEF4800000-0x000007FEF4857000-memory.dmp

    Filesize

    348KB

    Download

  • memory/2564-55-0x000007FEF47D0000-0x000007FEF47F8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2564-56-0x000007FEF47A0000-0x000007FEF47C4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2564-58-0x000007FEF4750000-0x000007FEF4773000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2564-61-0x000007FEF2B40000-0x000007FEF2B57000-memory.dmp

    Filesize

    92KB

    Download

  • memory/2564-60-0x000007FEF4710000-0x000007FEF4722000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2564-59-0x000007FEF4730000-0x000007FEF4741000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2564-57-0x000007FEF4780000-0x000007FEF4798000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2564-43-0x000007FEF4A00000-0x000007FEF5AB0000-memory.dmp

    Filesize

    16.7MB

    Download