Overview

overview

6

Static

static

1

2024-07-25...28.mkv

windows10-2004-x64

6

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/07/2024, 12:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-25 15-10-28.mkv

  • Size

    9.8MB

  • MD5

    c5833e74176ed4c0ebaa634a3f2f240a

  • SHA1

    5d92aa0e759f485182a1a1987571f5c7d02105a5

  • SHA256

    bad4a35e837b08230daaed38704ad9904e7a6801a0873a44758dfa9a5f532206

  • SHA512

    e4a7dfe7b5ffaa9d6bfe5736259a97757ebe8181e6a5938c71936c75b3e7fb05e96f3e692acbf926244dad407e334059384499261ed9a067c00e8ad03b2fe8cc

  • SSDEEP

    196608:5YMzyyBPJrqX9gJV0UW2tNxUIfij9zVfRMAGfIFM+ItQeZ5Mt3fA:iMdR2N4VnW2PU9j7KIFjISeZ5MtvA

Score
6/10
discovery

Malware Config

Signatures

  • Drops desktop.ini file(s) 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\2024-07-25 15-10-28.mkv"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2968
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1692
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:1944
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:1148
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x4c0 0x3e4
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2412

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    512KB

    MD5

    26e4064ee797380fa9a8cbb624bd73b2

    SHA1

    4ec24c0ec5b7f2481a7dafd738b199f687b7c531

    SHA256

    47e13bfa02bc2f2892a1599b36ca95f4172fdf75cf4d0ea58fba8ebc1633c85d

    SHA512

    1631279ab6c3b3409235a8c896bba292255b6b67f62d431af51301572c20484f96b2f357ffc818fa9f2d87f7f5bdb12d692ce561d9f71035e16814d8ea7d1590

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    1024KB

    MD5

    8b2896117ef716c7e587551756f96cd9

    SHA1

    9c060d2085d4f58181d9030a415b29f893f718f1

    SHA256

    72f56fbadbcfd06dc04515d9cfa6acbc47b3bb8bd867b44171bbbe6d22681493

    SHA512

    9d369a45011ae8f2483ff63025e6dbe80d79807cef191b4c4f4820e37a9e435f4e68a3e3019acd8562b0e4ffcc26d2387cf05488e10e7cf2692f109b535a0990

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
    Filesize

    68KB

    MD5

    7cf1cba6cab64517a235b334288bf6d1

    SHA1

    7ec37390f6e9b821a4ed8407e65ad829d28068e3

    SHA256

    52b283801cd477f104d72dddd053343c3ab5232a1844c8631438f747ef0ac13f

    SHA512

    34dfe4eea22015bd101b3116673a4c43acb73c846932a3e1b22cda0d07cec1dafe24993a3403982a20aeb800ce583b1f8621494f560383b7bd3aebff91217b0d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
    Filesize

    498B

    MD5

    90be2701c8112bebc6bd58a7de19846e

    SHA1

    a95be407036982392e2e684fb9ff6602ecad6f1e

    SHA256

    644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

    SHA512

    d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
    Filesize

    9KB

    MD5

    7050d5ae8acfbe560fa11073fef8185d

    SHA1

    5bc38e77ff06785fe0aec5a345c4ccd15752560e

    SHA256

    cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

    SHA512

    a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
    Filesize

    1KB

    MD5

    d88015f8c3eaad42c576d8514a6e9d7a

    SHA1

    f2f50b8ea51b104735b5315f3a9239f46b47affb

    SHA256

    63dfc4de5449abf28ef8d4170eb3b44eba04c5b4c24c016f6390b68684975d8a

    SHA512

    5b0e4a3701d77e281b4938d154cac30eaacd01479f0b54fa34daeb1e126c69acf01ea901158c564b38728ffa9d8ffaf91eceaa412a231c3c82a2c75f7d1fc7c0

    Download Submit

  • memory/2968-31-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-32-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-34-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-33-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-38-0x0000000009A40000-0x0000000009A50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-37-0x0000000009A40000-0x0000000009A50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-39-0x0000000009A60000-0x0000000009A70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-41-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-40-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-42-0x0000000009A40000-0x0000000009A50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-46-0x0000000005400000-0x0000000005410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-47-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-48-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-49-0x0000000009A40000-0x0000000009A50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-50-0x0000000009A40000-0x0000000009A50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-52-0x0000000009A40000-0x0000000009A50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-51-0x0000000009A40000-0x0000000009A50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-54-0x0000000009A40000-0x0000000009A50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-53-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-57-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-56-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-55-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-59-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-61-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-60-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-62-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-64-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-63-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-67-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-68-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-69-0x0000000009A40000-0x0000000009A50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-70-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-74-0x0000000009A40000-0x0000000009A50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-73-0x0000000009A40000-0x0000000009A50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-75-0x0000000005400000-0x0000000005410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-72-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-77-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-79-0x0000000009A40000-0x0000000009A50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-78-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-80-0x0000000009A40000-0x0000000009A50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-82-0x0000000009A40000-0x0000000009A50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-81-0x0000000009A40000-0x0000000009A50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-85-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-87-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-86-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-84-0x0000000009A40000-0x0000000009A50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-83-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-88-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-89-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-90-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-91-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-92-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-93-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-94-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-95-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-96-0x0000000009A40000-0x0000000009A50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-97-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-98-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-99-0x0000000009A40000-0x0000000009A50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-100-0x0000000009A40000-0x0000000009A50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-101-0x0000000005400000-0x0000000005410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-102-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-103-0x0000000005420000-0x0000000005430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2968-104-0x0000000009A40000-0x0000000009A50000-memory.dmp

    Filesize

    64KB

    Download