Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
26-07-2024 13:31
Behavioral task
behavioral1
Sample
VDC Redux v2.09/Project VDC.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral2
Sample
VDC Redux v2.09/Project VDC.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
VDC Redux v2.09/Project VDC.exe
Resource
win7-20240708-en
windows7-x64
General
-
Target
VDC Redux v2.09/Project VDC.exe
-
Size
243KB
-
MD5
97bacf4e79415c1bd1afa578eefb2e35
-
SHA1
f7ae523b22e44106e4be136098f367614fd6061f
-
SHA256
b7488daa93b04130e29a35ac6c6445fdd6f240824a6b98ab76d2c87e9bdabc52
-
SHA512
a6524e2d74ab97e8158ed3457ba3481f70278ae7cba5ea861f59c60acd5dba4e3177124ebade52e94ca9f0d85d0a3d5c6b249f3b287d543645b4e4ad75142303
-
SSDEEP
6144:WRN4qMEaFu5ejqFnZSQnpwrUi6YdjorE6xWWJwYds:O2qMbu5ejQnZS2pwrUipyDv
Malware Config
Signatures
-
resource yara_rule behavioral3/memory/2848-0-0x0000000000400000-0x000000000046E000-memory.dmp upx behavioral3/memory/2848-1-0x0000000000400000-0x000000000046E000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Project VDC.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe 2848 Project VDC.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2848 Project VDC.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 2848 Project VDC.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\VDC Redux v2.09\Project VDC.exe"C:\Users\Admin\AppData\Local\Temp\VDC Redux v2.09\Project VDC.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2848