Overview

overview

6

Static

static

1

Kou! - Fro...t).mp3

windows7-x64

Kou! - Fro...t).mp3

windows10-2004-x64

6

Analysis

  • max time kernel
    26s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    27/07/2024, 01:33

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    Kou! - Frost Walker (mp3cut.net).mp3

  • Size

    9.5MB

  • MD5

    61b530ab6768496d12567a83371d4bc9

  • SHA1

    67fc23489febeae81c107ac9f0394325c6344f25

  • SHA256

    8f22eae7b9068875610532d18200a7e5ec443092db9a1f8a1739708847b861e9

  • SHA512

    216649cc4b1b1923a3f71a20dc7f8c74a56a74a29b4817ef336a6d9ce45d8d4d1742fda0b783a3f995513c7d71e34f78d610775fe0a68e93a4ee8105d1b8dba9

  • SSDEEP

    196608:lEOkp6EHbkaoGtUOdjSgtUyz6oz5N3sU5cXKYmX3EITMM:RU1HoRmUQmToz5taXj63E/M

Score
6/10
discovery

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SendNotifyMessage 11 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Kou! - Frost Walker (mp3cut.net).mp3"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2164
  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
    1⤵
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2780
    • C:\Program Files (x86)\Windows Media Player\wmpshare.exe
      "C:\Program Files (x86)\Windows Media Player\wmpshare.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2732
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:768
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:1404

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms~RFf77a4b8.TMP
        Filesize

        1KB

        MD5

        2bd85a6085b229eb53355dea32068db2

        SHA1

        8946e368601afc41995a91f229804391a2e35a5a

        SHA256

        fb64b085c57cd957a470b0b6038d1bda49c5c92ad962b2dd06797660d9ee942a

        SHA512

        539bff4b7b86008c18aee41b48b6127c33770c3f00d704490d20f65b2bafdfd6b1327591d2d5f5f5d17606ce2b083dbcec57babc8a27649b6a3823268a1214d0

        Download Submit

      • memory/2164-52-0x000007FEF6F80000-0x000007FEF6F91000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2164-43-0x000007FEF7AD0000-0x000007FEF7AED000-memory.dmp

        Filesize

        116KB

        Download

      • memory/2164-35-0x000000013F240000-0x000000013F338000-memory.dmp

        Filesize

        992KB

        Download

      • memory/2164-37-0x000007FEF6750000-0x000007FEF6A06000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/2164-38-0x000007FEFBF40000-0x000007FEFBF58000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2164-40-0x000007FEF7B30000-0x000007FEF7B41000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2164-41-0x000007FEF7B10000-0x000007FEF7B27000-memory.dmp

        Filesize

        92KB

        Download

      • memory/2164-39-0x000007FEF7B50000-0x000007FEF7B67000-memory.dmp

        Filesize

        92KB

        Download

      • memory/2164-42-0x000007FEF7AF0000-0x000007FEF7B01000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2164-50-0x000007FEF74E0000-0x000007FEF74F1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2164-88-0x000007FEF56A0000-0x000007FEF6750000-memory.dmp

        Filesize

        16.7MB

        Download

      • memory/2164-46-0x000007FEF5490000-0x000007FEF569B000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2164-48-0x000007FEF7A30000-0x000007FEF7A51000-memory.dmp

        Filesize

        132KB

        Download

      • memory/2164-47-0x000007FEF7A60000-0x000007FEF7AA1000-memory.dmp

        Filesize

        260KB

        Download

      • memory/2164-45-0x000007FEF56A0000-0x000007FEF6750000-memory.dmp

        Filesize

        16.7MB

        Download

      • memory/2164-49-0x000007FEF7A10000-0x000007FEF7A28000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2164-51-0x000007FEF74C0000-0x000007FEF74D1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2164-53-0x000007FEF6F60000-0x000007FEF6F7B000-memory.dmp

        Filesize

        108KB

        Download

      • memory/2164-55-0x000007FEF6F20000-0x000007FEF6F38000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2164-57-0x000007FEF6E80000-0x000007FEF6EE7000-memory.dmp

        Filesize

        412KB

        Download

      • memory/2164-56-0x000007FEF6EF0000-0x000007FEF6F20000-memory.dmp

        Filesize

        192KB

        Download

      • memory/2164-54-0x000007FEF6F40000-0x000007FEF6F51000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2164-36-0x000007FEF7CA0000-0x000007FEF7CD4000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2164-58-0x000007FEF6E00000-0x000007FEF6E7C000-memory.dmp

        Filesize

        496KB

        Download

      • memory/2164-44-0x000007FEF7AB0000-0x000007FEF7AC1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2164-59-0x000007FEF6DE0000-0x000007FEF6DF1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2164-60-0x000007FEF5470000-0x000007FEF5488000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2164-61-0x000007FEF5450000-0x000007FEF5461000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2164-62-0x000007FEF53F0000-0x000007FEF5447000-memory.dmp

        Filesize

        348KB

        Download

      • memory/2164-64-0x000007FEF53A0000-0x000007FEF53B3000-memory.dmp

        Filesize

        76KB

        Download

      • memory/2164-63-0x000007FEF53C0000-0x000007FEF53EF000-memory.dmp

        Filesize

        188KB

        Download

      • memory/2164-65-0x000007FEF5380000-0x000007FEF5391000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2164-66-0x000007FEF52B0000-0x000007FEF5375000-memory.dmp

        Filesize

        788KB

        Download

      • memory/2164-67-0x000007FEF33D0000-0x000007FEF3427000-memory.dmp

        Filesize

        348KB

        Download

      • memory/2164-68-0x000007FEF33A0000-0x000007FEF33C8000-memory.dmp

        Filesize

        160KB

        Download

      • memory/2164-70-0x000007FEF3350000-0x000007FEF3366000-memory.dmp

        Filesize

        88KB

        Download

      • memory/2164-69-0x000007FEF74A0000-0x000007FEF74B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2164-71-0x000007FEF3300000-0x000007FEF3342000-memory.dmp

        Filesize

        264KB

        Download

      • memory/2164-72-0x000007FEF3290000-0x000007FEF32F2000-memory.dmp

        Filesize

        392KB

        Download

      • memory/2164-73-0x000007FEF3220000-0x000007FEF328D000-memory.dmp

        Filesize

        436KB

        Download

      • memory/2164-74-0x000007FEF3200000-0x000007FEF3215000-memory.dmp

        Filesize

        84KB

        Download

      • memory/2164-75-0x000007FEF31C0000-0x000007FEF31D1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2164-76-0x000007FEF31A0000-0x000007FEF31B2000-memory.dmp

        Filesize

        72KB

        Download

      • memory/2164-77-0x000007FEF3020000-0x000007FEF319A000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/2164-87-0x000007FEF6750000-0x000007FEF6A06000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/2164-86-0x000007FEF7CA0000-0x000007FEF7CD4000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2164-85-0x000000013F240000-0x000000013F338000-memory.dmp

        Filesize

        992KB

        Download

      • memory/2780-2-0x0000000000130000-0x0000000000131000-memory.dmp

        Filesize

        4KB

        Download