59e0d15fcdf92551a204c7e71776a88f54ea9df74e2ba2cfb04e7582c04dec81

Resubmissions

31-07-2024 04:57

240731-flg26axflr 3

Analysis

max time kernel
32s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
31-07-2024 04:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

buttons/4add.png
Size

3KB
MD5

062587a5eb25732f2dc466aba126a21c
SHA1

f8fda87733525f2ef23a361cf43d686b2d2fca21
SHA256

056bb89ce11cd2972796599913219414334c5b656ce82b3a58921918f196fc6a
SHA512

ee578e33cca7599b24a151dfb19516437bbad786c1f45dc8d20b5a32e519262093753c1cdf526882fe046e9117a20f71637caa5df830265414f04d9604ac2fc0

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2756	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2756	vlc.exe

Suspicious use of FindShellTrayWindow 11 IoCs

pid	Process
2212	rundll32.exe
2212	rundll32.exe
2756	vlc.exe
2756	vlc.exe
2756	vlc.exe
2756	vlc.exe
2756	vlc.exe
2756	vlc.exe
2756	vlc.exe
2756	vlc.exe
2756	vlc.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
2756	vlc.exe
2756	vlc.exe
2756	vlc.exe
2756	vlc.exe
2756	vlc.exe
2756	vlc.exe
2756	vlc.exe
2756	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2756	vlc.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\buttons\4add.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:2212

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UnregisterCompare.3gp"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2212-0-0x0000000001F40000-0x0000000001F41000-memory.dmp

Filesize
4KB

Download
memory/2212-1-0x0000000001F40000-0x0000000001F41000-memory.dmp

Filesize
4KB

Download
memory/2756-14-0x000000013F860000-0x000000013F958000-memory.dmp

Filesize
992KB

Download
memory/2756-15-0x000007FEFB8A0000-0x000007FEFB8D4000-memory.dmp

Filesize
208KB

Download
memory/2756-16-0x000007FEF67E0000-0x000007FEF6A96000-memory.dmp

Filesize
2.7MB

Download
memory/2756-17-0x000007FEF5520000-0x000007FEF65D0000-memory.dmp

Filesize
16.7MB

Download