Resubmissions
02-08-2024 22:01
240802-1w8cbasbrl 6Analysis
-
max time kernel
32s -
max time network
38s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
02-08-2024 22:01
Static task
static1
Behavioral task
behavioral1
Sample
modern house phone sound effect wireless phone ringing sound - Sound laboratory.mp3
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
modern house phone sound effect wireless phone ringing sound - Sound laboratory.mp3
Resource
win10v2004-20240802-en
Errors
General
-
Target
modern house phone sound effect wireless phone ringing sound - Sound laboratory.mp3
-
Size
257KB
-
MD5
cfd3a14b64559059350ac46955966f8e
-
SHA1
d7b84cdef3fc8d34b4553a26ed7606d61475c71d
-
SHA256
e5b9d4ed06904d44d5324374f9a98f4ab2306d7c709e700dddc1f4117a921c76
-
SHA512
4a32635460460067594f80e1ec99011c06ab1624db09063303cef1b4d458dd19ede084ea91963ed9a205310238ce8d6187fffc5f8066328200196d17e5daad99
-
SSDEEP
1536:OAVfLRNALL4j32tFBRECrM4RgJ50pv2F/fyJ205wfKowTaQz+9fUur6Q3QKXtFIw:OIi1AA06Jr59+9fTrj9aqrR+t9RlCA8
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2148 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2148 vlc.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: 33 2820 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2820 AUDIODG.EXE Token: 33 2820 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2820 AUDIODG.EXE Token: 33 2148 vlc.exe Token: SeIncBasePriorityPrivilege 2148 vlc.exe -
Suspicious use of FindShellTrayWindow 17 IoCs
pid Process 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe -
Suspicious use of SendNotifyMessage 16 IoCs
pid Process 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe 2148 vlc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2148 vlc.exe
Processes
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\modern house phone sound effect wireless phone ringing sound - Sound laboratory.mp3"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2148
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5c81⤵
- Suspicious use of AdjustPrivilegeToken
PID:2820
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\DisableClose.aifc"1⤵PID:2324
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x01⤵PID:3016
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x11⤵PID:1052