Resubmissions

02-08-2024 22:01

240802-1w8cbasbrl 6

Analysis

  • max time kernel
    32s
  • max time network
    38s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    02-08-2024 22:01

Errors

Reason
Machine shutdown

General

  • Target

    modern house phone sound effect wireless phone ringing sound - Sound laboratory.mp3

  • Size

    257KB

  • MD5

    cfd3a14b64559059350ac46955966f8e

  • SHA1

    d7b84cdef3fc8d34b4553a26ed7606d61475c71d

  • SHA256

    e5b9d4ed06904d44d5324374f9a98f4ab2306d7c709e700dddc1f4117a921c76

  • SHA512

    4a32635460460067594f80e1ec99011c06ab1624db09063303cef1b4d458dd19ede084ea91963ed9a205310238ce8d6187fffc5f8066328200196d17e5daad99

  • SSDEEP

    1536:OAVfLRNALL4j32tFBRECrM4RgJ50pv2F/fyJ205wfKowTaQz+9fUur6Q3QKXtFIw:OIi1AA06Jr59+9fTrj9aqrR+t9RlCA8

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 17 IoCs
  • Suspicious use of SendNotifyMessage 16 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\modern house phone sound effect wireless phone ringing sound - Sound laboratory.mp3"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2148
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x5c8
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2820
  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\DisableClose.aifc"
    1⤵
      PID:2324
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x0
      1⤵
        PID:3016
      • C:\Windows\system32\LogonUI.exe
        "LogonUI.exe" /flags:0x1
        1⤵
          PID:1052

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2148-28-0x000007FEF6360000-0x000007FEF63DC000-memory.dmp

          Filesize

          496KB

        • memory/2148-14-0x000007FEFAC10000-0x000007FEFAC21000-memory.dmp

          Filesize

          68KB

        • memory/2148-5-0x000000013F9C0000-0x000000013FAB8000-memory.dmp

          Filesize

          992KB

        • memory/2148-11-0x000007FEFAC70000-0x000007FEFAC87000-memory.dmp

          Filesize

          92KB

        • memory/2148-27-0x000007FEF6780000-0x000007FEF67E7000-memory.dmp

          Filesize

          412KB

        • memory/2148-13-0x000007FEFAC30000-0x000007FEFAC4D000-memory.dmp

          Filesize

          116KB

        • memory/2148-12-0x000007FEFAC50000-0x000007FEFAC61000-memory.dmp

          Filesize

          68KB

        • memory/2148-7-0x000007FEF72E0000-0x000007FEF7596000-memory.dmp

          Filesize

          2.7MB

        • memory/2148-8-0x000007FEFB1A0000-0x000007FEFB1B8000-memory.dmp

          Filesize

          96KB

        • memory/2148-10-0x000007FEFAC90000-0x000007FEFACA1000-memory.dmp

          Filesize

          68KB

        • memory/2148-15-0x000007FEF63E0000-0x000007FEF65EB000-memory.dmp

          Filesize

          2.0MB

        • memory/2148-20-0x000007FEF72A0000-0x000007FEF72B1000-memory.dmp

          Filesize

          68KB

        • memory/2148-18-0x000007FEFABE0000-0x000007FEFAC01000-memory.dmp

          Filesize

          132KB

        • memory/2148-17-0x000007FEF6880000-0x000007FEF68C1000-memory.dmp

          Filesize

          260KB

        • memory/2148-26-0x000007FEF67F0000-0x000007FEF6820000-memory.dmp

          Filesize

          192KB

        • memory/2148-16-0x000007FEF4860000-0x000007FEF5910000-memory.dmp

          Filesize

          16.7MB

        • memory/2148-36-0x000007FEF6170000-0x000007FEF6235000-memory.dmp

          Filesize

          788KB

        • memory/2148-37-0x000007FEF6150000-0x000007FEF6163000-memory.dmp

          Filesize

          76KB

        • memory/2148-35-0x000007FEF6240000-0x000007FEF6251000-memory.dmp

          Filesize

          68KB

        • memory/2148-34-0x000007FEF6260000-0x000007FEF6273000-memory.dmp

          Filesize

          76KB

        • memory/2148-33-0x000007FEF6280000-0x000007FEF62AF000-memory.dmp

          Filesize

          188KB

        • memory/2148-32-0x000007FEF6300000-0x000007FEF6357000-memory.dmp

          Filesize

          348KB

        • memory/2148-31-0x000007FEF6720000-0x000007FEF6731000-memory.dmp

          Filesize

          68KB

        • memory/2148-29-0x000007FEF6760000-0x000007FEF6771000-memory.dmp

          Filesize

          68KB

        • memory/2148-9-0x000007FEFACB0000-0x000007FEFACC7000-memory.dmp

          Filesize

          92KB

        • memory/2148-6-0x000007FEFAF40000-0x000007FEFAF74000-memory.dmp

          Filesize

          208KB

        • memory/2148-30-0x000007FEF6740000-0x000007FEF6758000-memory.dmp

          Filesize

          96KB

        • memory/2148-19-0x000007FEF72C0000-0x000007FEF72D8000-memory.dmp

          Filesize

          96KB

        • memory/2148-25-0x000007FEF6820000-0x000007FEF6838000-memory.dmp

          Filesize

          96KB

        • memory/2148-24-0x000007FEF6840000-0x000007FEF6851000-memory.dmp

          Filesize

          68KB

        • memory/2148-23-0x000007FEF6860000-0x000007FEF687B000-memory.dmp

          Filesize

          108KB

        • memory/2148-22-0x000007FEF6D00000-0x000007FEF6D11000-memory.dmp

          Filesize

          68KB

        • memory/2148-21-0x000007FEF6D40000-0x000007FEF6D51000-memory.dmp

          Filesize

          68KB

        • memory/2148-38-0x000007FEF6130000-0x000007FEF6141000-memory.dmp

          Filesize

          68KB

        • memory/2148-40-0x000007FEF5D30000-0x000007FEF5D58000-memory.dmp

          Filesize

          160KB

        • memory/2148-39-0x000007FEF5D60000-0x000007FEF5DB7000-memory.dmp

          Filesize

          348KB

        • memory/2148-41-0x000007FEF5950000-0x000007FEF5961000-memory.dmp

          Filesize

          68KB

        • memory/2148-42-0x000007FEF2ED0000-0x000007FEF2EE2000-memory.dmp

          Filesize

          72KB

        • memory/2148-43-0x000007FEF2D50000-0x000007FEF2ECA000-memory.dmp

          Filesize

          1.5MB

        • memory/2148-64-0x000007FEF72E0000-0x000007FEF7596000-memory.dmp

          Filesize

          2.7MB

        • memory/2148-63-0x000007FEFAF40000-0x000007FEFAF74000-memory.dmp

          Filesize

          208KB

        • memory/2148-62-0x000000013F9C0000-0x000000013FAB8000-memory.dmp

          Filesize

          992KB

        • memory/2148-65-0x000007FEF4860000-0x000007FEF5910000-memory.dmp

          Filesize

          16.7MB

        • memory/2148-66-0x000007FEF2490000-0x000007FEF259E000-memory.dmp

          Filesize

          1.1MB

        • memory/2324-45-0x000007FEFAF40000-0x000007FEFAF74000-memory.dmp

          Filesize

          208KB

        • memory/2324-49-0x000007FEFAC90000-0x000007FEFACA1000-memory.dmp

          Filesize

          68KB

        • memory/2324-48-0x000007FEFACB0000-0x000007FEFACC7000-memory.dmp

          Filesize

          92KB

        • memory/2324-46-0x000007FEF72E0000-0x000007FEF7596000-memory.dmp

          Filesize

          2.7MB

        • memory/2324-44-0x000000013F9C0000-0x000000013FAB8000-memory.dmp

          Filesize

          992KB

        • memory/2324-47-0x000007FEFB1A0000-0x000007FEFB1B8000-memory.dmp

          Filesize

          96KB