Overview

overview

6

Static

static

1

945554145-1-16.mp4

windows7-x64

1

945554145-1-16.mp4

windows10-2004-x64

6

945569409-1-16.mp4

windows7-x64

1

945569409-1-16.mp4

windows10-2004-x64

6

945793906-1-16.mp4

windows7-x64

1

945793906-1-16.mp4

windows10-2004-x64

6

945809687-1-16.mp4

windows7-x64

1

945809687-1-16.mp4

windows10-2004-x64

6

963821516-1-16.mp4

windows7-x64

1

963821516-1-16.mp4

windows10-2004-x64

6

964296702-1-16.mp4

windows7-x64

1

964296702-1-16.mp4

windows10-2004-x64

6

Analysis

  • max time kernel
    20s
  • max time network
    9s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-08-2024 14:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    964296702-1-16.mp4

  • Size

    6.0MB

  • MD5

    1f6f9f5eb918fa962287f32e92ecebaf

  • SHA1

    8822c8642d458ed119f94651945bfa66210cda18

  • SHA256

    b1b88e0ef12b8e773ae69045fecc0e38c9f886ef3c9658f6b6c3a9046c04d8d8

  • SHA512

    10a65cc980b5c1b1f890a4c12a65061b656cc48c3c28cc9bc0c1947edc98b29872438ca738855d8931141685ef95a190ae64e9a9bc6cc1f00e3432febf480c70

  • SSDEEP

    98304:plAog9kGBs7smQFD9sqWxILnjZH/hcQF/WakD/QghzIVjW3LFNCOTVrTdmldZrqr:3JgfXrFCqQQnFWQFluIKNCePEzkaV+

Score
6/10
discovery

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\964296702-1-16.mp4"
    1⤵
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1004
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2676
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:2968
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:2044
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x514 0x304
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2236
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4292,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=4328 /prefetch:8
    1⤵
      PID:1404

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
      Filesize

      256KB

      MD5

      adbd8353954edbe5e0620c5bdcad4363

      SHA1

      aeb5c03e8c1b8bc5d55683ea113e6ce1be7ac6e6

      SHA256

      64eff10c4e866930d32d4d82cc88ec0e6f851ac49164122cae1b27eb3c9d9d55

      SHA512

      87bf4a2dc4dd5c833d96f3f5cb0b607796414ffee36d5c167a75644bcbb02ab5159aa4aa093ed43abe290481abc01944885c68b1755d9b2c4c583fcccd041fd2

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
      Filesize

      1024KB

      MD5

      e60c2bf59ea04946d73db447ca7bed00

      SHA1

      511f248a3484d3958495688079cd9193a6adf1a0

      SHA256

      19d5f1c2bc98269caf4a754d9fd49569453fb08b0b14e20b4c72de09f36a56d9

      SHA512

      2200809f46dfb1f4a8056d6171daece3ae000cf9a616964567118b5f6ae3203b4bf1e70b8af8b093dc51becb75796ce3bc7792aca8bb47855ddab561e8dbbe7e

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
      Filesize

      498B

      MD5

      90be2701c8112bebc6bd58a7de19846e

      SHA1

      a95be407036982392e2e684fb9ff6602ecad6f1e

      SHA256

      644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

      SHA512

      d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
      Filesize

      9KB

      MD5

      7050d5ae8acfbe560fa11073fef8185d

      SHA1

      5bc38e77ff06785fe0aec5a345c4ccd15752560e

      SHA256

      cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

      SHA512

      a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
      Filesize

      1KB

      MD5

      03933524adab9b0c037073b5706147ff

      SHA1

      71a5a1e6e6b5c034372ab67490ada5940aa7ef64

      SHA256

      b3d0c769ac2e9083453b10766b3394c0216ea49a9e298283e72abf914d8e5cfb

      SHA512

      8d26ecf48928ab05c3b6df932b49e4c40a8fcb8eff69576fc571d0bb2e663fa2702db8bf0ee4b3b62703ce1b361a05d27546864b09a4f867b5ad31e750bd0bad

      Download Submit

    • memory/1004-34-0x0000000004BE0000-0x0000000004BF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1004-36-0x0000000004BE0000-0x0000000004BF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1004-35-0x0000000004BE0000-0x0000000004BF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1004-37-0x00000000074C0000-0x00000000074D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1004-38-0x0000000009650000-0x0000000009660000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1004-41-0x0000000004BE0000-0x0000000004BF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1004-40-0x0000000004BE0000-0x0000000004BF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1004-39-0x0000000009650000-0x0000000009660000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1004-42-0x0000000009650000-0x0000000009660000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1004-33-0x0000000004BE0000-0x0000000004BF0000-memory.dmp

      Filesize

      64KB

      Download