9742689a50e96ddc04d80ceff046b28da2beefd617be18166f8c5e715ec60c59

Analysis

max time kernel
142s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/08/2024, 06:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vlc-3.0.21-win64.exe
Size

42.9MB
MD5

a6f92affb6ce711f9f5048410cb4bc32
SHA1

80d994fb95087efce34aeb4a98c8f4d7d2a035a6
SHA256

9742689a50e96ddc04d80ceff046b28da2beefd617be18166f8c5e715ec60c59
SHA512

1a8ff18e29514c48b29fab5ad419b506610c462c09891b4ba6dc0cee550d05eed03bed8d018b9bd61b3d81e1848da7845d53c1b01a508dd87381791541a44f2c
SSDEEP

786432:7OvIHtds0udYsBQv3eva1Umww8RZLyP7QL5ojI54qcDhvcOm:2C3/sB0eyyxwXP7QL+jI5UDNcH

Score

4^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1716	vlc-3.0.21-win64.exe
1716	vlc-3.0.21-win64.exe
1716	vlc-3.0.21-win64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vlc-3.0.21-win64.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1716	vlc-3.0.21-win64.exe

C:\Users\Admin\AppData\Local\Temp\vlc-3.0.21-win64.exe
"C:\Users\Admin\AppData\Local\Temp\vlc-3.0.21-win64.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:1716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsy87B8.tmp\LangDLL.dll

Filesize
8KB

MD5
6a4ce8d10efd06369f368898462546e0

SHA1
79b9c182afcfddb4687663f287327fb968731c1b

SHA256
42c46cde21b03935314697ef444b01d85e319fc443519bde35fec90c8b21fc98

SHA512
8a5f1d1bf6fef5ed5b51f41129715bdad0ebabb539c0260b080e567a101db7acdba722a9df5e55527ccdd2bf05a009bfee3c4a3745825c953f3348ef55e61918

Download Submit
\Users\Admin\AppData\Local\Temp\nsy87B8.tmp\System.dll

Filesize
28KB

MD5
4a82832a6209cdc3a2447ab2de137542

SHA1
21f334bf90566e3a94a712b68f2cbc32746711d4

SHA256
b07a12c5ced6a1ece5e7dc4103f8b3e15bf77f5edb70daef115b9a77bcf55885

SHA512
6bceff4d3eba26a84029d09f6e403f3fc0c95a744f4d6bfde22accf480a724a0f38960d848a5255258a6a57d3ec9b384847acf167b485ff67f7161aac04300f0

Download Submit
\Users\Admin\AppData\Local\Temp\nsy87B8.tmp\nsDialogs.dll

Filesize
14KB

MD5
8b11196dc49c4df98c6f97457c97e590

SHA1
7ee6c21506ac68a1ecf36be5d632ee339311d51a

SHA256
47a1976b7736371b9b2e073ef0dd49db3bdbe604ec9ee77e50621e5f19d9ae7b

SHA512
4c77005b35f9c9c3cd64d5dba178f45ed250974848086e9da283d539add6aa70bb9ec44782f69f115ab87d1d1d723a63698f9b9db817710b52ab836a87e654b7

Download Submit
memory/1716-19-0x00000000749C0000-0x00000000749CC000-memory.dmp

Filesize
48KB

Download
memory/1716-18-0x00000000749D0000-0x00000000749DF000-memory.dmp

Filesize
60KB

Download
memory/1716-17-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download