eab0cf5d172d9ef0cd49d7c7944be946d95235c634a48b12a4c450eb7f68d657

Resubmissions

15-08-2024 00:02

240815-abnjasybqj 6

13-08-2024 16:36

240813-t4lpysvapd 10

Analysis

max time kernel
79s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15-08-2024 00:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

nuclear_bombs.mp4
Size

188KB
MD5

89a4d69ff3c526730c4fd6c3c8b16cc2
SHA1

c5a41e374ce559c402e07eb63f94de7091ef3af3
SHA256

eab0cf5d172d9ef0cd49d7c7944be946d95235c634a48b12a4c450eb7f68d657
SHA512

c6288a36be86f7593a146f4b385a6389c48bc58b1fafdd32a32a7c710d3360204cb3b902166fad683aa012a409e547394b77aad24290d4a62b07012a50aa4124
SSDEEP

3072:WURDsJZX3lZAbWgdAALG96g5ehTtcq6Sm7bsxuTw53Fna6+:IJZlZAbRGALG96g5eHcq6SQk53Fp+

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2764	vlc.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2764	vlc.exe
2184	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: 33	2764	vlc.exe
Token: SeIncBasePriorityPrivilege	2764	vlc.exe
Token: SeDebugPrivilege	2184	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2764	vlc.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe
2184	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2764	vlc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\nuclear_bombs.mp4"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:2184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
89B

MD5
6c608fa3f6b21a99151126c1708e0c24

SHA1
ca837ee712ee796dd09a5e873596bc1d2c70fee6

SHA256
2e2d28f5045695e22ccc9c34f3596bd7e13f494750a0911a59f4c4f86ba6a198

SHA512
5854b5a27d43edd084737ac6c18db0765be85ed64be03b5b9e0cbdcfd93bfbc9cee7f8efbd2336b3660c799751df7211554c05b0222aafa0e3dd9a98fe29343f

Download Submit
memory/2184-301-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2184-302-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2764-5-0x000000013F3A0000-0x000000013F498000-memory.dmp

Filesize
992KB

Download
memory/2764-6-0x000007FEF7210000-0x000007FEF7244000-memory.dmp

Filesize
208KB

Download
memory/2764-14-0x000007FEF7040000-0x000007FEF7051000-memory.dmp

Filesize
68KB

Download
memory/2764-13-0x000007FEF7060000-0x000007FEF707D000-memory.dmp

Filesize
116KB

Download
memory/2764-12-0x000007FEF7080000-0x000007FEF7091000-memory.dmp

Filesize
68KB

Download
memory/2764-11-0x000007FEF70A0000-0x000007FEF70B7000-memory.dmp

Filesize
92KB

Download
memory/2764-10-0x000007FEF70C0000-0x000007FEF70D1000-memory.dmp

Filesize
68KB

Download
memory/2764-9-0x000007FEF72E0000-0x000007FEF72F7000-memory.dmp

Filesize
92KB

Download
memory/2764-7-0x000007FEF5C50000-0x000007FEF5F06000-memory.dmp

Filesize
2.7MB

Download
memory/2764-8-0x000007FEFB270000-0x000007FEFB288000-memory.dmp

Filesize
96KB

Download
memory/2764-15-0x000007FEF5A40000-0x000007FEF5C4B000-memory.dmp

Filesize
2.0MB

Download
memory/2764-17-0x000007FEF6FF0000-0x000007FEF7031000-memory.dmp

Filesize
260KB

Download
memory/2764-18-0x000007FEF6FC0000-0x000007FEF6FE1000-memory.dmp

Filesize
132KB

Download
memory/2764-19-0x000007FEF6FA0000-0x000007FEF6FB8000-memory.dmp

Filesize
96KB

Download
memory/2764-20-0x000007FEF6F80000-0x000007FEF6F91000-memory.dmp

Filesize
68KB

Download
memory/2764-32-0x000007FEF5F80000-0x000007FEF5F97000-memory.dmp

Filesize
92KB

Download
memory/2764-21-0x000007FEF6580000-0x000007FEF6591000-memory.dmp

Filesize
68KB

Download
memory/2764-22-0x000007FEF6560000-0x000007FEF6571000-memory.dmp

Filesize
68KB

Download
memory/2764-16-0x000007FEF4990000-0x000007FEF5A40000-memory.dmp

Filesize
16.7MB

Download
memory/2764-31-0x000007FEF47B0000-0x000007FEF4930000-memory.dmp

Filesize
1.5MB

Download
memory/2764-30-0x000007FEF4930000-0x000007FEF4987000-memory.dmp

Filesize
348KB

Download
memory/2764-29-0x000007FEF5FA0000-0x000007FEF5FB1000-memory.dmp

Filesize
68KB

Download
memory/2764-28-0x000007FEF63E0000-0x000007FEF645C000-memory.dmp

Filesize
496KB

Download
memory/2764-27-0x000007FEF6460000-0x000007FEF64C7000-memory.dmp

Filesize
412KB

Download
memory/2764-26-0x000007FEF64D0000-0x000007FEF6500000-memory.dmp

Filesize
192KB

Download
memory/2764-25-0x000007FEF6500000-0x000007FEF6518000-memory.dmp

Filesize
96KB

Download
memory/2764-24-0x000007FEF6520000-0x000007FEF6531000-memory.dmp

Filesize
68KB

Download
memory/2764-23-0x000007FEF6540000-0x000007FEF655B000-memory.dmp

Filesize
108KB

Download
memory/2764-48-0x000007FEF2210000-0x000007FEF2223000-memory.dmp

Filesize
76KB

Download
memory/2764-47-0x000007FEF2230000-0x000007FEF2253000-memory.dmp

Filesize
140KB

Download
memory/2764-58-0x000007FEF1720000-0x000007FEF1777000-memory.dmp

Filesize
348KB

Download
memory/2764-57-0x000007FEF1780000-0x000007FEF17CE000-memory.dmp

Filesize
312KB

Download
memory/2764-55-0x000007FEF1BE0000-0x000007FEF1C54000-memory.dmp

Filesize
464KB

Download
memory/2764-54-0x000007FEF1C60000-0x000007FEF1CA7000-memory.dmp

Filesize
284KB

Download
memory/2764-53-0x000007FEF1CB0000-0x000007FEF1D11000-memory.dmp

Filesize
388KB

Download
memory/2764-52-0x000007FEF1D20000-0x000007FEF1D31000-memory.dmp

Filesize
68KB

Download
memory/2764-51-0x000007FEF20C0000-0x000007FEF20D2000-memory.dmp

Filesize
72KB

Download
memory/2764-50-0x000007FEF20E0000-0x000007FEF20F1000-memory.dmp

Filesize
68KB

Download
memory/2764-49-0x000007FEF2100000-0x000007FEF2206000-memory.dmp

Filesize
1.0MB

Download
memory/2764-33-0x000007FEF2F40000-0x000007FEF47AF000-memory.dmp

Filesize
24.4MB

Download
memory/2764-59-0x000007FEF16E0000-0x000007FEF1714000-memory.dmp

Filesize
208KB

Download
memory/2764-56-0x000007FEF1A70000-0x000007FEF1A81000-memory.dmp

Filesize
68KB

Download
memory/2764-46-0x000007FEF2280000-0x000007FEF2295000-memory.dmp

Filesize
84KB

Download
memory/2764-45-0x000007FEF2600000-0x000007FEF266D000-memory.dmp

Filesize
436KB

Download
memory/2764-44-0x000007FEF2670000-0x000007FEF26D2000-memory.dmp

Filesize
392KB

Download
memory/2764-43-0x000007FEF26E0000-0x000007FEF2722000-memory.dmp

Filesize
264KB

Download
memory/2764-42-0x000007FEF2730000-0x000007FEF27F5000-memory.dmp

Filesize
788KB

Download
memory/2764-41-0x000007FEF2800000-0x000007FEF2816000-memory.dmp

Filesize
88KB

Download
memory/2764-40-0x000007FEF2820000-0x000007FEF2831000-memory.dmp

Filesize
68KB

Download
memory/2764-39-0x000007FEF2840000-0x000007FEF286F000-memory.dmp

Filesize
188KB

Download
memory/2764-38-0x000007FEFA940000-0x000007FEFA950000-memory.dmp

Filesize
64KB

Download
memory/2764-37-0x000007FEF2C90000-0x000007FEF2CDD000-memory.dmp

Filesize
308KB

Download
memory/2764-36-0x000007FEF2CE0000-0x000007FEF2D22000-memory.dmp

Filesize
264KB

Download
memory/2764-35-0x000007FEF5F60000-0x000007FEF5F72000-memory.dmp

Filesize
72KB

Download
memory/2764-34-0x000007FEF2D30000-0x000007FEF2F36000-memory.dmp

Filesize
2.0MB

Download