Analysis
-
max time kernel
140s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
19/08/2024, 12:01
Static task
static1
Behavioral task
behavioral1
Sample
_Getintopc.com_SoundToys.v5.0.1.10839.rar
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
_Getintopc.com_SoundToys.v5.0.1.10839.rar
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
SoundToys.v5.0.1.10839.exe
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
SoundToys.v5.0.1.10839.exe
Resource
win10v2004-20240802-en
General
-
Target
_Getintopc.com_SoundToys.v5.0.1.10839.rar
-
Size
74.2MB
-
MD5
f5725ab8f2efd81550a7d4d47f354e24
-
SHA1
b282ff8fd33fd3def1e76f5a3d86609bfee06048
-
SHA256
ad220d0a3f32ed496c856e5e8cfa2de84b86666247245e862eb6509c1427e8ff
-
SHA512
6e7895f706351ace73b57496618e6a044e5f481aeb0ae31fa90dcf40ce91d4c3f627ab3cbaea3f2fb21f76ae46877c5e43216c7e3908e1347e118d4dd433cb4e
-
SSDEEP
1572864:TbuSn781bt5PTQk5O34Kh9J5MkMggUT5McV3/I/RKEcEqb4mZM+Gwp3PJuP:3bn7qjPckA3lh9gjggsMcV3w/cEO48/O
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2024 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2024 vlc.exe -
Suspicious use of FindShellTrayWindow 13 IoCs
pid Process 2024 vlc.exe 2024 vlc.exe 2024 vlc.exe 2024 vlc.exe 2024 vlc.exe 2024 vlc.exe 2024 vlc.exe 2024 vlc.exe 2024 vlc.exe 2024 vlc.exe 2024 vlc.exe 2024 vlc.exe 2024 vlc.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 2024 vlc.exe 2024 vlc.exe 2024 vlc.exe 2024 vlc.exe 2024 vlc.exe 2024 vlc.exe 2024 vlc.exe 2024 vlc.exe 2024 vlc.exe 2024 vlc.exe 2024 vlc.exe 2024 vlc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2024 vlc.exe -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 2420 wrote to memory of 2076 2420 cmd.exe 31 PID 2420 wrote to memory of 2076 2420 cmd.exe 31 PID 2420 wrote to memory of 2076 2420 cmd.exe 31 PID 2076 wrote to memory of 2836 2076 rundll32.exe 32 PID 2076 wrote to memory of 2836 2076 rundll32.exe 32 PID 2076 wrote to memory of 2836 2076 rundll32.exe 32 PID 2836 wrote to memory of 2024 2836 rundll32.exe 34 PID 2836 wrote to memory of 2024 2836 rundll32.exe 34 PID 2836 wrote to memory of 2024 2836 rundll32.exe 34
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\_Getintopc.com_SoundToys.v5.0.1.10839.rar1⤵
- Suspicious use of WriteProcessMemory
PID:2420 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\_Getintopc.com_SoundToys.v5.0.1.10839.rar2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2076 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\_Getintopc.com_SoundToys.v5.0.1.10839.rar3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2836 -
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\_Getintopc.com_SoundToys.v5.0.1.10839.rar"4⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2024
-
-
-