Analysis
-
max time kernel
147s -
max time network
104s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
19/08/2024, 12:01
Static task
static1
Behavioral task
behavioral1
Sample
_Getintopc.com_SoundToys.v5.0.1.10839.rar
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
_Getintopc.com_SoundToys.v5.0.1.10839.rar
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
SoundToys.v5.0.1.10839.exe
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
SoundToys.v5.0.1.10839.exe
Resource
win10v2004-20240802-en
General
-
Target
_Getintopc.com_SoundToys.v5.0.1.10839.rar
-
Size
74.2MB
-
MD5
f5725ab8f2efd81550a7d4d47f354e24
-
SHA1
b282ff8fd33fd3def1e76f5a3d86609bfee06048
-
SHA256
ad220d0a3f32ed496c856e5e8cfa2de84b86666247245e862eb6509c1427e8ff
-
SHA512
6e7895f706351ace73b57496618e6a044e5f481aeb0ae31fa90dcf40ce91d4c3f627ab3cbaea3f2fb21f76ae46877c5e43216c7e3908e1347e118d4dd433cb4e
-
SSDEEP
1572864:TbuSn781bt5PTQk5O34Kh9J5MkMggUT5McV3/I/RKEcEqb4mZM+Gwp3PJuP:3bn7qjPckA3lh9gjggsMcV3w/cEO48/O
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings cmd.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1680 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 4004 OpenWith.exe 1680 vlc.exe -
Suspicious use of FindShellTrayWindow 8 IoCs
pid Process 1680 vlc.exe 1680 vlc.exe 1680 vlc.exe 1680 vlc.exe 1680 vlc.exe 1680 vlc.exe 1680 vlc.exe 1680 vlc.exe -
Suspicious use of SendNotifyMessage 7 IoCs
pid Process 1680 vlc.exe 1680 vlc.exe 1680 vlc.exe 1680 vlc.exe 1680 vlc.exe 1680 vlc.exe 1680 vlc.exe -
Suspicious use of SetWindowsHookEx 22 IoCs
pid Process 4004 OpenWith.exe 4004 OpenWith.exe 4004 OpenWith.exe 4004 OpenWith.exe 4004 OpenWith.exe 4004 OpenWith.exe 4004 OpenWith.exe 4004 OpenWith.exe 4004 OpenWith.exe 4004 OpenWith.exe 4004 OpenWith.exe 4004 OpenWith.exe 4004 OpenWith.exe 4004 OpenWith.exe 4004 OpenWith.exe 4004 OpenWith.exe 4004 OpenWith.exe 4004 OpenWith.exe 4004 OpenWith.exe 4004 OpenWith.exe 4004 OpenWith.exe 1680 vlc.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 4004 wrote to memory of 1680 4004 OpenWith.exe 97 PID 4004 wrote to memory of 1680 4004 OpenWith.exe 97
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\_Getintopc.com_SoundToys.v5.0.1.10839.rar1⤵
- Modifies registry class
PID:4864
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4004 -
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\_Getintopc.com_SoundToys.v5.0.1.10839.rar"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1680
-