Overview

overview

6

Static

static

1

public.m4v

windows7-x64

1

public.m4v

windows10-2004-x64

6

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-08-2024 19:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    public.m4v

  • Size

    54.1MB

  • MD5

    73d120be42acb242f7af4e2fbce17f1b

  • SHA1

    4867b70a24dfbc9f8d4b169b69b8bedb61b2707b

  • SHA256

    cb09866e55ddab4bcb26fe3549d40670f70b234f8a8780cd31f70953b0cc5399

  • SHA512

    73bbd65edf26880cd7a6e9b9d505acf9b2840d5ccde5db0c7c1e2e0810bdd0ca529be5c265d60037a4fcc788de4f768bf49b95f3965461b647b07a3aead911c5

  • SSDEEP

    1572864:BEn3uSwpbjk2Lc9h6rRlfj6UbSRN6N6pYGnTSNxrbc:mn31wvAKlZj6VNc6pYGR

Score
6/10
discovery

Malware Config

Signatures

  • Drops desktop.ini file(s) 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 2 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\public.m4v"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:3460
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:5032
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:3260
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 2348
      2⤵
      • Program crash
      PID:3944
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:8
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x45c 0x38c
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1340
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 3460 -ip 3460
    1⤵
      PID:2180

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
      Filesize

      256KB

      MD5

      29bd18035ac3468ed8ee41ba90d66f22

      SHA1

      36e76825c5aff3f599ec16a85b14ee487595a69d

      SHA256

      eca587e1d30a5a9c65a7f3d69272ebc2890a0ec954d1ee4ad7d5ac45bd95ddc8

      SHA512

      b1b8a231de045c227d430c9edd5996b882153fd848fc319ba2dfbfc7aa309bce8a3551889f735f6de6d6fdfc09a1ffad4dcb4fd7ff2d4017eeb2c97f7a83f7d0

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
      Filesize

      1024KB

      MD5

      d44d67160257a4cc1270b68df34eb0a7

      SHA1

      57cca517373b9aaf9874e8b0c48beced7e9a89c0

      SHA256

      fc9684d381a26a225684d91823d284cd9c1fd6856f123f4c660d1f64a5e2eb43

      SHA512

      aa698453178702fdef1f9ee71f43c3096129b2bdf3341ffbece5c3d9c58ad7c4e917fc235b42cc19cf5a335279db55fe10454130a4e3717c37d61ae782b70176

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
      Filesize

      68KB

      MD5

      39c14b1d554328291879c0f7c703520b

      SHA1

      e76650b4951cb7170c092bded0c57c41f87d3abd

      SHA256

      ddf23d3ca62c3cc7977536ea5d30712e9384953d1b2a5fb3a70e12f605e55ef5

      SHA512

      fb6fd1996a69c4c5513c615abe0b8ccf694e7d8ed9ded1d7b7e949fc20fe3d7c68d7b1de0e839d87390b452d04983387c3d20206ae83d1176f8e6502f3c32e38

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
      Filesize

      498B

      MD5

      90be2701c8112bebc6bd58a7de19846e

      SHA1

      a95be407036982392e2e684fb9ff6602ecad6f1e

      SHA256

      644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

      SHA512

      d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
      Filesize

      9KB

      MD5

      5433eab10c6b5c6d55b7cbd302426a39

      SHA1

      c5b1604b3350dab290d081eecd5389a895c58de5

      SHA256

      23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131

      SHA512

      207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
      Filesize

      9KB

      MD5

      7050d5ae8acfbe560fa11073fef8185d

      SHA1

      5bc38e77ff06785fe0aec5a345c4ccd15752560e

      SHA256

      cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

      SHA512

      a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
      Filesize

      1KB

      MD5

      01136f9aa2fbbc965734fb1c082322d4

      SHA1

      d08e056f87f472d8919fb6776d3b698a3e29b1ae

      SHA256

      e9647dbea2cff13014c344c5ba2a812f44ab2b04e39a7368f630374a32b4ced3

      SHA512

      f55a6d8f946b290eaa0310848bb158005584b9344be1d680e519ae5ae09b87a346d896b09cfd1e121e747f8b81454bfa67feffd63c5f61cf78b14b2d13afcf7b

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms
      Filesize

      1KB

      MD5

      0f0a68cca4abae516477495281f66987

      SHA1

      d6f48747dcffbd662452dbf5d517c5bd2dfc60de

      SHA256

      e9e9cf5baf4efc6562c27adc224071827f216fb8b4a1efdaaba00c43b9ab96e9

      SHA512

      ffc502421679ca507e7a97c19a74f7e992d5c5f94ce44fa1606de5bc14bcd5b44b00311437f4ce7c43f85742276cb59d8e3cfa4418031a2c3b3653f357c22836

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms
      Filesize

      3KB

      MD5

      2fab99c027c4f7670c43e2c1108d7c01

      SHA1

      2972522c92e7017536bf905e2089f5ed70ed7779

      SHA256

      ba3433ffec61801aeb8107b1745b4d5cc64270556683c81c5f8f7e4913af604e

      SHA512

      03e794f7185ba20e4dc4af839aa7d64025391358f0dd81e21587fea90d0f58cb2344d99c497c714c0398b46170771d4beabd5a2962c0c18fdd217cf01d487e80

      Download Submit

    • memory/3460-35-0x0000000007CB0000-0x0000000007CC0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3460-44-0x0000000007A60000-0x0000000007A70000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3460-38-0x0000000007CB0000-0x0000000007CC0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3460-37-0x0000000007CB0000-0x0000000007CC0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3460-36-0x0000000007CB0000-0x0000000007CC0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3460-34-0x0000000007CB0000-0x0000000007CC0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3460-40-0x0000000007CB0000-0x0000000007CC0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3460-41-0x0000000007CB0000-0x0000000007CC0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3460-43-0x0000000005130000-0x0000000005140000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3460-39-0x0000000007CB0000-0x0000000007CC0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3460-42-0x0000000005130000-0x0000000005140000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3460-45-0x0000000005130000-0x0000000005140000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3460-46-0x0000000005130000-0x0000000005140000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3460-33-0x0000000007A60000-0x0000000007A70000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3460-29-0x0000000005130000-0x0000000005140000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3460-31-0x0000000005130000-0x0000000005140000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3460-32-0x0000000005130000-0x0000000005140000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3460-72-0x0000000005130000-0x0000000005140000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3460-30-0x0000000005130000-0x0000000005140000-memory.dmp

      Filesize

      64KB

      Download