Overview

overview

10

Static

static

10

42 prikolyxa.zip

windows10-2004-x64

1

42 prikoly...db.dll

windows10-2004-x64

1

42 prikoly...db.dll

windows10-2004-x64

1

42 prikoly...ks.dll

windows10-2004-x64

1

42 prikoly...il.dll

windows10-2004-x64

1

42 prikoly...ts.dll

windows10-2004-x64

1

42 prikoly...re.dll

windows10-2004-x64

1

42 prikoly...rs.dll

windows10-2004-x64

1

42 prikoly...ed.dll

windows10-2004-x64

1

42 prikoly...ls.dll

windows10-2004-x64

1

42 prikoly...io.dll

windows10-2004-x64

1

42 prikoly...on.dll

windows10-2004-x64

1

42 prikoly...ws.dll

windows10-2004-x64

1

42 prikoly...ne.dll

windows10-2004-x64

1

42 prikoly...at.dll

windows10-2004-x64

1

42 prikoly...rd.dll

windows10-2004-x64

1

42 prikoly...ss.dll

windows10-2004-x64

1

42 prikoly...er.dll

windows10-2004-x64

1

42 prikoly...er.dll

windows10-2004-x64

1

42 prikoly...er.dll

windows10-2004-x64

1

42 prikoly...DP.dll

windows10-2004-x64

1

42 prikoly...NC.dll

windows10-2004-x64

1

42 prikoly...ry.dll

windows10-2004-x64

1

42 prikoly...ps.dll

windows10-2004-x64

1

42 prikoly...ns.dll

windows10-2004-x64

1

42 prikoly...er.dll

windows10-2004-x64

1

42 prikoly...me.txt

windows10-2004-x64

1

42 prikoly...at.wav

windows10-2004-x64

6

42 prikoly...ro.wav

windows10-2004-x64

6

42 prikoly...xe.xml

windows10-2004-x64

1

42 prikoly...config

windows10-2004-x64

3

42 prikoly...config

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-08-2024 23:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    42 prikolyxa/Sounds/Intro.wav

  • Size

    238KB

  • MD5

    ad3b4fae17bcabc254df49f5e76b87a6

  • SHA1

    1683ff029eebaffdc7a4827827da7bb361c8747e

  • SHA256

    e3e5029bf5f29fa32d2f6cdda35697cd8e6035d5c78615f64d0b305d1bd926cf

  • SHA512

    3d6ecc9040b5079402229c214cb5f9354315131a630c43d1da95248edc1b97627fb9ba032d006380a67409619763fb91976295f8d22ca91894c88f38bb610cd3

  • SSDEEP

    3072:FU3hYG9X9JzhaLL5+QYKHZDa6D+4LT92KEpcP+b8FGUt0Ybs5e9jXjubLtNmBNs9:GjVsLL5lva6D+4P9llWvaGe9CHeBNm

Score
6/10
discovery

Malware Config

Signatures

  • Drops desktop.ini file(s) 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Users\Admin\AppData\Local\Temp\42 prikolyxa\Sounds\Intro.wav"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1180
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4604
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:3376
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:1612
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x4c4 0x244
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4072

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    384KB

    MD5

    5f77e2589660a79c038fbb3c0801827c

    SHA1

    2d3ae441464869ec3a13409b8151f56d1f214c61

    SHA256

    cc3ac2f756132a1a7491374df8d2422589e4c739d3cfe544cc5965f07fb19d53

    SHA512

    9bf1d722ffee0fa0b1788fb75b93ca1f259c4c398443e0d7123211a4a92a74ede8dd9b3e203dd6fa8ce368dcfab2436311dbbf36210893e72a253fd2845639ca

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    1024KB

    MD5

    da116dd3c14509595a81e7725fb7b1c9

    SHA1

    202166a2769cee3393245d52837b506afcd2ebd1

    SHA256

    a291d0fc3c668b54cfaf02376b993829946853b90475d1f65db7c31e478cea88

    SHA512

    a649b734ddfd3dd45602b4153d36b4890a7a62b97119fe13c15d4d3889f453cd675155028560f86c041784f217359ee78fa5eda64c154b66c8f6c44b572811dc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
    Filesize

    68KB

    MD5

    59737b30e6237190046ca6d8592e4176

    SHA1

    35b103ca14bec781d916e5edc4a502743cfe70e9

    SHA256

    3b122bf17a90d5127b756a429e1933ba2427d90407419868e919d5996ab66ab6

    SHA512

    2f43652dce126da0428c52672feeb4ff0856e57751f649c39cc72870ec27627dc7f681048bb305ebbf55cd5f67df676afc0cf44d1c4c7af7c47d557ea6f19c19

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
    Filesize

    498B

    MD5

    90be2701c8112bebc6bd58a7de19846e

    SHA1

    a95be407036982392e2e684fb9ff6602ecad6f1e

    SHA256

    644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

    SHA512

    d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
    Filesize

    9KB

    MD5

    5433eab10c6b5c6d55b7cbd302426a39

    SHA1

    c5b1604b3350dab290d081eecd5389a895c58de5

    SHA256

    23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131

    SHA512

    207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
    Filesize

    1KB

    MD5

    4f15c894e062bffd24c36c560a9a7dc5

    SHA1

    10508adccbac09b965910a3202b63e78b2086c86

    SHA256

    5f559c23ed2ded280ffc74ee1645a358333346173a9fe99c9057512d5887808a

    SHA512

    0e8d1e90f84b4e2321421bd389fdc62496565916c6c58657be3aa2a53cd82d80c7f2ba24a67a8279961770f4cbe0467cb030eb3b957bb082e9a96f5671dee9a7

    Download Submit

  • memory/1180-32-0x0000000004D90000-0x0000000004DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1180-27-0x0000000004D90000-0x0000000004DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1180-29-0x0000000004D90000-0x0000000004DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1180-31-0x0000000004D90000-0x0000000004DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1180-28-0x0000000004D90000-0x0000000004DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1180-30-0x0000000004D90000-0x0000000004DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1180-47-0x0000000005270000-0x0000000005280000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1180-54-0x0000000005270000-0x0000000005280000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1180-59-0x0000000005270000-0x0000000005280000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1180-61-0x0000000005270000-0x0000000005280000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1180-62-0x0000000005270000-0x0000000005280000-memory.dmp

    Filesize

    64KB

    Download