Overview

overview

6

Static

static

1

1511139141189123.mp4

windows10-2004-x64

6

Analysis

  • max time kernel
    127s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-08-2024 20:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1511139141189123.mp4

  • Size

    28.3MB

  • MD5

    da3f84814438b891a4a2543c0eb127b7

  • SHA1

    d2a9d301b5648d65deb3ddb46af80aabf097b22b

  • SHA256

    f1a32365f598902ca6a66beca4bf83141262208217f86ce0339d437bc9423374

  • SHA512

    51f33d8e856e7537d39bb5e7e4bdb1034648f35bf499caa8f44340de6c3fd307a10c1020b433dacc01fba1e1027fcf1e967bca42603c5d9b1b925b58e29b10cf

  • SSDEEP

    393216:uZRFi6i+ifisWiniZiciLiCiFiwiFiwiFiwiFiwiFiwiFiwiFiwiFiwiFiwiFiw5:R

Score
6/10
discovery

Malware Config

Signatures

  • Drops desktop.ini file(s) 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 34 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\1511139141189123.mp4"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:3224
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1212
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:1112
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:2756
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x4ec 0x150
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1592

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    384KB

    MD5

    c7ca2711d80cd052da0d98ce7e6dec6b

    SHA1

    b051f0425224cf70e3a10636c21bf113bd1cd301

    SHA256

    a0c1147d7f6adb99735dc3fa370ef6fb8e6ddd3687eb7afd677af5c71df6957f

    SHA512

    487b985fe8a4fb9a0cb59ffb0b485133e0b089115e36b9bc3f0cbb64babd899daf1b282a9554b45874a59a4c7d9c07db370650c28a5731bde50f52e66a0fc0af

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    1024KB

    MD5

    22c22807932e69226ba9434ed09276b0

    SHA1

    f14270b7cbe6d54f1204a0c6f1318c73283c8d96

    SHA256

    4a5c7aa7c81bb2fdc5c20dd122f7b4ca99f3f206bed12bc4a7f462060077b655

    SHA512

    6c53d7bbc12e806b4be682e638b535b608da3c464ea5c83e1a51f03c56416db340a87090a13d888f1a66452aaacd5f53a7292eded06192928ec6d8a67bf0e630

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
    Filesize

    68KB

    MD5

    26ce914baed3697027e2318fe37b203b

    SHA1

    b93464308160ed0537de746d70cec8deb947e9a9

    SHA256

    78562dd829ac116b191d4ed0795b8244c59970acd841a2c727c39de80597b0be

    SHA512

    5ec8c87c3c76590539b278cd59942ff07b887c4fe22ce87f403bc72b331f1b828061d681e970af5d03248d2d2788daea220f0cfbed99f133965754aa10d506a4

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
    Filesize

    498B

    MD5

    90be2701c8112bebc6bd58a7de19846e

    SHA1

    a95be407036982392e2e684fb9ff6602ecad6f1e

    SHA256

    644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

    SHA512

    d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
    Filesize

    9KB

    MD5

    7050d5ae8acfbe560fa11073fef8185d

    SHA1

    5bc38e77ff06785fe0aec5a345c4ccd15752560e

    SHA256

    cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

    SHA512

    a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
    Filesize

    1KB

    MD5

    3a976c92042a28a5859fa45567be8880

    SHA1

    ff57f2a24bef82b23f454a70b99125e5bc1871b7

    SHA256

    fb4ce3e1172756940518b11713d6f2a209e3626e0cc57f1a647ec1f4a10aec45

    SHA512

    e6925f061706e41f681bb20ef3a6bc8e651897a2b19bcd232bb636df92cf04ae3bc7721f4e4167abd8d75dfd203ccb7e52fd05e2371b8f7777cc781238ee76bf

    Download Submit

  • memory/3224-35-0x0000000005150000-0x0000000005160000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-33-0x0000000005150000-0x0000000005160000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-36-0x0000000005150000-0x0000000005160000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-34-0x0000000005150000-0x0000000005160000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-37-0x0000000009E30000-0x0000000009E40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-38-0x0000000009F70000-0x0000000009F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-39-0x0000000009F70000-0x0000000009F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-41-0x0000000005150000-0x0000000005160000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-40-0x0000000005150000-0x0000000005160000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-42-0x0000000009F70000-0x0000000009F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-52-0x00000000073C0000-0x00000000073D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-55-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-56-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-57-0x0000000009F70000-0x0000000009F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-58-0x0000000009F70000-0x0000000009F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-59-0x0000000009F70000-0x0000000009F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-60-0x0000000009F70000-0x0000000009F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-61-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-62-0x0000000009F70000-0x0000000009F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-65-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-64-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-63-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-66-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-67-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-68-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-71-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-70-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-69-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-72-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-73-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-74-0x0000000009F70000-0x0000000009F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-75-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-77-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-79-0x0000000009F70000-0x0000000009F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-78-0x0000000009F70000-0x0000000009F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-80-0x00000000073C0000-0x00000000073D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-82-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-84-0x0000000009F70000-0x0000000009F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-83-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-85-0x0000000009F70000-0x0000000009F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-87-0x0000000009F70000-0x0000000009F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-86-0x0000000009F70000-0x0000000009F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-89-0x0000000009F70000-0x0000000009F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-92-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-91-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-90-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-88-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-93-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-94-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-95-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-98-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-97-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-96-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-99-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-100-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-102-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-101-0x0000000009F70000-0x0000000009F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-106-0x00000000073C0000-0x00000000073D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-105-0x0000000009F70000-0x0000000009F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-104-0x0000000009F70000-0x0000000009F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-108-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-103-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-110-0x00000000079F0000-0x0000000007A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3224-111-0x0000000009F70000-0x0000000009F80000-memory.dmp

    Filesize

    64KB

    Download