51d50b014652cec1456ccde2de10ab057c59944de2b8596db39c04e8b6f27b34

Resubmissions

03/09/2024, 06:58

240903-hrg1fszgpq 3

03/09/2024, 06:56

240903-hqmvba1gmg 3

03/09/2024, 06:52

240903-hm4nna1fpg 3

Analysis

max time kernel
76s
max time network
56s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/09/2024, 06:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Tool.rar
Size

30.3MB
MD5

07e35cbfc6611ab3992c940359271d79
SHA1

74ea5ed13ea7400d431472ac2b95d59d954e28a3
SHA256

51d50b014652cec1456ccde2de10ab057c59944de2b8596db39c04e8b6f27b34
SHA512

0ae9d57d030c341d75d60df24ccb8295ed8f599c42c5bc6c84984ff0d9a5fdc3fa59fca5dac7c93a8a1684181557e5143f9f2f3d3827fe612a0dec73f61032c9
SSDEEP

786432:T3fVM+Y4cslYNeOGbrJU5GrTtCgWvFWYpYdT4rpAzLFpQiZ0F7:rVWsoeNJUwnNWvFWYG4rpMpD0F7

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_Classes\Local Settings	rundll32.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1920	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1920	vlc.exe

Suspicious use of FindShellTrayWindow 15 IoCs

pid	Process
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe
1920	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1920	vlc.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 1968	1184	cmd.exe	31
PID 1184 wrote to memory of 1968	1184	cmd.exe	31
PID 1184 wrote to memory of 1968	1184	cmd.exe	31
PID 1968 wrote to memory of 2836	1968	rundll32.exe	32
PID 1968 wrote to memory of 2836	1968	rundll32.exe	32
PID 1968 wrote to memory of 2836	1968	rundll32.exe	32
PID 2836 wrote to memory of 1920	2836	rundll32.exe	35
PID 2836 wrote to memory of 1920	2836	rundll32.exe	35
PID 2836 wrote to memory of 1920	2836	rundll32.exe	35

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Tool.rar
1⤵
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Tool.rar
  2⤵
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:1968
- - C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Tool.rar
    3⤵
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2836
  - - C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Tool.rar"
      4⤵
      Suspicious behavior: AddClipboardFormatListener
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:1920

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
81B

MD5
c8ac3b01273c39cb4dfa98f85f33c573

SHA1
65fee45778fd3f1bf5a004e70f39923642ab500c

SHA256
dcfc03b5d87d36317ffc03d7c5da2ecefe3d4825046806f72be50863b1f80f02

SHA512
bb9d7151f2e717088cef2e88e20890df0bed339b250a27354e7f0009bc4f71c55bbcd8b1204cd6ce4ba2811fdf555d21e0d1f040edb8e4fbb8e1342df59dc43f

Download Submit
memory/1920-44-0x000007FEF73D0000-0x000007FEF73E1000-memory.dmp

Filesize
68KB

Download
memory/1920-42-0x000007FEF73F0000-0x000007FEF7411000-memory.dmp

Filesize
132KB

Download
memory/1920-34-0x000007FEFB5E0000-0x000007FEFB5F1000-memory.dmp

Filesize
68KB

Download
memory/1920-33-0x000007FEFB600000-0x000007FEFB617000-memory.dmp

Filesize
92KB

Download
memory/1920-37-0x000007FEF7F30000-0x000007FEF7F4D000-memory.dmp

Filesize
116KB

Download
memory/1920-36-0x000007FEF7F50000-0x000007FEF7F61000-memory.dmp

Filesize
68KB

Download
memory/1920-35-0x000007FEFB5C0000-0x000007FEFB5D7000-memory.dmp

Filesize
92KB

Download
memory/1920-38-0x000007FEF7F10000-0x000007FEF7F21000-memory.dmp

Filesize
68KB

Download
memory/1920-31-0x000007FEF6730000-0x000007FEF69E6000-memory.dmp

Filesize
2.7MB

Download
memory/1920-39-0x000007FEF6520000-0x000007FEF672B000-memory.dmp

Filesize
2.0MB

Download
memory/1920-41-0x000007FEF7420000-0x000007FEF7461000-memory.dmp

Filesize
260KB

Download
memory/1920-48-0x000007FEF6DA0000-0x000007FEF6DB1000-memory.dmp

Filesize
68KB

Download
memory/1920-47-0x000007FEF6DC0000-0x000007FEF6DDB000-memory.dmp

Filesize
108KB

Download
memory/1920-46-0x000007FEF7390000-0x000007FEF73A1000-memory.dmp

Filesize
68KB

Download
memory/1920-45-0x000007FEF73B0000-0x000007FEF73C1000-memory.dmp

Filesize
68KB

Download
memory/1920-30-0x000007FEFB640000-0x000007FEFB674000-memory.dmp

Filesize
208KB

Download
memory/1920-32-0x000007FEFB620000-0x000007FEFB638000-memory.dmp

Filesize
96KB

Download
memory/1920-43-0x000007FEF7940000-0x000007FEF7958000-memory.dmp

Filesize
96KB

Download
memory/1920-49-0x000007FEF6D80000-0x000007FEF6D98000-memory.dmp

Filesize
96KB

Download
memory/1920-50-0x000007FEF64F0000-0x000007FEF6520000-memory.dmp

Filesize
192KB

Download
memory/1920-61-0x000007FEF4100000-0x000007FEF4111000-memory.dmp

Filesize
68KB

Download
memory/1920-60-0x000007FEF62B0000-0x000007FEF62C2000-memory.dmp

Filesize
72KB

Download
memory/1920-59-0x000007FEF62D0000-0x000007FEF62E1000-memory.dmp

Filesize
68KB

Download
memory/1920-58-0x000007FEF62F0000-0x000007FEF6313000-memory.dmp

Filesize
140KB

Download
memory/1920-57-0x000007FEF6320000-0x000007FEF6338000-memory.dmp

Filesize
96KB

Download
memory/1920-56-0x000007FEF6340000-0x000007FEF6364000-memory.dmp

Filesize
144KB

Download
memory/1920-55-0x000007FEF6370000-0x000007FEF6398000-memory.dmp

Filesize
160KB

Download
memory/1920-54-0x000007FEF63A0000-0x000007FEF63F7000-memory.dmp

Filesize
348KB

Download
memory/1920-53-0x000007FEF6D60000-0x000007FEF6D71000-memory.dmp

Filesize
68KB

Download
memory/1920-52-0x000007FEF6400000-0x000007FEF647C000-memory.dmp

Filesize
496KB

Download
memory/1920-51-0x000007FEF6480000-0x000007FEF64E7000-memory.dmp

Filesize
412KB

Download
memory/1920-40-0x000007FEF4B70000-0x000007FEF5C20000-memory.dmp

Filesize
16.7MB

Download
memory/1920-62-0x000007FEF2720000-0x000007FEF3F8F000-memory.dmp

Filesize
24.4MB

Download
memory/1920-29-0x000000013F6F0000-0x000000013F7E8000-memory.dmp

Filesize
992KB

Download