Overview

overview

6

Static

static

1

VID_202409...09.mp4

windows7-x64

1

VID_202409...09.mp4

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/09/2024, 02:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    VID_20240907_204109.mp4

  • Size

    21.5MB

  • MD5

    e7263672c6ccfb516435def16cd06abd

  • SHA1

    3fe1238d0c16328160d5601aae0e555c3939ddad

  • SHA256

    189e239dd3bb743ae36d8459e18451c9fd059bbe486f7ae2e7c6542832981746

  • SHA512

    b46a2ba658c76eac0698f8219c9ee1e67bd7d4af206779c5e00a4efd3bcd319e269cc39dbfaa8c8cc8731baf6f58f980c5a16b9afcf6122bf89411c84288c5ce

  • SSDEEP

    393216:cPv1bNo+ahTTI5CSqVpYjIBAEWIb5oGuIYlOGyZE/Ow3EAzzGJ2n35QZHT:clbNxClEXE5oXtlBcE2wUM7n356z

Score
6/10
discovery

Malware Config

Signatures

  • Drops desktop.ini file(s) 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\VID_20240907_204109.mp4"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:4148
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2556
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:4284
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:4960
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x500 0x4f4
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4604

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
          Filesize

          64KB

          MD5

          987a07b978cfe12e4ce45e513ef86619

          SHA1

          22eec9a9b2e83ad33bedc59e3205f86590b7d40c

          SHA256

          f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8

          SHA512

          39b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
          Filesize

          1024KB

          MD5

          4a52984c0a49dc430d6991f84307a5e1

          SHA1

          8139e45bf4364fea4fd13b40133521256cab2160

          SHA256

          5011918212c797198bef0f6850eda315778eedb42c4fd00acc0afbddf8485cfd

          SHA512

          c78ffa57b9e50eb0dc804ac665bf518abe6d4e6e520cf02656c0ecf3a513be1374b865b58d04082ba45a903dba13f25f64db3459e374aa338280dffdd629c87e

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
          Filesize

          68KB

          MD5

          6f6c9ceeeebf883a78c0f28995047ada

          SHA1

          97677a7717f02e7c8cfcd9e29fb359749d6c7dd7

          SHA256

          1a2ee0c4b5f14f1e8e3634943a0094b537ad5192a16b749b5209be683d73a42c

          SHA512

          38cf0dd0ffc00fc9697e950947ea733c9ce85d93ef3a5ee4d38f7baa9eba369658ff13fd415128e38c8219a9d385988dd881308e48705817ec77870abd810546

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
          Filesize

          498B

          MD5

          90be2701c8112bebc6bd58a7de19846e

          SHA1

          a95be407036982392e2e684fb9ff6602ecad6f1e

          SHA256

          644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

          SHA512

          d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
          Filesize

          9KB

          MD5

          7050d5ae8acfbe560fa11073fef8185d

          SHA1

          5bc38e77ff06785fe0aec5a345c4ccd15752560e

          SHA256

          cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

          SHA512

          a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
          Filesize

          1KB

          MD5

          c5667a9ef39062fa834129e0cc41b0ea

          SHA1

          57d36d5ce8ca511797c64cc6cd7419c3b81ebb29

          SHA256

          ee16f327ccc03ce68d04662c07b1dabe6a5efdc3aec93fe8427f64d480cb145d

          SHA512

          d799053df58fd6bf149860934cf42e756f4130fee828152d9b8d7c6d632a089459ccb53ea3bc6ecf33265698cf07cc005d6440057b5b544b2b1d1be1ad97ad58

          Download Submit

        • memory/4148-37-0x0000000007CD0000-0x0000000007CE0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4148-34-0x0000000007480000-0x0000000007490000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4148-36-0x0000000007480000-0x0000000007490000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4148-38-0x000000000A050000-0x000000000A060000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4148-39-0x000000000A050000-0x000000000A060000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4148-41-0x0000000007480000-0x0000000007490000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4148-40-0x0000000007480000-0x0000000007490000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4148-42-0x000000000A050000-0x000000000A060000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4148-33-0x0000000007480000-0x0000000007490000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4148-35-0x0000000007480000-0x0000000007490000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4148-57-0x0000000007EF0000-0x0000000007F00000-memory.dmp

          Filesize

          64KB

          Download