Overview
overview
7Static
static
1Dolby_Atmo...m].rar
windows7-x64
3Dolby_Atmo...m].rar
windows10-2004-x64
3Dolby_Atmo...me.txt
windows7-x64
1Dolby_Atmo...me.txt
windows10-2004-x64
1Dolby_Atmo...e.txt~
windows7-x64
3Dolby_Atmo...e.txt~
windows10-2004-x64
3Dolby_Atmo...er.zip
windows7-x64
1Dolby_Atmo...er.zip
windows10-2004-x64
1CaptureStr...or.dll
windows7-x64
1CaptureStr...or.dll
windows10-2004-x64
1DAX3API.exe
windows7-x64
1DAX3API.exe
windows10-2004-x64
1DAX3APIDLL.dll
windows7-x64
1DAX3APIDLL.dll
windows10-2004-x64
1Default.xml
windows7-x64
3Default.xml
windows10-2004-x64
1DolbyAPOv251.dll
windows7-x64
1DolbyAPOv251.dll
windows10-2004-x64
7DolbyAPOvlldp.dll
windows7-x64
1DolbyAPOvlldp.dll
windows10-2004-x64
7DolbyAPOvlldp120.dll
windows7-x64
1DolbyAPOvlldp120.dll
windows10-2004-x64
7DolbyDspVlldp.dll
windows7-x64
1DolbyDspVlldp.dll
windows10-2004-x64
7Headphone_....2.xml
windows7-x64
3Headphone_....2.xml
windows10-2004-x64
1Headphone_....2.xml
windows7-x64
3Headphone_....2.xml
windows10-2004-x64
1Headphone_....2.xml
windows7-x64
3Headphone_....2.xml
windows10-2004-x64
1Headphone_....2.xml
windows7-x64
3Headphone_....2.xml
windows10-2004-x64
1Resubmissions
11-09-2024 18:46
240911-xe5y3swfpp 7Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
11-09-2024 18:46
Static task
static1
Behavioral task
behavioral1
Sample
Dolby_Atmos_Setup_and_ControlPanel [PeskTop.com].rar
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
Dolby_Atmos_Setup_and_ControlPanel [PeskTop.com].rar
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Dolby_Atmos_Setup_and_ControlPanel [PeskTop.com]/Dolby_Atmos_Setup_and_ControlPanel/Readme.txt
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
Dolby_Atmos_Setup_and_ControlPanel [PeskTop.com]/Dolby_Atmos_Setup_and_ControlPanel/Readme.txt
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Dolby_Atmos_Setup_and_ControlPanel [PeskTop.com]/Dolby_Atmos_Setup_and_ControlPanel/Readme.txt~
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
Dolby_Atmos_Setup_and_ControlPanel [PeskTop.com]/Dolby_Atmos_Setup_and_ControlPanel/Readme.txt~
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Dolby_Atmos_Setup_and_ControlPanel [PeskTop.com]/Dolby_Atmos_Setup_and_ControlPanel/Windows_10_64-bit_basic_driver.zip
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral8
Sample
Dolby_Atmos_Setup_and_ControlPanel [PeskTop.com]/Dolby_Atmos_Setup_and_ControlPanel/Windows_10_64-bit_basic_driver.zip
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
CaptureStreamMonitor.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral10
Sample
CaptureStreamMonitor.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
DAX3API.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral12
Sample
DAX3API.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
DAX3APIDLL.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral14
Sample
DAX3APIDLL.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Default.xml
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral16
Sample
Default.xml
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
DolbyAPOv251.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral18
Sample
DolbyAPOv251.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
DolbyAPOvlldp.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral20
Sample
DolbyAPOvlldp.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
DolbyAPOvlldp120.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral22
Sample
DolbyAPOvlldp120.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
DolbyDspVlldp.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral24
Sample
DolbyDspVlldp.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Headphone_Default_Generic_Default_DolbyAtmos_vlldp1.2.xml
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral26
Sample
Headphone_Default_Generic_Default_DolbyAtmos_vlldp1.2.xml
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Headphone_Default_Generic_Large_DolbyAtmos_vlldp1.2.xml
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral28
Sample
Headphone_Default_Generic_Large_DolbyAtmos_vlldp1.2.xml
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Headphone_Default_Generic_Medium_DolbyAtmos_vlldp1.2.xml
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral30
Sample
Headphone_Default_Generic_Medium_DolbyAtmos_vlldp1.2.xml
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Headphone_Default_Generic_Small_DolbyAtmos_vlldp1.2.xml
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral32
Sample
Headphone_Default_Generic_Small_DolbyAtmos_vlldp1.2.xml
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
Dolby_Atmos_Setup_and_ControlPanel [PeskTop.com].rar
-
Size
11.8MB
-
MD5
389125e12835847cf559f0d797342db8
-
SHA1
c9b9b9a1f0b673797254c3b30b32ff075401975b
-
SHA256
e7540e416771a4532807a975e55c934110fd0d1f906d08a400b133e94bebe4c9
-
SHA512
b8701fa9bd28dec31f620e0ccdd237b7317566b71b876535c1cff60266e9c77e5b6909b7d2a5053e354acc2bed885669f113e81d5170addb94602216fe64d00a
-
SSDEEP
196608:DX815W0qNzvNdYk5axsXhwd5L6qljcKe6hrYO2xAeb9IxNlQwdBRNoRA5F+G1kY:DX815WTNdYDxowDLwKe6J8ieuxYmBRNt
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DllHost.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2672 vlc.exe -
Suspicious behavior: EnumeratesProcesses 9 IoCs
pid Process 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2672 vlc.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1132 taskmgr.exe -
Suspicious use of FindShellTrayWindow 45 IoCs
pid Process 2672 vlc.exe 2672 vlc.exe 2672 vlc.exe 2672 vlc.exe 2672 vlc.exe 2672 vlc.exe 2672 vlc.exe 2672 vlc.exe 2672 vlc.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe -
Suspicious use of SendNotifyMessage 43 IoCs
pid Process 2672 vlc.exe 2672 vlc.exe 2672 vlc.exe 2672 vlc.exe 2672 vlc.exe 2672 vlc.exe 2672 vlc.exe 2672 vlc.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe 1132 taskmgr.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2672 vlc.exe -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 2332 wrote to memory of 2468 2332 cmd.exe 31 PID 2332 wrote to memory of 2468 2332 cmd.exe 31 PID 2332 wrote to memory of 2468 2332 cmd.exe 31 PID 2468 wrote to memory of 2796 2468 rundll32.exe 33 PID 2468 wrote to memory of 2796 2468 rundll32.exe 33 PID 2468 wrote to memory of 2796 2468 rundll32.exe 33 PID 2796 wrote to memory of 2672 2796 rundll32.exe 35 PID 2796 wrote to memory of 2672 2796 rundll32.exe 35 PID 2796 wrote to memory of 2672 2796 rundll32.exe 35
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Dolby_Atmos_Setup_and_ControlPanel [PeskTop.com].rar"1⤵
- Suspicious use of WriteProcessMemory
PID:2332 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Dolby_Atmos_Setup_and_ControlPanel [PeskTop.com].rar2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2468 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Dolby_Atmos_Setup_and_ControlPanel [PeskTop.com].rar3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2796 -
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Dolby_Atmos_Setup_and_ControlPanel [PeskTop.com].rar"4⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2672
-
-
-
-
C:\Windows\System32\control.exe"C:\Windows\System32\control.exe" SYSTEM1⤵PID:2832
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
- System Location Discovery: System Language Discovery
PID:2664
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1132