Overview
overview
7Static
static
1Dolby_Atmo...m].rar
windows7-x64
3Dolby_Atmo...m].rar
windows10-2004-x64
3Dolby_Atmo...me.txt
windows7-x64
1Dolby_Atmo...me.txt
windows10-2004-x64
1Dolby_Atmo...e.txt~
windows7-x64
3Dolby_Atmo...e.txt~
windows10-2004-x64
3Dolby_Atmo...er.zip
windows7-x64
1Dolby_Atmo...er.zip
windows10-2004-x64
1CaptureStr...or.dll
windows7-x64
1CaptureStr...or.dll
windows10-2004-x64
1DAX3API.exe
windows7-x64
1DAX3API.exe
windows10-2004-x64
1DAX3APIDLL.dll
windows7-x64
1DAX3APIDLL.dll
windows10-2004-x64
1Default.xml
windows7-x64
3Default.xml
windows10-2004-x64
1DolbyAPOv251.dll
windows7-x64
1DolbyAPOv251.dll
windows10-2004-x64
7DolbyAPOvlldp.dll
windows7-x64
1DolbyAPOvlldp.dll
windows10-2004-x64
7DolbyAPOvlldp120.dll
windows7-x64
1DolbyAPOvlldp120.dll
windows10-2004-x64
7DolbyDspVlldp.dll
windows7-x64
1DolbyDspVlldp.dll
windows10-2004-x64
7Headphone_....2.xml
windows7-x64
3Headphone_....2.xml
windows10-2004-x64
1Headphone_....2.xml
windows7-x64
3Headphone_....2.xml
windows10-2004-x64
1Headphone_....2.xml
windows7-x64
3Headphone_....2.xml
windows10-2004-x64
1Headphone_....2.xml
windows7-x64
3Headphone_....2.xml
windows10-2004-x64
1Resubmissions
11-09-2024 18:46
240911-xe5y3swfpp 7Analysis
-
max time kernel
144s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
11-09-2024 18:46
Static task
static1
Behavioral task
behavioral1
Sample
Dolby_Atmos_Setup_and_ControlPanel [PeskTop.com].rar
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
Dolby_Atmos_Setup_and_ControlPanel [PeskTop.com].rar
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Dolby_Atmos_Setup_and_ControlPanel [PeskTop.com]/Dolby_Atmos_Setup_and_ControlPanel/Readme.txt
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
Dolby_Atmos_Setup_and_ControlPanel [PeskTop.com]/Dolby_Atmos_Setup_and_ControlPanel/Readme.txt
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Dolby_Atmos_Setup_and_ControlPanel [PeskTop.com]/Dolby_Atmos_Setup_and_ControlPanel/Readme.txt~
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
Dolby_Atmos_Setup_and_ControlPanel [PeskTop.com]/Dolby_Atmos_Setup_and_ControlPanel/Readme.txt~
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Dolby_Atmos_Setup_and_ControlPanel [PeskTop.com]/Dolby_Atmos_Setup_and_ControlPanel/Windows_10_64-bit_basic_driver.zip
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral8
Sample
Dolby_Atmos_Setup_and_ControlPanel [PeskTop.com]/Dolby_Atmos_Setup_and_ControlPanel/Windows_10_64-bit_basic_driver.zip
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
CaptureStreamMonitor.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral10
Sample
CaptureStreamMonitor.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
DAX3API.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral12
Sample
DAX3API.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
DAX3APIDLL.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral14
Sample
DAX3APIDLL.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Default.xml
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral16
Sample
Default.xml
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
DolbyAPOv251.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral18
Sample
DolbyAPOv251.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
DolbyAPOvlldp.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral20
Sample
DolbyAPOvlldp.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
DolbyAPOvlldp120.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral22
Sample
DolbyAPOvlldp120.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
DolbyDspVlldp.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral24
Sample
DolbyDspVlldp.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Headphone_Default_Generic_Default_DolbyAtmos_vlldp1.2.xml
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral26
Sample
Headphone_Default_Generic_Default_DolbyAtmos_vlldp1.2.xml
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Headphone_Default_Generic_Large_DolbyAtmos_vlldp1.2.xml
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral28
Sample
Headphone_Default_Generic_Large_DolbyAtmos_vlldp1.2.xml
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Headphone_Default_Generic_Medium_DolbyAtmos_vlldp1.2.xml
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral30
Sample
Headphone_Default_Generic_Medium_DolbyAtmos_vlldp1.2.xml
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Headphone_Default_Generic_Small_DolbyAtmos_vlldp1.2.xml
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral32
Sample
Headphone_Default_Generic_Small_DolbyAtmos_vlldp1.2.xml
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
Headphone_Default_Generic_Medium_DolbyAtmos_vlldp1.2.xml
-
Size
73KB
-
MD5
2d1ff1f0c0bef00b6b10ff74b4f2f461
-
SHA1
26f2000e34ebaf8af837f89e384d641d050db466
-
SHA256
64044d0326ce03b68fc5e7b3b9217db09b5c9199dbf07b7b8e354e5732e3c0ff
-
SHA512
890cc3bf33db63adffca1d4fa38da3c98bface87928a4cacbebc80fd16b40c1ef877e950290bdb96af7a49ab33fb294b93874465091064844f7dd991e53b8d5a
-
SSDEEP
384:gC+6QjBDctEMmcYCDctEMmYZCD6tZMmtYCDltRMmkYCD6tqMmCYCDrteMmbYCDr6:jUNYNrI3Hg5isZsgsq6r
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MSOXMLED.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language iexplore.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000f8864e2e8c085d5f9d97d6b2715ac24efe2c39acc05e7d9ecb4e56d1fe42403b000000000e8000000002000020000000fafeec6ffcdbea866124e61243134d3ec9320ad99826e2a377809cd8839a9665900000002a46de92331c7202ede4c55e9b072db0d590b8e40c777dc9e228ad45f10e0483d7685e645519a88d6df6af8236deab66ce141c292237d77edf2d8df2de5f82626e519dcd42c9c1cdd5cd52799a51da8bdda3aa530fcd1d3fd47b3136f1d5e57de76c02383cec41ae7ea1d176683886aba6366820d508206c467eaddec22903f0b35330191f80d4aa0a15de369b3cfedf400000002916e6c3a4f95c2afbdf66cfc843d6d70cf67e9680d795a93ce8d00e7e51e0cc9897613d0d27e27b5e00714bf73d5568da1d28a226bb7f51cb58cb5d7f42dfba IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{47D95E61-706E-11EF-8EB4-4E0B11BE40FD} = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea22000000000200000000001066000000010000200000007e52621490f5f9c5068893d7fb6edbb7840bc407d299945f1e5ebd4faa83066a000000000e80000000020000200000008e8b28d4ec0c18617e4114ed56b013d5db68b2c86f2d9beb74550d1afc501493200000006a698022712ff14de665f8322e2c8cd0ed09ab20cdc6b04654e063f607dd6932400000005ca81a8cd5d31d52b0a965db407292c151ee62e5cad867313aee527640a4801350a371336ae90815bf65cce0ae0def98b1f1d9ddbebb6ee175eee7c7cc53eaa3 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432242377" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0b09a1c7b04db01 IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1828 IEXPLORE.EXE -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1828 IEXPLORE.EXE 1828 IEXPLORE.EXE 2108 IEXPLORE.EXE 2108 IEXPLORE.EXE 2108 IEXPLORE.EXE 2108 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 2484 wrote to memory of 2116 2484 MSOXMLED.EXE 30 PID 2484 wrote to memory of 2116 2484 MSOXMLED.EXE 30 PID 2484 wrote to memory of 2116 2484 MSOXMLED.EXE 30 PID 2484 wrote to memory of 2116 2484 MSOXMLED.EXE 30 PID 2116 wrote to memory of 1828 2116 iexplore.exe 31 PID 2116 wrote to memory of 1828 2116 iexplore.exe 31 PID 2116 wrote to memory of 1828 2116 iexplore.exe 31 PID 2116 wrote to memory of 1828 2116 iexplore.exe 31 PID 1828 wrote to memory of 2108 1828 IEXPLORE.EXE 32 PID 1828 wrote to memory of 2108 1828 IEXPLORE.EXE 32 PID 1828 wrote to memory of 2108 1828 IEXPLORE.EXE 32 PID 1828 wrote to memory of 2108 1828 IEXPLORE.EXE 32
Processes
-
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Headphone_Default_Generic_Medium_DolbyAtmos_vlldp1.2.xml"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2484 -
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2116 -
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1828 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1828 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2108
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b