0ebd6262c1467b03392c988e3af08c67821661040997d442299fc37fd633dbc5

Resubmissions

12/09/2024, 20:50

240912-zmmtkstfkj 3

12/09/2024, 20:47

240912-zlcxzsthne 6

Analysis

max time kernel
146s
max time network
21s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/09/2024, 20:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

angrybirdsmaker0.4.2.1-dist/angrybirdsmaker0.4.2.1-dist/ABM_0.4.2.1_ASDK_.compiled/data_sdk/audio/cypigs/cypig_collision_04.wav
Size

70KB
MD5

3e6ce54a30941bf87a34c04596d9f546
SHA1

a0abc88a4f3f972ae7cf9b56e3aef488e4d7f645
SHA256

1a4d4f4c852336acb81353e6b4629203c4cc1b399ea729055f19378e54e298cc
SHA512

cf520a0c493ca49f20b84ff6ed5b87f53619cffeb749769631b13da6ff2cee66feb334b52ec54a23943a8c196198dd5736da0b1d476ef15cccb297f7bc479d6e
SSDEEP

1536:J1URhfS0AX4xN49hCFfVzUwWgLgfGFFYdRL0FL:rqfS0q4xN8hjwWg0GFFIRYFL

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1748	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1748	vlc.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: 33	1524	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1524	AUDIODG.EXE
Token: 33	1524	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1524	AUDIODG.EXE
Token: 33	1748	vlc.exe
Token: SeIncBasePriorityPrivilege	1748	vlc.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
1748	vlc.exe
1748	vlc.exe
1748	vlc.exe
1748	vlc.exe
1748	vlc.exe
1748	vlc.exe
1748	vlc.exe
1748	vlc.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
1748	vlc.exe
1748	vlc.exe
1748	vlc.exe
1748	vlc.exe
1748	vlc.exe
1748	vlc.exe
1748	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1748	vlc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\angrybirdsmaker0.4.2.1-dist\angrybirdsmaker0.4.2.1-dist\ABM_0.4.2.1_ASDK_.compiled\data_sdk\audio\cypigs\cypig_collision_04.wav"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1748

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1748-6-0x000007FEFB1A0000-0x000007FEFB1D4000-memory.dmp

Filesize
208KB

Download
memory/1748-5-0x000000013F6B0000-0x000000013F7A8000-memory.dmp

Filesize
992KB

Download
memory/1748-8-0x000007FEFB470000-0x000007FEFB488000-memory.dmp

Filesize
96KB

Download
memory/1748-9-0x000007FEFB180000-0x000007FEFB197000-memory.dmp

Filesize
92KB

Download
memory/1748-10-0x000007FEFB110000-0x000007FEFB121000-memory.dmp

Filesize
68KB

Download
memory/1748-14-0x000007FEFAED0000-0x000007FEFAEE1000-memory.dmp

Filesize
68KB

Download
memory/1748-13-0x000007FEFAEF0000-0x000007FEFAF0D000-memory.dmp

Filesize
116KB

Download
memory/1748-12-0x000007FEFAF10000-0x000007FEFAF21000-memory.dmp

Filesize
68KB

Download
memory/1748-11-0x000007FEFB0F0000-0x000007FEFB107000-memory.dmp

Filesize
92KB

Download
memory/1748-7-0x000007FEF6590000-0x000007FEF6846000-memory.dmp

Filesize
2.7MB

Download
memory/1748-15-0x000007FEF6380000-0x000007FEF658B000-memory.dmp

Filesize
2.0MB

Download
memory/1748-18-0x000007FEFAE50000-0x000007FEFAE71000-memory.dmp

Filesize
132KB

Download
memory/1748-17-0x000007FEFAE80000-0x000007FEFAEC1000-memory.dmp

Filesize
260KB

Download
memory/1748-19-0x000007FEF7920000-0x000007FEF7938000-memory.dmp

Filesize
96KB

Download
memory/1748-21-0x000007FEF78E0000-0x000007FEF78F1000-memory.dmp

Filesize
68KB

Download
memory/1748-20-0x000007FEF7900000-0x000007FEF7911000-memory.dmp

Filesize
68KB

Download
memory/1748-22-0x000007FEF78C0000-0x000007FEF78D1000-memory.dmp

Filesize
68KB

Download
memory/1748-23-0x000007FEF78A0000-0x000007FEF78BB000-memory.dmp

Filesize
108KB

Download
memory/1748-24-0x000007FEF7880000-0x000007FEF7891000-memory.dmp

Filesize
68KB

Download
memory/1748-25-0x000007FEF7860000-0x000007FEF7878000-memory.dmp

Filesize
96KB

Download
memory/1748-26-0x000007FEF77C0000-0x000007FEF77F0000-memory.dmp

Filesize
192KB

Download
memory/1748-16-0x000007FEF52D0000-0x000007FEF6380000-memory.dmp

Filesize
16.7MB

Download
memory/1748-27-0x000007FEF7750000-0x000007FEF77B7000-memory.dmp

Filesize
412KB

Download
memory/1748-28-0x000007FEF6AA0000-0x000007FEF6B1C000-memory.dmp

Filesize
496KB

Download
memory/1748-29-0x000007FEF7730000-0x000007FEF7741000-memory.dmp

Filesize
68KB

Download
memory/1748-30-0x000007FEF6A40000-0x000007FEF6A97000-memory.dmp

Filesize
348KB

Download
memory/1748-35-0x000007FEF6B30000-0x000007FEF6B41000-memory.dmp

Filesize
68KB

Download
memory/1748-37-0x000007FEF6960000-0x000007FEF6981000-memory.dmp

Filesize
132KB

Download
memory/1748-42-0x000007FEF50A0000-0x000007FEF50B6000-memory.dmp

Filesize
88KB

Download
memory/1748-41-0x000007FEF50C0000-0x000007FEF50D1000-memory.dmp

Filesize
68KB

Download
memory/1748-45-0x000007FEF4D20000-0x000007FEF4D32000-memory.dmp

Filesize
72KB

Download
memory/1748-44-0x000007FEF4D40000-0x000007FEF4D51000-memory.dmp

Filesize
68KB

Download
memory/1748-43-0x000007FEF5080000-0x000007FEF5095000-memory.dmp

Filesize
84KB

Download
memory/1748-49-0x000007FEF4B40000-0x000007FEF4B51000-memory.dmp

Filesize
68KB

Download
memory/1748-52-0x000007FEF4AE0000-0x000007FEF4AF6000-memory.dmp

Filesize
88KB

Download
memory/1748-46-0x000007FEF4BA0000-0x000007FEF4D1A000-memory.dmp

Filesize
1.5MB

Download
memory/1748-51-0x000007FEF4B00000-0x000007FEF4B11000-memory.dmp

Filesize
68KB

Download
memory/1748-50-0x000007FEF4B20000-0x000007FEF4B31000-memory.dmp

Filesize
68KB

Download
memory/1748-48-0x000007FEF4B60000-0x000007FEF4B74000-memory.dmp

Filesize
80KB

Download
memory/1748-47-0x000007FEF4B80000-0x000007FEF4B93000-memory.dmp

Filesize
76KB

Download
memory/1748-40-0x000007FEF50E0000-0x000007FEF510F000-memory.dmp

Filesize
188KB

Download
memory/1748-39-0x000007FEFB930000-0x000007FEFB940000-memory.dmp

Filesize
64KB

Download
memory/1748-38-0x000007FEF52B0000-0x000007FEF52C3000-memory.dmp

Filesize
76KB

Download
memory/1748-36-0x000007FEF6990000-0x000007FEF69A2000-memory.dmp

Filesize
72KB

Download
memory/1748-34-0x000007FEF69B0000-0x000007FEF69D3000-memory.dmp

Filesize
140KB

Download
memory/1748-33-0x000007FEF7710000-0x000007FEF7728000-memory.dmp

Filesize
96KB

Download
memory/1748-32-0x000007FEF69E0000-0x000007FEF6A04000-memory.dmp

Filesize
144KB

Download
memory/1748-31-0x000007FEF6A10000-0x000007FEF6A38000-memory.dmp

Filesize
160KB

Download