Overview

overview

6

Static

static

1

sushi_gas-station.mp4

windows10-1703-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25-09-2024 18:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sushi_gas-station.mp4

  • Size

    36B

  • MD5

    a1ca4bebcd03fafbe2b06a46a694e29a

  • SHA1

    ffc88125007c23ff6711147a12f9bba9c3d197ed

  • SHA256

    c3fa59901d56ce8a95a303b22fd119cb94abf4f43c4f6d60a81fd78b7d00fa65

  • SHA512

    6fe1730bf2a6bba058c5e1ef309a69079a6acca45c0dbca4e7d79c877257ac08e460af741459d1e335197cf4de209f2a2997816f2a2a3868b2c8d086ef789b0e

Score
6/10
discovery

Malware Config

Signatures

  • Drops desktop.ini file(s) 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 6 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\sushi_gas-station.mp4"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4904
    • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
      "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\sushi_gas-station.mp4"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:212
      • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
        "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Relaunch /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\sushi_gas-station.mp4"
        3⤵
        • Drops desktop.ini file(s)
        • Enumerates connected drives
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:4464
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:208
      • C:\Windows\System32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:5064
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4344
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    PID:1544
  • \??\c:\windows\system32\svchost.exe
    c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:2652
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4480
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2512
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:804
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    PID:2156

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    64KB

    MD5

    0e807656bd86f2aef7ccf207f963973b

    SHA1

    27052af8d103d134369e356b793eb88ba873df55

    SHA256

    c509c498682bec50142782a51785655020bea27652f46e104e07a530c2ff5162

    SHA512

    e6c7d5e001e8322ccb1abd101d47e7f1401597518f45dd8da1d757728147262bcb3b1f96128f291e0e367c5b34026b401468e4219b27cf3c37a8d434180cd8f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    1024KB

    MD5

    34289b9beb06015335e2948821605b5e

    SHA1

    0e82e760cbd910c7a78025cd3ed5a08a0defd295

    SHA256

    5c5576c28f744657f7cd3cab64a65b91a66cac7b2c1bbf21c9addd7b63487415

    SHA512

    bce05bca644f85a728637b6940d66605b360483fa20243c04654535e2fdd7ca5c44898f2dde80ef39e0588998c3def74edca0d271e4c808834b6426847836810

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
    Filesize

    68KB

    MD5

    c7756bf64b39c4b1909faead458638b5

    SHA1

    3f2506ae32eb03394ab5388a7a6bf9b7550fb0a7

    SHA256

    b28772232084ef9ac64cdf7f964889faabc210d77e79ad64a2a180699fd3bd81

    SHA512

    440a1c0a1a37b1868a9a861bf0895fed972ed19d1ceacc44d1e8847aa2e95074f4adeb9f651cdb80bea23e1683627a3b2c6e2f79a4e3a6fe1300017d67226c50

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
    Filesize

    9KB

    MD5

    7050d5ae8acfbe560fa11073fef8185d

    SHA1

    5bc38e77ff06785fe0aec5a345c4ccd15752560e

    SHA256

    cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

    SHA512

    a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E49JWOHD\edgecompatviewlist[1].xml
    Filesize

    74KB

    MD5

    d4fc49dc14f63895d997fa4940f24378

    SHA1

    3efb1437a7c5e46034147cbbc8db017c69d02c31

    SHA256

    853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

    SHA512

    cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\39DCF736\favicon[1].ico
    Filesize

    16KB

    MD5

    12e3dac858061d088023b2bd48e2fa96

    SHA1

    e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

    SHA256

    90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

    SHA512

    c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\A7BTKZ73\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\5ja94pb\imagestore.dat
    Filesize

    26KB

    MD5

    45a1bbdfdeb09d061d5e869cd2869189

    SHA1

    5683da8c58aef0da88ff05bdda05106917d4bff8

    SHA256

    42fbec92a364c6313bb235a0dc387440f5e6c6ae739f7476d3f65bc3f5476aef

    SHA512

    41b08c9d7eed4a193b60ac5ea4a0170fcfa99935eebcfb5c901ef76e8acf464b0518f6270e627e50d0a93fd972f6eb4d854af4b0711a926aa61bd558cf094cda

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
    Filesize

    1KB

    MD5

    985a4df3fae6c3c45c89786c05326441

    SHA1

    d4f0c3c4c320d6e116750759038c2b40ed42df14

    SHA256

    00d3271c87ba724cbd2b0b1c6a9313b7622f88ec6077a76a0f7d44ea421853e0

    SHA512

    51e40ccf4a37aa0dbf1d8cc72d44bd2099c3251f57e62973ad1ed3fe0ca02ef6b5a59c4a0dd85288a794cfe508c66490da979db5c58270f5108b13d7fed42558

    Download Submit

  • memory/804-208-0x000002047F2C0000-0x000002047F2C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/804-189-0x000002047EC60000-0x000002047ED60000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/804-204-0x000002047F290000-0x000002047F292000-memory.dmp

    Filesize

    8KB

    Download

  • memory/804-206-0x000002047F2A0000-0x000002047F2A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/804-202-0x000002047F270000-0x000002047F272000-memory.dmp

    Filesize

    8KB

    Download

  • memory/804-112-0x000002047B730000-0x000002047B732000-memory.dmp

    Filesize

    8KB

    Download

  • memory/804-115-0x000002047B760000-0x000002047B762000-memory.dmp

    Filesize

    8KB

    Download

  • memory/804-117-0x000002047B780000-0x000002047B782000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2512-96-0x00000230B7F40000-0x00000230B8040000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/4344-217-0x0000022421CB0000-0x0000022421CB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4344-74-0x00000224182D0000-0x00000224182D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4344-218-0x0000022421CC0000-0x0000022421CC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4344-55-0x000002241B020000-0x000002241B030000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4344-39-0x000002241AF20000-0x000002241AF30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4464-87-0x0000000009F90000-0x0000000009FA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4464-235-0x0000000009F90000-0x0000000009FA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4464-88-0x0000000009F90000-0x0000000009FA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4464-85-0x0000000009F90000-0x0000000009FA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4464-82-0x0000000009F90000-0x0000000009FA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4464-81-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4464-231-0x0000000007360000-0x0000000007370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4464-89-0x0000000009F90000-0x0000000009FA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4464-234-0x0000000009F90000-0x0000000009FA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4464-86-0x0000000009F90000-0x0000000009FA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4464-236-0x0000000007AE0000-0x0000000007AF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4464-237-0x0000000007AE0000-0x0000000007AF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4464-238-0x0000000007AE0000-0x0000000007AF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4464-241-0x0000000007AE0000-0x0000000007AF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4464-240-0x0000000009F90000-0x0000000009FA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4464-239-0x0000000007AE0000-0x0000000007AF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4464-242-0x0000000009F90000-0x0000000009FA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4464-243-0x0000000009F90000-0x0000000009FA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4464-83-0x0000000009F90000-0x0000000009FA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4464-84-0x0000000009F90000-0x0000000009FA0000-memory.dmp

    Filesize

    64KB

    Download