Analysis
-
max time kernel
43s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
08-10-2024 02:00
Behavioral task
behavioral1
Sample
stage4.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
stage4.exe
Resource
win10v2004-20241007-en
General
-
Target
stage4.exe
-
Size
483KB
-
MD5
de43429789841ca9c3ea968c57a76b4e
-
SHA1
3b88e989e41c91df253865d1c9ab7354009a75d4
-
SHA256
eaff8cd6cccffd5fe64c771a5bdcb21f99697f728ce554e9c594608e58731665
-
SHA512
4b566e4f5a27271a78de5c00ebabc4f4f86da650834c14c18c64656d0cc1a553a68425616a2759791cc91cd86997b968288369b5be108409a322609524aa2dca
-
SSDEEP
12288:5TlrYw1RUh3NFn+N5WfIQIjbs/ZmnzT4:/pRUh3NDfIQIjeZ
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language stage4.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2736 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2736 vlc.exe -
Suspicious use of FindShellTrayWindow 10 IoCs
pid Process 2736 vlc.exe 2736 vlc.exe 2736 vlc.exe 2736 vlc.exe 2736 vlc.exe 2736 vlc.exe 2736 vlc.exe 2736 vlc.exe 2736 vlc.exe 2736 vlc.exe -
Suspicious use of SendNotifyMessage 9 IoCs
pid Process 2736 vlc.exe 2736 vlc.exe 2736 vlc.exe 2736 vlc.exe 2736 vlc.exe 2736 vlc.exe 2736 vlc.exe 2736 vlc.exe 2736 vlc.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 468 stage4.exe 2736 vlc.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\stage4.exe"C:\Users\Admin\AppData\Local\Temp\stage4.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:468
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\TraceProtect.wmv"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2736
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
144B
MD55ca2350b35c2c15a9794818efe4cceb9
SHA1044cbde61bd8d80bdb2c17963267bc643e7f5013
SHA256067dd8bad6275111d0f72974ee8e0c47dfc5de8a84023435ecefa3591ffc8185
SHA5125de232be20699e19aba58694d87796fc4898e657286d0c483d0101b5b4cff41ae607562447e8073cf607220cfdd944f5885c1e61b50dc0f7bd3e8c9fe8d21d97