a69ba03a6a908821c6783ab21252ad82272e2219bd4701ac6373901ebcd35535

Resubmissions

09-10-2024 18:44

241009-xdlh2swbnc 6

09-10-2024 18:43

241009-xc1lkswbmd 1

Analysis

max time kernel
140s
max time network
124s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09-10-2024 18:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ther.mp3
Size

4.8MB
MD5

caf2e7bf786d09b60c352d6067623577
SHA1

24a1a384376d53aa08308d54c51b8ad5be030b8f
SHA256

a69ba03a6a908821c6783ab21252ad82272e2219bd4701ac6373901ebcd35535
SHA512

0580fc7c0e4591e4982c9a68af326ca702859b0dfb6341dc745430569592ec22fa68cc0074158fac91f4141bf2d03f5ff30d48a484c45d86f88339dff343effe
SSDEEP

98304:O5d2bKKUkII9D6wiseq6KZmJGYycMKu2QiuK3nX2LMz32wR8e0PrwDHatdwjc7tN:w0Nz9qJqsJGXkQy3X2wz32e0TwGzwI7b

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1296	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1296	vlc.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1296	vlc.exe
Token: SeIncBasePriorityPrivilege	1296	vlc.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
1296	vlc.exe
1296	vlc.exe
1296	vlc.exe
1296	vlc.exe
1296	vlc.exe
1296	vlc.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
1296	vlc.exe
1296	vlc.exe
1296	vlc.exe
1296	vlc.exe
1296	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1296	vlc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Ther.mp3"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1296-7-0x000000013F4A0000-0x000000013F598000-memory.dmp

Filesize
992KB

Download
memory/1296-8-0x000007FEF7790000-0x000007FEF77C4000-memory.dmp

Filesize
208KB

Download
memory/1296-13-0x000007FEF7770000-0x000007FEF7787000-memory.dmp

Filesize
92KB

Download
memory/1296-16-0x000007FEF69D0000-0x000007FEF69E1000-memory.dmp

Filesize
68KB

Download
memory/1296-14-0x000007FEF7750000-0x000007FEF7761000-memory.dmp

Filesize
68KB

Download
memory/1296-15-0x000007FEF69F0000-0x000007FEF6A0D000-memory.dmp

Filesize
116KB

Download
memory/1296-9-0x000007FEF5D40000-0x000007FEF5FF6000-memory.dmp

Filesize
2.7MB

Download
memory/1296-12-0x000007FEFA8D0000-0x000007FEFA8E1000-memory.dmp

Filesize
68KB

Download
memory/1296-11-0x000007FEFB110000-0x000007FEFB127000-memory.dmp

Filesize
92KB

Download
memory/1296-10-0x000007FEFB7A0000-0x000007FEFB7B8000-memory.dmp

Filesize
96KB

Download
memory/1296-36-0x000007FEF48F0000-0x000007FEF4903000-memory.dmp

Filesize
76KB

Download
memory/1296-41-0x000007FEF29B0000-0x000007FEF29C5000-memory.dmp

Filesize
84KB

Download
memory/1296-43-0x000007FEF2950000-0x000007FEF2962000-memory.dmp

Filesize
72KB

Download
memory/1296-42-0x000007FEF2970000-0x000007FEF2981000-memory.dmp

Filesize
68KB

Download
memory/1296-40-0x000007FEF2B50000-0x000007FEF2B78000-memory.dmp

Filesize
160KB

Download
memory/1296-39-0x000007FEF2B80000-0x000007FEF2BD7000-memory.dmp

Filesize
348KB

Download
memory/1296-38-0x000007FEF4800000-0x000007FEF48C5000-memory.dmp

Filesize
788KB

Download
memory/1296-37-0x000007FEF48D0000-0x000007FEF48E1000-memory.dmp

Filesize
68KB

Download
memory/1296-35-0x000007FEF4910000-0x000007FEF493F000-memory.dmp

Filesize
188KB

Download
memory/1296-44-0x000007FEF27D0000-0x000007FEF294A000-memory.dmp

Filesize
1.5MB

Download
memory/1296-32-0x000007FEF49C0000-0x000007FEF49D8000-memory.dmp

Filesize
96KB

Download
memory/1296-34-0x000007FEF4940000-0x000007FEF4997000-memory.dmp

Filesize
348KB

Download
memory/1296-33-0x000007FEF49A0000-0x000007FEF49B1000-memory.dmp

Filesize
68KB

Download
memory/1296-30-0x000007FEF4A00000-0x000007FEF4A7C000-memory.dmp

Filesize
496KB

Download
memory/1296-31-0x000007FEF49E0000-0x000007FEF49F1000-memory.dmp

Filesize
68KB

Download
memory/1296-28-0x000007FEF63E0000-0x000007FEF6410000-memory.dmp

Filesize
192KB

Download
memory/1296-29-0x000007FEF6370000-0x000007FEF63D7000-memory.dmp

Filesize
412KB

Download
memory/1296-27-0x000007FEF6410000-0x000007FEF6428000-memory.dmp

Filesize
96KB

Download
memory/1296-26-0x000007FEF6430000-0x000007FEF6441000-memory.dmp

Filesize
68KB

Download
memory/1296-25-0x000007FEF6450000-0x000007FEF646B000-memory.dmp

Filesize
108KB

Download
memory/1296-17-0x000007FEF4C90000-0x000007FEF5D40000-memory.dmp

Filesize
16.7MB

Download
memory/1296-24-0x000007FEF6470000-0x000007FEF6481000-memory.dmp

Filesize
68KB

Download
memory/1296-23-0x000007FEF6490000-0x000007FEF64A1000-memory.dmp

Filesize
68KB

Download
memory/1296-22-0x000007FEF64B0000-0x000007FEF64C1000-memory.dmp

Filesize
68KB

Download
memory/1296-21-0x000007FEF64D0000-0x000007FEF64E8000-memory.dmp

Filesize
96KB

Download
memory/1296-20-0x000007FEF64F0000-0x000007FEF6511000-memory.dmp

Filesize
132KB

Download
memory/1296-19-0x000007FEF6980000-0x000007FEF69C1000-memory.dmp

Filesize
260KB

Download
memory/1296-18-0x000007FEF4A80000-0x000007FEF4C8B000-memory.dmp

Filesize
2.0MB

Download