Overview

overview

10

Static

static

7

Bandicam 7...m].rar

windows11-21h2-x64

10

Bandicam 7...up.exe

windows11-21h2-x64

9

$PLUGINSDI...al.ini

windows11-21h2-x64

3

$PLUGINSDI...er.bmp

windows11-21h2-x64

3

$PLUGINSDI...rd.bmp

windows11-21h2-x64

3

bandicam.ini

windows11-21h2-x64

3

bdcamvk32.json

windows11-21h2-x64

3

bdcamvk64.json

windows11-21h2-x64

3

data/camera.wav

windows11-21h2-x64

6

data/effec...10.dat

windows11-21h2-x64

3

data/effec...15.dat

windows11-21h2-x64

3

data/effec...20.dat

windows11-21h2-x64

3

data/effec...30.dat

windows11-21h2-x64

3

data/effec...10.dat

windows11-21h2-x64

3

data/effec...15.dat

windows11-21h2-x64

3

data/effec...20.dat

windows11-21h2-x64

3

data/effec...30.dat

windows11-21h2-x64

3

data/language.dat

windows11-21h2-x64

3

data/langu...ix.dat

windows11-21h2-x64

3

data/lclick.wav

windows11-21h2-x64

6

data/rclick.wav

windows11-21h2-x64

6

data/sample.png

windows11-21h2-x64

3

data/skin.zip

windows11-21h2-x64

1

data/start.wav

windows11-21h2-x64

6

data/stop.wav

windows11-21h2-x64

6

encap64.dll

windows11-21h2-x64

1

lang/Japanese.ps1

windows11-21h2-x64

3

Bandicam 7...eg.rar

windows11-21h2-x64

1

Visit www....om.url

windows11-21h2-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    135s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12-10-2024 17:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    data/lclick.wav

  • Size

    69KB

  • MD5

    edc287a54e68f13033dd06a688574cde

  • SHA1

    4d20d2d093de6d0b3a2521bfbe2d29afd8b16dcc

  • SHA256

    5c03d7d2366592d9e35264b957131ddea2676fe505680de70f5e0878f70ce0c5

  • SHA512

    0fafd1e1041d89362bc66b1fcc07ed7b16db578d2b531fd6093c4eb267438db78d26bf5b5a2f5f102137d4935957215ac00451915a200cbf82c5ef5a8aaca2a4

  • SSDEEP

    768:8ElMjPf1wNlVLYEtn316Lq1uu7ZptHB0kxOC7wTze6P7aBOBejLI:vUeNlH/6OMap16kxwTze6P7Q8ejLI

Score
6/10
discovery

Malware Config

Signatures

  • Drops desktop.ini file(s) 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Users\Admin\AppData\Local\Temp\data\lclick.wav"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:4852
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4460
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:2700
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:2652
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004C8
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    256KB

    MD5

    1a0295014678e91e7fea0a79074d6ffc

    SHA1

    f93a33dfd19a09d92174a17f0912440ddb1479a0

    SHA256

    fba2e401545352472136e5c71b0596b9125ddcfe2b87c439d8567cb2dad16745

    SHA512

    d7aec99cf127bf009bad534f293b65ce93ed08c650312a32ea670b0cf09dcaa0906962d9b29ce6c078396885e8ce55bf5ae5598c2480fd508ebddd111bd6c882

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    1024KB

    MD5

    b16bb521c10f4504b3ba55883a305a06

    SHA1

    83b4492c4aa33b345c6aa252c117fe4a71455d40

    SHA256

    2de509f4df010e9fd322df0101ac1dac22b8364022274102f8bb0c06b949ee13

    SHA512

    dcec4edb648c3c6dc98b1b2e713c835c0d5f00bed20b5a21a8cb5993cb37bf3dbce7a55bf77cd2b88c1854e0867362cfc8ff1320813656eecb4d83a78d611dd7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
    Filesize

    68KB

    MD5

    2c731e97dbb3e1c69b0c0de0c262ef3e

    SHA1

    d158017e0175dcb234eca939206cb30adeab3655

    SHA256

    90786f2c9d6034cc93795e6ee319a025995a876fa3558409bb5135521aabf646

    SHA512

    0810b471448ac4f1e3d97e7d3ac9b506c1c7dc6f0313d492688c8745e9661e92ae29e0d3d574f3dac0a972f96dc67c2ac8fcd8577499329b66bc717972d60c93

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
    Filesize

    498B

    MD5

    90be2701c8112bebc6bd58a7de19846e

    SHA1

    a95be407036982392e2e684fb9ff6602ecad6f1e

    SHA256

    644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

    SHA512

    d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
    Filesize

    9KB

    MD5

    5433eab10c6b5c6d55b7cbd302426a39

    SHA1

    c5b1604b3350dab290d081eecd5389a895c58de5

    SHA256

    23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131

    SHA512

    207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
    Filesize

    1KB

    MD5

    8cd97980b6d7cf66ebe6522984362f57

    SHA1

    e8cb99df313026c1da24a2dc0e8477ef266ebdab

    SHA256

    6ba24de3650342e6fd085ddf464131ee9b88360316f3dfa5b652b89fc16d086d

    SHA512

    9deeeb10e0c37242c4da32fd9e21a6538531458620967a55965ba2ff9d2340ab340d788d09ed4f3dde2328d9268c361930176e84172b5d018658ea52ae24f454

    Download Submit

  • memory/4852-27-0x0000000004460000-0x0000000004470000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4852-29-0x0000000004460000-0x0000000004470000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4852-32-0x0000000004460000-0x0000000004470000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4852-31-0x0000000004460000-0x0000000004470000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4852-30-0x0000000004460000-0x0000000004470000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4852-28-0x0000000004460000-0x0000000004470000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4852-47-0x0000000006EF0000-0x0000000006F00000-memory.dmp

    Filesize

    64KB

    Download