Overview

overview

10

Static

static

10

VSNKLGuzoF...2).exe

windows7-x64

3

VSNKLGuzoF...5w.exe

windows7-x64

3

VideoCodeCX.exe

windows7-x64

10

WcsPlugInS...ex.exe

windows7-x64

5

WinLocker Builder.exe

windows7-x64

5

WinLocker_Builder.exe

windows7-x64

5

_003E0000.exe.vir.exe

windows7-x64

9

vmem02.exe

windows7-x64

3

w8i9eHkHOwWwQlX.exe

windows7-x64

3

wpbt0.exe

windows7-x64

10

xpiofrbtkzhr.exe

windows7-x64

xxx_video (2).exe

windows7-x64

7

xxx_video.exe

windows7-x64

5

xxx_video_...vi.exe

windows7-x64

10

xxx_video_...ir.exe

windows7-x64

10

xxx_video_...ir.exe

windows7-x64

10

xxx_video_...ir.exe

windows7-x64

10

xxx_video_...vi.exe

windows7-x64

10

xxx_video_...ir.exe

windows7-x64

10

zcrypt.exe

windows7-x64

7

{71257279-...a}.exe

windows7-x64

10

Analysis

  • max time kernel
    239s
  • max time network
    245s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    22-11-2024 03:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VideoCodeCX.exe

  • Size

    2.0MB

  • MD5

    0701e045db5d20c93427b4bb452bc341

  • SHA1

    6be9df576ebfed1b2a0b14f2352dceaa36a10c79

  • SHA256

    22b1af46ce7b3db0ec037026e035b0b09a6c791e5fb5fcb5e6ee3ef8d276abe1

  • SHA512

    40a542dbd44eab6c2f8f6631487be2065692489040632916aaee2d7f24810e4844291b1e6a0e5884362a7ebc534a03a44103465cd1266439107fc5c070c50dfb

  • SSDEEP

    49152:EkAG2QGTC5xvMdgpdb1KRzGepUu2cGbq7oc+tuNAn:EkAjQGTCnvMmpEQqUPn

Score
10/10
discoverypersistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
    persistence
  • Loads dropped DLL 15 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 22 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 24 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VideoCodeCX.exe
    "C:\Users\Admin\AppData\Local\Temp\VideoCodeCX.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2744
    • C:\Windows\SysWOW64\msiexec.exe
      "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Video CodeC X\Video CodeC X 2.0.0.0\install\F1CBFAF\Video CodeC X.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\VideoCodeCX.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs "
      2⤵
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2812
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Modifies WinLogon for persistence
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2900
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding A371761743DBC15E96271C54860029AD
      2⤵
      • Loads dropped DLL
      • Blocklisted process makes network request
      • System Location Discovery: System Language Discovery
      PID:2780
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding B6D96334DC12DB8986BA5F9FD9ADA77D M Global\MSI0000
      2⤵
      • Loads dropped DLL
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      PID:896

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\f777ec5.rbs
    Filesize

    106KB

    MD5

    0e49666f6aec36e92453cb4e41f749f5

    SHA1

    b54cd4ebccacf282facfecbe3616df59876408b7

    SHA256

    4a96551895ea83c53f561774818a33f4044514a2923954bf54ee8b1ec006cec3

    SHA512

    8c20f2dfd52613b12b3cab05088bd02414b3f8fc9ef4692535440809972d5792f1ece5cfd1dfe46aba6f430586fc6ceff18ae22f961fe9dcc7d81af6363ed5e0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Video CodeC X\2.0.0.0\tracking.ini
    Filesize

    69B

    MD5

    89535309d6c3041f621b2061507b21fa

    SHA1

    2a4a7d7a58a077bb789fecb313de22211952edbe

    SHA256

    64800ab14a58d7062d669dac34018a2e5e5cdd250fade664ccd2d78be5733d1c

    SHA512

    a50ee82cac21715b7d7e77154a2fe0598690a35ccb76b190413ca886481be92dd012a4e34a6cdc6d60ba70be9028995719596c2c3750e12a5e96bba4be1ae5bf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Video CodeC X\2.0.0.0\tracking.ini
    Filesize

    84B

    MD5

    662bd174aba9542274222f4768bac369

    SHA1

    8ed7282c153b614bad1a2ca52c53cc31d8463d7d

    SHA256

    08ddd333275f10ed3d23c2be72d4bcbdd7a30638e181b1afecb85414fdef6d8c

    SHA512

    56243ebfa3444b656dbd822c89b9f8157c99ca9493a52691676d7f1122b2c49b59af5ac51f319dfe000f950d0602774a4382526fc075c6a34f7f8fadf4b0f06c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Video CodeC X\2.0.0.0\{35458323-09E8-4F03-9824-3C4D544AEB88}.session
    Filesize

    4KB

    MD5

    c84d162b3f035c6864b02b9b0da3085c

    SHA1

    0cc6540955d144bcac1827e070af2b408680ffff

    SHA256

    a52a02af44a1eb9260e84f6048c45beb1cd42a372a62ea3fac2fd3493cc58245

    SHA512

    693a98f4022d6f831ad4dfd56c484e1c0abdea8bb869d9d258c9bbb8daa8dacac1a87cb43187a05795ec56b2b8afe1ff09dfef0301b0c3cf63e172a8fcb5d8b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Video CodeC X\2.0.0.0\{35458323-09E8-4F03-9824-3C4D544AEB88}.session
    Filesize

    2KB

    MD5

    4f73357193d931dbf175b646b6b5c575

    SHA1

    b6894eac93880c243183f7889c345919c96e23ca

    SHA256

    848749dcaceab691b4b780defe10585fa64290c808f70e8fc9064fc9f8c60768

    SHA512

    cbc7c62c72c38ff06a930e888ead651d763b84ad66bf56e3f79ee65d74a30bc80ff9f5de3c3f96ab0295302bb2e9010594ac1645ca44c3d6694481235f316499

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Video CodeC X\2.0.0.0\{35458323-09E8-4F03-9824-3C4D544AEB88}.session
    Filesize

    3KB

    MD5

    45bd98cae8012556fb923b213ca5b6ab

    SHA1

    e5b312a296e5d2d8e0bdc83c6b50c35f33c5241d

    SHA256

    7c5b06ac1c9fa199e28e89368dbad06cee810829c70bd99cae47cdf567a9009d

    SHA512

    3037cefc932b4c43cec201a4c6fe352f694d050431b369f8631b60882d37432cc8280f9545e3989b46e356d15057473abbeff4ef776eecb9bd25ccbcb834380d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Video CodeC X\2.0.0.0\{35458323-09E8-4F03-9824-3C4D544AEB88}.session
    Filesize

    3KB

    MD5

    7f02fb2ec3410cadf13d8d7ccce01433

    SHA1

    d74ddea7609fc992a2ebed415cb7fc590451dd58

    SHA256

    3d1c3f2062ecfeff0311ebcf423a314ead96ad6a8c4043f066c430051b0b07f2

    SHA512

    72e1e64c5cd16b143c03b571153346c5981cdb16189a299b45ebb8a17e631ef9639ab84b99e7f8a181f9a2e7acb62f362d96a6dee851de332fae93200a934f29

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Video CodeC X\2.0.0.0\{35458323-09E8-4F03-9824-3C4D544AEB88}.session
    Filesize

    3KB

    MD5

    3fef2d800f6c98295e8902e2616aaa7b

    SHA1

    055b8cb676b8c86548d53b0db3cbfe6561c192c6

    SHA256

    95006281c914e9cac887adf4114705b78d5070dc67ae2f3597527d519485f783

    SHA512

    e30c93d2405a2cf237648c56bfd251c3a8e114fa0de8e90b30480c7eb6ff376c63b49c21c1f7b1062962a515288653bc82364ed14241817498052467aa1cd7a7

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Video CodeC X\Video CodeC X 2.0.0.0\install\F1CBFAF\Video CodeC X.msi
    Filesize

    1.1MB

    MD5

    5a62fc6cb914c167550b337e86e8a933

    SHA1

    7a6bf8f179aed33057a694966b45a7928f1698b7

    SHA256

    f32c666abd8d50bce93391840de7c8d9969b75d42aea3bee61d68be411e3ffe3

    SHA512

    6a64db837e86eed6b2227b6e3df35a1f9f761cac890ea1475a1c42ec4c511bd3a622737ccfd133a5682c0ca226d046dfb60140c7001be40c574e41f10df396b9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Video CodeC X\Video CodeC X 2.0.0.0\install\F1CBFAF\bsoderror.exe
    Filesize

    84KB

    MD5

    ea3ad4540a9411f051d52788dde2cb53

    SHA1

    641e87b35a4d31d41a1bb842190e6cd830ddea63

    SHA256

    3b5d9aadfdb9c1257ef84e33cdad67cd818334ec8fd40e0968b8b71e2a0eef95

    SHA512

    2f39c3caaf28b2ca592f6268ae0750fa36ecf9eeceaf3a1846162914129a794c0c0224cc7e6c6e55cc2f0b65a18d3e2c1c9bc86252799635e22f4c50ce196c33

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Video CodeC X\Video CodeC X 2.0.0.0\install\decoder.dll
    Filesize

    126KB

    MD5

    3531cf7755b16d38d5e9e3c43280e7d2

    SHA1

    19981b17ae35b6e9a0007551e69d3e50aa1afffe

    SHA256

    76133e832c15aa5cbc49fb3ba09e0b8dd467c307688be2c9e85e79d3bf62c089

    SHA512

    7b053ba2cf92ef2431b98b2a06bd56340dad94de36d11e326a80cd61b9acb378ac644ac407cf970f4ef8333b8d3fb4ff40b18bb41ec5aee49d79a6a2adcf28fd

    Download Submit

  • C:\Windows\Installer\MSI7F1F.tmp
    Filesize

    180KB

    MD5

    d552dd4108b5665d306b4a8bd6083dde

    SHA1

    dae55ccba7adb6690b27fa9623eeeed7a57f8da1

    SHA256

    a0367875b68b1699d2647a748278ebce64d5be633598580977aa126a81cf57c5

    SHA512

    e5545a97014b5952e15bb321135f65c0e24414f8dd606fe454fd2d048d3f769b9318df7cfb2a6bf932eb2bf6d79811b93cb2008115deb0f0fa9db07f32a70969

    Download Submit

  • C:\Windows\Installer\MSI7FFB.tmp
    Filesize

    88KB

    MD5

    4083cb0f45a747d8e8ab0d3e060616f2

    SHA1

    dcec8efa7a15fa432af2ea0445c4b346fef2a4d6

    SHA256

    252b7423b01ff81aea6fe7b40de91abf49f515e9c0c7b95aa982756889f8ac1a

    SHA512

    26f8949cad02334f9942fda8509579303b81b11bc052a962c5c31a7c6c54a1c96957f30ee241c2206d496d2c519d750d7f6a12b52afdb282fa706f9fee385133

    Download Submit

  • C:\Windows\Installer\MSI8241.tmp
    Filesize

    96KB

    MD5

    3cab78d0dc84883be2335788d387601e

    SHA1

    14745df9595f190008c7e5c190660361f998d824

    SHA256

    604e79fe970c5ed044517a9a35e4690ea6f7d959d21173ebef45cdd3d3a22bdd

    SHA512

    df6b49f2b5cddebd7e23e81b0f89e4883fc12d95735a9b3f84d2f402f4996c54b5fdea8adb9eaa98e8c973b089656d18d6b322bd71cb42d7807f7fa8a7348820

    Download Submit

  • C:\Windows\Installer\MSI8252.tmp
    Filesize

    128KB

    MD5

    7e6b88f7bb59ec4573711255f60656b5

    SHA1

    5e7a159825a2d2cb263a161e247e9db93454d4f6

    SHA256

    59ff5bc12b155cc2e666bd8bc34195c3750eb742542374fc5e53fb22d11e862f

    SHA512

    294a379c99403f928d476e04668717cdabc7dc3e33bcf6bcad5c3d93d4268971811ff7303aa5b4b2ed2b59d59c8eba350a9a30888d4b5b3064708521ac21439c

    Download Submit

  • C:\Windows\Installer\MSI8291.tmp
    Filesize

    312KB

    MD5

    aa82345a8f360804ea1d8d935f0377aa

    SHA1

    c09cf3b1666d9192fa524c801bb2e3542c0840e2

    SHA256

    9c155d4214cebda186647c035ada552963dcac8f88a6b38a23ea34f9ecd1d437

    SHA512

    c051a381d87ba933ea7929c899fb01af2207cb2462dcb2b55c28cff65596b27bdb05a48207624eeea40fddb85003133ad7af09ca93cfb2426c155daea5a9a6db

    Download Submit