9ed5767db68fb669b3f18a0565cae471ee3800b94a187c4512e5a6691797c511

Resubmissions

27-11-2024 20:39

241127-zfpdtszjes 6

27-11-2024 20:33

25-11-2024 22:14

25-11-2024 20:57

28-09-2024 18:21

Analysis

max time kernel
111s
max time network
105s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
25-11-2024 22:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sounds/1.wav
Size

38KB
MD5

583f4e6b4bb00dd4b9dfaf7338f6f414
SHA1

53945099d5cd5c745d2d86f17233fe4fe20c005b
SHA256

d260aa325d9fd4ac15bcfcf092270726451577477919bd42a1640585d71c7974
SHA512

79f075db2a5b907d0536314224adc47d7f9f998a4df126a87f06a78b7ac91fa0675117002699c7d8ba0ebcb8c60744bf95ea07aff48095f7c673d11bfe24bf4f
SSDEEP

768:1yQV2HPUBwhwcTfGuP9u3cz2WTSCbWUaRn+8xFI0:1qHqU/PMNsVAR+8xF7

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1836	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1836	vlc.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	3460	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3460	AUDIODG.EXE
Token: 33	1836	vlc.exe
Token: SeIncBasePriorityPrivilege	1836	vlc.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
1836	vlc.exe
1836	vlc.exe
1836	vlc.exe
1836	vlc.exe
1836	vlc.exe
1836	vlc.exe
1836	vlc.exe
1836	vlc.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
1836	vlc.exe
1836	vlc.exe
1836	vlc.exe
1836	vlc.exe
1836	vlc.exe
1836	vlc.exe
1836	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1836	vlc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\sounds\1.wav"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1836

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x44c 0x308
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1836-6-0x00007FFFC3E60000-0x00007FFFC3E94000-memory.dmp

Filesize
208KB

Download
memory/1836-5-0x00007FF7D7E40000-0x00007FF7D7F38000-memory.dmp

Filesize
992KB

Download
memory/1836-12-0x00007FFFC37E0000-0x00007FFFC37F1000-memory.dmp

Filesize
68KB

Download
memory/1836-14-0x00007FFFC37A0000-0x00007FFFC37B1000-memory.dmp

Filesize
68KB

Download
memory/1836-15-0x00007FFFB4B20000-0x00007FFFB4D2B000-memory.dmp

Filesize
2.0MB

Download
memory/1836-16-0x00007FFFBEDA0000-0x00007FFFBEDE1000-memory.dmp

Filesize
260KB

Download
memory/1836-13-0x00007FFFC37C0000-0x00007FFFC37DD000-memory.dmp

Filesize
116KB

Download
memory/1836-11-0x00007FFFC45A0000-0x00007FFFC45B7000-memory.dmp

Filesize
92KB

Download
memory/1836-10-0x00007FFFC4920000-0x00007FFFC4931000-memory.dmp

Filesize
68KB

Download
memory/1836-7-0x00007FFFB4F20000-0x00007FFFB51D6000-memory.dmp

Filesize
2.7MB

Download
memory/1836-9-0x00007FFFC4670000-0x00007FFFC4687000-memory.dmp

Filesize
92KB

Download
memory/1836-8-0x00007FFFC4BE0000-0x00007FFFC4BF8000-memory.dmp

Filesize
96KB

Download
memory/1836-19-0x00007FFFC0270000-0x00007FFFC0288000-memory.dmp

Filesize
96KB

Download
memory/1836-18-0x00007FFFC3770000-0x00007FFFC3791000-memory.dmp

Filesize
132KB

Download
memory/1836-22-0x00007FFFBB160000-0x00007FFFBB171000-memory.dmp

Filesize
68KB

Download
memory/1836-21-0x00007FFFBD2C0000-0x00007FFFBD2D1000-memory.dmp

Filesize
68KB

Download
memory/1836-20-0x00007FFFBD2E0000-0x00007FFFBD2F1000-memory.dmp

Filesize
68KB

Download
memory/1836-17-0x00007FFFB3A70000-0x00007FFFB4B20000-memory.dmp

Filesize
16.7MB

Download
memory/1836-53-0x00007FFFB3A70000-0x00007FFFB4B20000-memory.dmp

Filesize
16.7MB

Download