9ed5767db68fb669b3f18a0565cae471ee3800b94a187c4512e5a6691797c511

Resubmissions

27/11/2024, 20:39

241127-zfpdtszjes 6

27/11/2024, 20:33

25/11/2024, 22:14

25/11/2024, 20:57

28/09/2024, 18:21

Analysis

max time kernel
111s
max time network
109s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
25/11/2024, 22:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sounds/4.wav
Size

123KB
MD5

0616ba6aa33fcc59c46f7edaea9b3e9e
SHA1

de8c5b7aa0fad5b935f11d92ba06adfca744cdbd
SHA256

564eeafa8c6eebcd622883c2acf0addb3c8537a52cc47e80e0ebf52e23f66900
SHA512

be6fd3fe877f1128af6d48bafd628889c7f0cc424282a597a5d5dc36dc290d05bfa57d1863673659548ffdfd8f586ecbc59c4b022629ce9b1e50643ccce7d2e4
SSDEEP

1536:ZJFxkxpx2cAfdvjpxBOeWssCLKBuovpY84HyMSuZ5aHxOreLl95vof376bOrDGtm:HjOpZMhWCLKB/Ne5nrW5voz9PG4k

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1952	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1952	vlc.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	4376	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4376	AUDIODG.EXE
Token: 33	1952	vlc.exe
Token: SeIncBasePriorityPrivilege	1952	vlc.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
1952	vlc.exe
1952	vlc.exe
1952	vlc.exe
1952	vlc.exe
1952	vlc.exe
1952	vlc.exe
1952	vlc.exe
1952	vlc.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
1952	vlc.exe
1952	vlc.exe
1952	vlc.exe
1952	vlc.exe
1952	vlc.exe
1952	vlc.exe
1952	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1952	vlc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\sounds\4.wav"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1952

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e4 0x2ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1952-5-0x00007FF71C3A0000-0x00007FF71C498000-memory.dmp

Filesize
992KB

Download
memory/1952-6-0x00007FFF160F0000-0x00007FFF16124000-memory.dmp

Filesize
208KB

Download
memory/1952-8-0x00007FFF1BE30000-0x00007FFF1BE48000-memory.dmp

Filesize
96KB

Download
memory/1952-14-0x00007FFF15FC0000-0x00007FFF15FD1000-memory.dmp

Filesize
68KB

Download
memory/1952-12-0x00007FFF160D0000-0x00007FFF160E1000-memory.dmp

Filesize
68KB

Download
memory/1952-11-0x00007FFF16300000-0x00007FFF16317000-memory.dmp

Filesize
92KB

Download
memory/1952-10-0x00007FFF19930000-0x00007FFF19941000-memory.dmp

Filesize
68KB

Download
memory/1952-9-0x00007FFF1BCA0000-0x00007FFF1BCB7000-memory.dmp

Filesize
92KB

Download
memory/1952-7-0x00007FFF06920000-0x00007FFF06BD6000-memory.dmp

Filesize
2.7MB

Download
memory/1952-13-0x00007FFF15FE0000-0x00007FFF15FFD000-memory.dmp

Filesize
116KB

Download
memory/1952-15-0x00007FFF06710000-0x00007FFF0691B000-memory.dmp

Filesize
2.0MB

Download
memory/1952-20-0x00007FFF15E50000-0x00007FFF15E61000-memory.dmp

Filesize
68KB

Download
memory/1952-18-0x00007FFF15E90000-0x00007FFF15EB1000-memory.dmp

Filesize
132KB

Download
memory/1952-17-0x00007FFF15F70000-0x00007FFF15FB1000-memory.dmp

Filesize
260KB

Download
memory/1952-22-0x00007FFF15D40000-0x00007FFF15D51000-memory.dmp

Filesize
68KB

Download
memory/1952-21-0x00007FFF15D60000-0x00007FFF15D71000-memory.dmp

Filesize
68KB

Download
memory/1952-19-0x00007FFF15E70000-0x00007FFF15E88000-memory.dmp

Filesize
96KB

Download
memory/1952-16-0x00007FFF05660000-0x00007FFF06710000-memory.dmp

Filesize
16.7MB

Download