Analysis
-
max time kernel
132s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
06/12/2024, 18:11
General
-
Target
Family Guy S1xE2 The broccoli must die.mp3
-
Size
321KB
-
MD5
4b488aefbc3b75599a8875694daf54e9
-
SHA1
e4158542b96e29c07942261ecb8dab38b673f5e5
-
SHA256
68d54867643f1c0c4d77051d87c29d520062d8eb6473e953653d93ddcdd1bd92
-
SHA512
555a0e22593b3bea910d4cc0082889b334435b47bac7bbc5d4df19212ceba3d619ddef026ef8f21462122649e1d85ad3682bf9266f9c629831982ac3bc4d914d
-
SSDEEP
6144:HJD+tGGDQni8qFyFt6UE8LLpgpH00+YMDngNESkK2hlI8QWZ6Y3CFi23XH0PcOqE:1+XMoEgUBPg00+1fK2hKMZ5yFtL/rM1j
Malware Config
Signatures
-
Drops desktop.ini file(s) 7 IoCs
-
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Windows directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Program Files (x86)\Windows Media Player\wmplayer.exe"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Family Guy S1xE2 The broccoli must die.mp3"1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\unregmp2.exe"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\unregmp2.exe"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT3⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost1⤵
- Drops file in Windows directory
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x38c 0x4ec1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5987a07b978cfe12e4ce45e513ef86619
SHA122eec9a9b2e83ad33bedc59e3205f86590b7d40c
SHA256f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8
SHA51239b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa
-
Filesize
1024KB
MD555244c4e4318ed064e302b25d324da55
SHA156fca4625ef9e18d7c70ecb02d2152c9c9547fc9
SHA256c632ff5df993073c12a0c6978fc7ddb204418de2877563e14401125e7a24ffea
SHA5124995de7fd6f44fab560d01e039b3e8402d8758aec2a79ca3942655579c33b873769ea495bc1102c8f69aeee9c39bddd205a45087e1eb2db8cff74b5611d229f7
-
Filesize
68KB
MD5a51f42b3421fcde4f4dffc98023a3af3
SHA12a7042c047161bd6c37ee20431cc33fcdc67d6f4
SHA256e5f6d871a513b92fac5d93d847c8b25bbb347dedc9e8427c4dc05df68defc4c6
SHA51295812f88d096b91ee98ed549c76e4e36165ac5cc21114d1d0309221294e208b9e3e88c1e91a2548fcb9da6e84504f6b1a01c27ac901b371cb88761df84756e7b
-
Filesize
498B
MD590be2701c8112bebc6bd58a7de19846e
SHA1a95be407036982392e2e684fb9ff6602ecad6f1e
SHA256644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf
SHA512d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe
-
Filesize
9KB
MD55433eab10c6b5c6d55b7cbd302426a39
SHA1c5b1604b3350dab290d081eecd5389a895c58de5
SHA25623dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131
SHA512207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34
-
Filesize
1KB
MD5c7bbdfade8807ee281ae34e396d737c1
SHA10662135a78459fb868d36fa7fa224a09700bd7be
SHA256bf6be7559cfc83f40a83c6b1c72445d12514a578232a6694166c9d19187a4891
SHA5124edcb6325f93694ad156f069480b7b36b92cc3c990e1f8d3abc589c2b26a58df9c821683e78bb8781012ab4972ecb167210b8e143ec7458a35fee2fe3d00b2bc
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB