Overview

overview

6

Static

static

1

1101.mp4

windows7-x64

6

1101.mp4

windows10-2004-x64

6

Resubmissions

08-12-2024 11:26

241208-njzhesskcy 6

09-11-2024 16:51

241109-vc24as1lgj 10

Analysis

  • max time kernel
    64s
  • max time network
    69s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-12-2024 11:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1101.mp4

  • Size

    94.1MB

  • MD5

    85d336d15357f8959cd9ae5625d2bede

  • SHA1

    6fbb5b9c69dceacd9bb14b88c446d7582b89da25

  • SHA256

    7b74a2825e4352648153af617a569148e5f1622b545ca0687294cc495e4e608d

  • SHA512

    93d635eded48c0687ef6e599d3aa6c47ad534b272fcf3f8b5bd3a9e77895a351b170ecc73501b2efd100002c881b050d45aa239a22ad6294c6f34d01a4536e5d

  • SSDEEP

    1572864:jUmwT45vSpJqY9FWAwK/Wf28BxV496iaFNCSXHgTVl9iweVkh7J+je0DfIspWkuL:9wT9/9nrKy6iaqIA5izDwspWks

Score
6/10
discovery

Malware Config

Signatures

  • Drops desktop.ini file(s) 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 2 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 19 IoCs
  • Suspicious use of FindShellTrayWindow 42 IoCs
  • Suspicious use of SendNotifyMessage 41 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\1101.mp4"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:3964
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2844
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:4656
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 2348
      2⤵
      • Program crash
      PID:3960
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:1880
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x470 0x304
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4856
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1916
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3964 -ip 3964
    1⤵
      PID:3008

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
      Filesize

      384KB

      MD5

      c7ca2711d80cd052da0d98ce7e6dec6b

      SHA1

      b051f0425224cf70e3a10636c21bf113bd1cd301

      SHA256

      a0c1147d7f6adb99735dc3fa370ef6fb8e6ddd3687eb7afd677af5c71df6957f

      SHA512

      487b985fe8a4fb9a0cb59ffb0b485133e0b089115e36b9bc3f0cbb64babd899daf1b282a9554b45874a59a4c7d9c07db370650c28a5731bde50f52e66a0fc0af

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
      Filesize

      1024KB

      MD5

      b192846b65a9beb4bb1c725e70a19937

      SHA1

      a20f2af519cb31d0efbb9f8d40fe2900ae0b58d5

      SHA256

      100322f23b072326d61a47ae5c2756ce2bb9a3489947a1763041bae888fa028b

      SHA512

      8d4bbe6c6c5f13dcaa1405f115526ff70f9642592a09a156034f813b1835a5753b9258eacd6b45e1f4fbd359076df30d1374182ab59f23327b1acd787c236718

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
      Filesize

      68KB

      MD5

      6a108d3f0dbcd2220d1ab74d7553f149

      SHA1

      3b9d7f07707bb44a8398c51929d5058b63e83f16

      SHA256

      f6ebd03447374adbe6a63d11c42a7843a834942957f23d1b8fb80d619e0b29a7

      SHA512

      65d16c386952db34e0241de076bbe7cd72f60c01da90bbcfde7cbdefbb3c26ec122834e7b4fb082824ab368ab423a55c7ba4ea1e97cb3872fceff8720bfc5493

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
      Filesize

      498B

      MD5

      90be2701c8112bebc6bd58a7de19846e

      SHA1

      a95be407036982392e2e684fb9ff6602ecad6f1e

      SHA256

      644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

      SHA512

      d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
      Filesize

      9KB

      MD5

      5433eab10c6b5c6d55b7cbd302426a39

      SHA1

      c5b1604b3350dab290d081eecd5389a895c58de5

      SHA256

      23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131

      SHA512

      207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
      Filesize

      9KB

      MD5

      7050d5ae8acfbe560fa11073fef8185d

      SHA1

      5bc38e77ff06785fe0aec5a345c4ccd15752560e

      SHA256

      cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

      SHA512

      a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
      Filesize

      1KB

      MD5

      7b04d7af14ba77307cf167f020ab45aa

      SHA1

      2d53c127c19ab1f40117266864d75734b3f6bcbf

      SHA256

      ceccfe1a4d5d6515506589b4e541682256530a8262c7b33240937c92bf931409

      SHA512

      07f20d796bf6b1b39dd86b7e811f0220c798bf24c9290f6c07f0615d91d982ce64e3530c15621878c5b8468192281c249a81664c3f6450edef64b28a52aea674

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms
      Filesize

      3KB

      MD5

      ddbcdeecf8ebaa40828da13192ff59c2

      SHA1

      b90a06d0f18c7cb89d908d62cde500c573056058

      SHA256

      247a8561a08bbb1e31700aec1d3d71f3eaf27e67634b62652c742113509dbbab

      SHA512

      e4e8e333838ceff7a9bb221693d5f6e55cfab15ff07b615d354d42ba60ba4214858c6b21fb08caef9f4b390a5f399a15de5a342007be1b6c6d9906b44ee0a6fc

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms
      Filesize

      1KB

      MD5

      1e68c1ca387912f843be9ecdfc27791f

      SHA1

      c6c6bbb9cdc0facb03e64e04cb989428bb979731

      SHA256

      4e54a99dc80fa35695c19e17958a0eaae069435f272e5e1306dd0ca90473f193

      SHA512

      cfee1151d5e75aacc018916d639ae8a63b014b4d3e59a28c128278fa96bc3a9367aec9311ba7592dbd4a6cebf3bb9a5a86059a8b19d9cf0a2a85f28635ab1757

      Download Submit

    • memory/1916-64-0x0000026C41F10000-0x0000026C41F11000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1916-54-0x0000026C41F10000-0x0000026C41F11000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1916-55-0x0000026C41F10000-0x0000026C41F11000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1916-59-0x0000026C41F10000-0x0000026C41F11000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1916-60-0x0000026C41F10000-0x0000026C41F11000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1916-62-0x0000026C41F10000-0x0000026C41F11000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1916-53-0x0000026C41F10000-0x0000026C41F11000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1916-61-0x0000026C41F10000-0x0000026C41F11000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1916-63-0x0000026C41F10000-0x0000026C41F11000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1916-65-0x0000026C41F10000-0x0000026C41F11000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3964-89-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-98-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-47-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-46-0x0000000007060000-0x0000000007070000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-42-0x0000000004720000-0x0000000004730000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-50-0x0000000004720000-0x0000000004730000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-49-0x0000000004720000-0x0000000004730000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-51-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-79-0x0000000004BA0000-0x0000000004BB0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-80-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-81-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-82-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-83-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-85-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-84-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-87-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-88-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-45-0x0000000004720000-0x0000000004730000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-90-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-86-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-91-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-92-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-93-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-96-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-95-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-94-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-97-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-48-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-99-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-100-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-101-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-103-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-104-0x0000000004BA0000-0x0000000004BB0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-102-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-105-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-106-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-107-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-109-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-112-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-115-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-114-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-113-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-111-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-110-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-108-0x0000000009250000-0x0000000009260000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-116-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-117-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-119-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-121-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-120-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-118-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-122-0x0000000009320000-0x0000000009330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-44-0x0000000004720000-0x0000000004730000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3964-43-0x0000000004720000-0x0000000004730000-memory.dmp

      Filesize

      64KB

      Download