Analysis

  • max time kernel
    316s
  • max time network
    516s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2024 14:37

General

  • Target

    Sols RNG [Eon 1-1] - ROLLING OBLIVION IN GLITCH BIOME!!! (WITH REACTION) 480.mp4

  • Size

    8.1MB

  • MD5

    7a922dc11e75f0a29f8301a7c7618c2b

  • SHA1

    a147bf976557d00e7bf0dcbaf7e43fec5277d9e6

  • SHA256

    b20976ed9b7d2c8cab61375a83d302258858ee57b5f497a431763b1a8e9ca2dc

  • SHA512

    48e08ab89618b6eb4ef86929e5e176d103d9c28909cfeaa47e457e7a7233f2cf1886bcb07abd38dbddf7fae5b224312a8112061ec994b9a38e6980f1ed8c921b

  • SSDEEP

    196608:HsIcL0wGqPi/xOuRu40kE/afekLeZl4zuKQXlRSqesHnaE+YR:HHwbKc4FE/a3Sl1Xnx6EP

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 57 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Sols RNG [Eon 1-1] - ROLLING OBLIVION IN GLITCH BIOME!!! (WITH REACTION) 480.mp4"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2244
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2928
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef05a9758,0x7fef05a9768,0x7fef05a9778
      2⤵
        PID:1956
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1364,i,5773818467547232019,3483956621798478746,131072 /prefetch:2
        2⤵
          PID:2280
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1364,i,5773818467547232019,3483956621798478746,131072 /prefetch:8
          2⤵
            PID:2652
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1364,i,5773818467547232019,3483956621798478746,131072 /prefetch:8
            2⤵
              PID:3028
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2188 --field-trial-handle=1364,i,5773818467547232019,3483956621798478746,131072 /prefetch:1
              2⤵
                PID:2096
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2216 --field-trial-handle=1364,i,5773818467547232019,3483956621798478746,131072 /prefetch:1
                2⤵
                  PID:1476
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1500 --field-trial-handle=1364,i,5773818467547232019,3483956621798478746,131072 /prefetch:2
                  2⤵
                    PID:1624
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1132 --field-trial-handle=1364,i,5773818467547232019,3483956621798478746,131072 /prefetch:1
                    2⤵
                      PID:3012
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3968 --field-trial-handle=1364,i,5773818467547232019,3483956621798478746,131072 /prefetch:1
                      2⤵
                        PID:2668
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3892 --field-trial-handle=1364,i,5773818467547232019,3483956621798478746,131072 /prefetch:8
                        2⤵
                          PID:952
                      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                        1⤵
                          PID:1960

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

                          Filesize

                          215KB

                          MD5

                          d79b35ccf8e6af6714eb612714349097

                          SHA1

                          eb3ccc9ed29830df42f3fd129951cb8b791aaf98

                          SHA256

                          c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

                          SHA512

                          f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                          Filesize

                          168B

                          MD5

                          485dcbbaa007d730f477175d7a3ec62d

                          SHA1

                          67ddc7637c7067245f4442c2d2375ae362a92662

                          SHA256

                          a2ce979df0e791c569537d42150006630c887d685add6817869852416a4ec1bd

                          SHA512

                          a7fe56b9adb5ca0ccdf2b25700421d53f61f85c14831f7c5ccf90075623b47a0c6c9ec428a45cf0a5b3029f556c226d59e5708b5a033526ef0375f2597cc656d

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

                          Filesize

                          16B

                          MD5

                          aefd77f47fb84fae5ea194496b44c67a

                          SHA1

                          dcfbb6a5b8d05662c4858664f81693bb7f803b82

                          SHA256

                          4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                          SHA512

                          b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                          Filesize

                          264KB

                          MD5

                          f50f89a0a91564d0b8a211f8921aa7de

                          SHA1

                          112403a17dd69d5b9018b8cede023cb3b54eab7d

                          SHA256

                          b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                          SHA512

                          bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                          Filesize

                          1KB

                          MD5

                          959bd5f8b5e717d486e0974518993b97

                          SHA1

                          a4844f7c1456a966affaab179e516efec28b349e

                          SHA256

                          32ace6838622a7bc2570dadc311f9776f93de28ea693f73ec04f176375dcb5cc

                          SHA512

                          a1a62a3391068406562e22bef9fb768cf3bc71df8252567069e8a1e62934b3230c7ce3d45928972f5d74ce42181e20a3fc908ec74255b5bfb67b0e339cea07d5

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                          Filesize

                          1KB

                          MD5

                          9b39248a453003a495a9d865727c4bed

                          SHA1

                          6e4c09987df2605aa0d3951f6fe75ed48f6726da

                          SHA256

                          8e08cc5ed020a0b3dba4ab5a05c0e4dfd29bc5d99b8cb8e77e35bbd6db568fe1

                          SHA512

                          1391f07bbac35be6b8badb305abc93a186016e63bfc73a8dcf589627eba7129872dda13ce1059218ce85e9e3e4ae8aae8a4319503e5eeceb8c4a31f820ceb9b6

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                          Filesize

                          363B

                          MD5

                          3078d2c3841a78bef29f458b32a41070

                          SHA1

                          d1bf1502b87e736852d9a992c859093fd19e119f

                          SHA256

                          80045462141159c999464884b1bd497ff186f69de079c120363e47211ecda1e4

                          SHA512

                          8466df00886f7eefdd462b5b9ff8d663fe94565ef98315217a3e5ab2a34c26ccdcf95d1d4996e3844fabdf4756578e46affc0e0f0a37d3294458f16aa36a3fc4

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          5KB

                          MD5

                          ebcee36aa2a9e31fe2f6a4d62476ab6f

                          SHA1

                          cbb7492277495092f4b0e5ef3745818e8cba2d5c

                          SHA256

                          3b06a5803f1e45f288509571f61004ed775fcedd920796c2cb61ff091c1d668f

                          SHA512

                          897715a46564d1cf36cbbe8a4790f30a6a9854156fe628ef733e3de125f3d3cd0d17d52a5609b6645a741c548501d728839379e936d0a0105429b20f27c41ece

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          6KB

                          MD5

                          2206d548f2e89c6138642f4e0cb4def7

                          SHA1

                          9a191d080b776cd1218c7988d2f98d99ec5c4579

                          SHA256

                          035742efb0990ed192437cf0c02178f68f9f065307483fb741397849ba15156f

                          SHA512

                          6726fbe962cf6894d23e70c9aba623b7e60b15e151e21cdb55ff42137e2fcf2b9e5f1339015bca9eef48c694607e8fa3e838971370f4f287837ce8cdbb4a036f

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          5KB

                          MD5

                          7d1ce0ce98f7d69c0018b4816da6803b

                          SHA1

                          dd0e0c642124ca2853a9314fbdda6c902385508d

                          SHA256

                          f6be66b499b29abe19a9a5528df1fcbc6dbd1016b9b9dd6655e7aed4b194ca79

                          SHA512

                          f685c9220fa07f2de17a6f078aea46a672f48a821aa55bf41887c9f5075658202073eb81e97f084a5a324f7e7fa28ab5463781992c5e7b03ab77771717d2fdad

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

                          Filesize

                          16B

                          MD5

                          18e723571b00fb1694a3bad6c78e4054

                          SHA1

                          afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                          SHA256

                          8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                          SHA512

                          43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                        • memory/2244-40-0x000007FEF34A0000-0x000007FEF34F7000-memory.dmp

                          Filesize

                          348KB

                        • memory/2244-39-0x000007FEF3500000-0x000007FEF366B000-memory.dmp

                          Filesize

                          1.4MB

                        • memory/2244-10-0x000007FEFBF70000-0x000007FEFBF88000-memory.dmp

                          Filesize

                          96KB

                        • memory/2244-18-0x000007FEF6CD0000-0x000007FEF6D11000-memory.dmp

                          Filesize

                          260KB

                        • memory/2244-17-0x000007FEF6550000-0x000007FEF675B000-memory.dmp

                          Filesize

                          2.0MB

                        • memory/2244-33-0x000007FEF51B0000-0x000007FEF5330000-memory.dmp

                          Filesize

                          1.5MB

                        • memory/2244-32-0x000007FEF5330000-0x000007FEF5387000-memory.dmp

                          Filesize

                          348KB

                        • memory/2244-31-0x000007FEF5390000-0x000007FEF53A1000-memory.dmp

                          Filesize

                          68KB

                        • memory/2244-19-0x000007FEF54A0000-0x000007FEF6550000-memory.dmp

                          Filesize

                          16.7MB

                        • memory/2244-30-0x000007FEF53B0000-0x000007FEF542C000-memory.dmp

                          Filesize

                          496KB

                        • memory/2244-29-0x000007FEF5430000-0x000007FEF5497000-memory.dmp

                          Filesize

                          412KB

                        • memory/2244-28-0x000007FEF6B40000-0x000007FEF6B70000-memory.dmp

                          Filesize

                          192KB

                        • memory/2244-27-0x000007FEF6B70000-0x000007FEF6B88000-memory.dmp

                          Filesize

                          96KB

                        • memory/2244-26-0x000007FEF6B90000-0x000007FEF6BA1000-memory.dmp

                          Filesize

                          68KB

                        • memory/2244-25-0x000007FEF6BB0000-0x000007FEF6BCB000-memory.dmp

                          Filesize

                          108KB

                        • memory/2244-24-0x000007FEF6BD0000-0x000007FEF6BE1000-memory.dmp

                          Filesize

                          68KB

                        • memory/2244-23-0x000007FEF6BF0000-0x000007FEF6C01000-memory.dmp

                          Filesize

                          68KB

                        • memory/2244-22-0x000007FEF6CB0000-0x000007FEF6CC1000-memory.dmp

                          Filesize

                          68KB

                        • memory/2244-21-0x000007FEF6E90000-0x000007FEF6EA8000-memory.dmp

                          Filesize

                          96KB

                        • memory/2244-20-0x000007FEF6C10000-0x000007FEF6C31000-memory.dmp

                          Filesize

                          132KB

                        • memory/2244-38-0x000007FEF3670000-0x000007FEF36BD000-memory.dmp

                          Filesize

                          308KB

                        • memory/2244-37-0x000007FEF36C0000-0x000007FEF3702000-memory.dmp

                          Filesize

                          264KB

                        • memory/2244-13-0x000007FEF73A0000-0x000007FEF73B7000-memory.dmp

                          Filesize

                          92KB

                        • memory/2244-41-0x000007FEF3250000-0x000007FEF3491000-memory.dmp

                          Filesize

                          2.3MB

                        • memory/2244-42-0x000007FEF7950000-0x000007FEF7960000-memory.dmp

                          Filesize

                          64KB

                        • memory/2244-44-0x000007FEF3200000-0x000007FEF3211000-memory.dmp

                          Filesize

                          68KB

                        • memory/2244-45-0x000007FEF31E0000-0x000007FEF31F6000-memory.dmp

                          Filesize

                          88KB

                        • memory/2244-43-0x000007FEF3220000-0x000007FEF324F000-memory.dmp

                          Filesize

                          188KB

                        • memory/2244-34-0x000007FEF3940000-0x000007FEF51AF000-memory.dmp

                          Filesize

                          24.4MB

                        • memory/2244-11-0x000007FEFB920000-0x000007FEFB937000-memory.dmp

                          Filesize

                          92KB

                        • memory/2244-36-0x000007FEF3710000-0x000007FEF3722000-memory.dmp

                          Filesize

                          72KB

                        • memory/2244-35-0x000007FEF3730000-0x000007FEF3936000-memory.dmp

                          Filesize

                          2.0MB

                        • memory/2244-46-0x000007FEF3110000-0x000007FEF31D5000-memory.dmp

                          Filesize

                          788KB

                        • memory/2244-47-0x000007FEF30C0000-0x000007FEF3102000-memory.dmp

                          Filesize

                          264KB

                        • memory/2244-48-0x000007FEF3050000-0x000007FEF30B2000-memory.dmp

                          Filesize

                          392KB

                        • memory/2244-50-0x000007FEF2FC0000-0x000007FEF2FD3000-memory.dmp

                          Filesize

                          76KB

                        • memory/2244-49-0x000007FEF2FE0000-0x000007FEF304D000-memory.dmp

                          Filesize

                          436KB

                        • memory/2244-57-0x000007FEF2700000-0x000007FEF2711000-memory.dmp

                          Filesize

                          68KB

                        • memory/2244-56-0x000007FEF2BD0000-0x000007FEF2BE3000-memory.dmp

                          Filesize

                          76KB

                        • memory/2244-55-0x000007FEF2BF0000-0x000007FEF2C02000-memory.dmp

                          Filesize

                          72KB

                        • memory/2244-59-0x000007FEF2640000-0x000007FEF2687000-memory.dmp

                          Filesize

                          284KB

                        • memory/2244-61-0x000007FEF2450000-0x000007FEF2461000-memory.dmp

                          Filesize

                          68KB

                        • memory/2244-62-0x000007FEF0630000-0x000007FEF067E000-memory.dmp

                          Filesize

                          312KB

                        • memory/2244-64-0x000007FEF1E20000-0x000007FEF1E54000-memory.dmp

                          Filesize

                          208KB

                        • memory/2244-63-0x000007FEF05D0000-0x000007FEF0627000-memory.dmp

                          Filesize

                          348KB

                        • memory/2244-60-0x000007FEF25C0000-0x000007FEF2634000-memory.dmp

                          Filesize

                          464KB

                        • memory/2244-58-0x000007FEF2690000-0x000007FEF26F1000-memory.dmp

                          Filesize

                          388KB

                        • memory/2244-9-0x000007FEF6760000-0x000007FEF6A16000-memory.dmp

                          Filesize

                          2.7MB

                        • memory/2244-14-0x000007FEF6EF0000-0x000007FEF6F01000-memory.dmp

                          Filesize

                          68KB

                        • memory/2244-15-0x000007FEF6ED0000-0x000007FEF6EED000-memory.dmp

                          Filesize

                          116KB

                        • memory/2244-16-0x000007FEF6EB0000-0x000007FEF6EC1000-memory.dmp

                          Filesize

                          68KB

                        • memory/2244-12-0x000007FEF73C0000-0x000007FEF73D1000-memory.dmp

                          Filesize

                          68KB

                        • memory/2244-7-0x000000013F670000-0x000000013F768000-memory.dmp

                          Filesize

                          992KB

                        • memory/2244-8-0x000007FEF7510000-0x000007FEF7544000-memory.dmp

                          Filesize

                          208KB

                        • memory/2244-54-0x000007FEF2C10000-0x000007FEF2C33000-memory.dmp

                          Filesize

                          140KB

                        • memory/2244-53-0x000007FEF2C40000-0x000007FEF2C55000-memory.dmp

                          Filesize

                          84KB

                        • memory/2244-51-0x000007FEF2C80000-0x000007FEF2F30000-memory.dmp

                          Filesize

                          2.7MB

                        • memory/2244-52-0x000007FEF2C60000-0x000007FEF2C71000-memory.dmp

                          Filesize

                          68KB

                        • memory/2244-67-0x000007FEF6760000-0x000007FEF6A16000-memory.dmp

                          Filesize

                          2.7MB