9e1c62eb882475a97643802f9b4ee456837abff20b9c23b7805504b6fa99b5e6

Analysis

max time kernel
145s
max time network
140s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
24-01-2025 11:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fall.exe
Size

903KB
MD5

b86a2a0af835000d484d496fec1d5ffc
SHA1

dfe20835aba1f39c124d540e925c67cc02910200
SHA256

9e1c62eb882475a97643802f9b4ee456837abff20b9c23b7805504b6fa99b5e6
SHA512

bc79a3c5ef97951c1c7a16ba875a253cbef6750ccc3ba03fe46bdf2a066ed9d95917e77834c636d440a655403de7861dd66082f0fdb1317c70141e45b59609d3
SSDEEP

12288:K8shHAVBuQBBed37dG1lFlWcYT70pxnnaaoawflBa2Ley+trZNrI0AilFEvxHvBg:r3s4MROxnFCay6rZlI0AilFEvxHiGU

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3008	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3008	vlc.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
3008	vlc.exe
3008	vlc.exe
3008	vlc.exe
3008	vlc.exe
3008	vlc.exe
3008	vlc.exe
3008	vlc.exe
3008	vlc.exe
3008	vlc.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
3008	vlc.exe
3008	vlc.exe
3008	vlc.exe
3008	vlc.exe
3008	vlc.exe
3008	vlc.exe
3008	vlc.exe
3008	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3008	vlc.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 2168	2396	fall.exe	29
PID 2396 wrote to memory of 2168	2396	fall.exe	29
PID 2396 wrote to memory of 2168	2396	fall.exe	29
PID 2168 wrote to memory of 2948	2168	csc.exe	31
PID 2168 wrote to memory of 2948	2168	csc.exe	31
PID 2168 wrote to memory of 2948	2168	csc.exe	31

C:\Users\Admin\AppData\Local\Temp\fall.exe
"C:\Users\Admin\AppData\Local\Temp\fall.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\u_tcprpg.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2168
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7743.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC7742.tmp"
    3⤵
    PID:2948

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\MergeProtect.mpv2"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Cab8345.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES7743.tmp

Filesize
1KB

MD5
5a8581b4799410c70c44654f2e81d936

SHA1
edf5771f850722f4489bab032e8a710ad8174d28

SHA256
bc6c418115edcfb442a491e75c6267056c4a0bd45034430689b0a62ca834707c

SHA512
20b43eea327aa0ff69985bfef0bbbc038019a7d31868e2fbf97e8acc440c2bda93df93f0f98a79222de6f2e9ff1c8072b8b2dd7b7d923bcf82e12425055c6423

Download Submit
C:\Users\Admin\AppData\Local\Temp\u_tcprpg.dll

Filesize
76KB

MD5
4f1883ee245d7e10a7b9aeb3d9a52d29

SHA1
4d0a57faf621a9c0e4db3889c6fb88e4ebaa37a2

SHA256
1a3da9e2f7f8f721b45d4998008ec5d0567604c1de6dce6198659f75e825b55e

SHA512
915487d861fa8ff207f576e81ee014ff9331b49f1f44be549406b4b45c9bb98b8acf0b72fd23baab9aaee19f909e33fbc913da1fd01a904623ceb4ec64d11f6d

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC7742.tmp

Filesize
676B

MD5
35bce98dc2cb0665b85dbad4ec3c0a52

SHA1
9fa326f456493d6844535831923960fae3810112

SHA256
0ba6d1ff8aa0b958d801daf0231ac324ae8806d5618c1bba00590e480bab10c2

SHA512
1feb917d7654d7cb6c084f9834f9f9ae3c143e7501f12b374a0b336636fc1545660eacdebbfa5fd9e8cffe6d7a4c4b1049ee8355e205f772db6810e6b8f50f5e

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\u_tcprpg.0.cs

Filesize
208KB

MD5
6011503497b1b9250a05debf9690e52c

SHA1
897aea61e9bffc82d7031f1b3da12fb83efc6d82

SHA256
08f42b8d57bb61bc8f9628c8a80953b06ca4149d50108083fca6dc26bdd49434

SHA512
604c33e82e8b5bb5c54389c2899c81e5482a06e69db08268173a5b4574327ee5de656d312011d07e50a2e398a4c9b0cd79029013f76e05e18cf67ce5a916ffd9

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\u_tcprpg.cmdline

Filesize
349B

MD5
4fff779ba0c11bfe8465736aa8253fc4

SHA1
b8364383eccbc39894d26da136b4c44be14e2a3b

SHA256
ea28be9514c4e5ddeca811e2378672c50b5096f6c89d499f989706f3f498ae58

SHA512
5756d99d698a55d1635eb314ebcc66e1d28241dbabff0f49c56c7f4563f62f934db5666c1c91c0cbad043445108a2377f40cf2bac1ed5c41290f4974a1f4ef10

Download Submit
memory/2168-17-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

Filesize
9.6MB

Download
memory/2168-12-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

Filesize
9.6MB

Download
memory/2396-19-0x000000001AEB0000-0x000000001AEC6000-memory.dmp

Filesize
88KB

Download
memory/2396-23-0x0000000000430000-0x0000000000440000-memory.dmp

Filesize
64KB

Download
memory/2396-0-0x000007FEF5D9E000-0x000007FEF5D9F000-memory.dmp

Filesize
4KB

Download
memory/2396-3-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

Filesize
9.6MB

Download
memory/2396-2-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2396-21-0x0000000000420000-0x0000000000432000-memory.dmp

Filesize
72KB

Download
memory/2396-22-0x0000000000D50000-0x0000000000D68000-memory.dmp

Filesize
96KB

Download
memory/2396-4-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

Filesize
9.6MB

Download
memory/2396-1-0x00000000022C0000-0x000000000231C000-memory.dmp

Filesize
368KB

Download
memory/2396-40-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

Filesize
9.6MB

Download
memory/2396-41-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

Filesize
9.6MB

Download
memory/2396-42-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

Filesize
9.6MB

Download
memory/2396-43-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

Filesize
9.6MB

Download
memory/2396-44-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

Filesize
9.6MB

Download
memory/3008-63-0x000007FEF1B40000-0x000007FEF1B81000-memory.dmp

Filesize
260KB

Download
memory/3008-75-0x000007FEF15C0000-0x000007FEF163C000-memory.dmp

Filesize
496KB

Download
memory/3008-55-0x000007FEFAEB0000-0x000007FEFAEC8000-memory.dmp

Filesize
96KB

Download
memory/3008-54-0x000007FEEEC70000-0x000007FEEEF26000-memory.dmp

Filesize
2.7MB

Download
memory/3008-60-0x000007FEF1BB0000-0x000007FEF1BCD000-memory.dmp

Filesize
116KB

Download
memory/3008-59-0x000007FEF1BD0000-0x000007FEF1BE1000-memory.dmp

Filesize
68KB

Download
memory/3008-58-0x000007FEF6960000-0x000007FEF6977000-memory.dmp

Filesize
92KB

Download
memory/3008-57-0x000007FEF6F80000-0x000007FEF6F91000-memory.dmp

Filesize
68KB

Download
memory/3008-56-0x000007FEF7310000-0x000007FEF7327000-memory.dmp

Filesize
92KB

Download
memory/3008-62-0x000007FEF1B90000-0x000007FEF1BA1000-memory.dmp

Filesize
68KB

Download
memory/3008-53-0x000007FEF64C0000-0x000007FEF64F4000-memory.dmp

Filesize
208KB

Download
memory/3008-64-0x000007FEF1B10000-0x000007FEF1B31000-memory.dmp

Filesize
132KB

Download
memory/3008-61-0x000007FEEE9B0000-0x000007FEEEBBB000-memory.dmp

Filesize
2.0MB

Download
memory/3008-66-0x000007FEF1AF0000-0x000007FEF1B08000-memory.dmp

Filesize
96KB

Download
memory/3008-69-0x000007FEF1A90000-0x000007FEF1AA1000-memory.dmp

Filesize
68KB

Download
memory/3008-74-0x000007FEF1640000-0x000007FEF16A7000-memory.dmp

Filesize
412KB

Download
memory/3008-65-0x000007FEEAD60000-0x000007FEEBE10000-memory.dmp

Filesize
16.7MB

Download
memory/3008-73-0x000007FEF1A00000-0x000007FEF1A30000-memory.dmp

Filesize
192KB

Download
memory/3008-72-0x000007FEF1A30000-0x000007FEF1A48000-memory.dmp

Filesize
96KB

Download
memory/3008-71-0x000007FEF1A50000-0x000007FEF1A61000-memory.dmp

Filesize
68KB

Download
memory/3008-70-0x000007FEF1A70000-0x000007FEF1A8B000-memory.dmp

Filesize
108KB

Download
memory/3008-68-0x000007FEF1AB0000-0x000007FEF1AC1000-memory.dmp

Filesize
68KB

Download
memory/3008-67-0x000007FEF1AD0000-0x000007FEF1AE1000-memory.dmp

Filesize
68KB

Download
memory/3008-52-0x000000013F170000-0x000000013F268000-memory.dmp

Filesize
992KB

Download
memory/3008-76-0x000007FEF15A0000-0x000007FEF15B1000-memory.dmp

Filesize
68KB

Download
memory/3008-79-0x000007FEEF780000-0x000007FEEF7A4000-memory.dmp

Filesize
144KB

Download
memory/3008-80-0x000007FEF1580000-0x000007FEF1598000-memory.dmp

Filesize
96KB

Download
memory/3008-78-0x000007FEEFA40000-0x000007FEEFA68000-memory.dmp

Filesize
160KB

Download
memory/3008-77-0x000007FEEFA70000-0x000007FEEFAC7000-memory.dmp

Filesize
348KB

Download
memory/3008-81-0x000007FEEF750000-0x000007FEEF773000-memory.dmp

Filesize
140KB

Download
memory/3008-82-0x000007FEEF730000-0x000007FEEF741000-memory.dmp

Filesize
68KB

Download
memory/3008-83-0x000007FEEF710000-0x000007FEEF722000-memory.dmp

Filesize
72KB

Download
memory/3008-84-0x000007FEEF6E0000-0x000007FEEF701000-memory.dmp

Filesize
132KB

Download
memory/3008-85-0x000007FEEF5B0000-0x000007FEEF5C3000-memory.dmp

Filesize
76KB

Download
memory/3008-86-0x000007FEE8E30000-0x000007FEE8E51000-memory.dmp

Filesize
132KB

Download
memory/3008-87-0x000007FEE8DF0000-0x000007FEE8E07000-memory.dmp

Filesize
92KB

Download
memory/3008-88-0x000007FEF75A0000-0x000007FEF75B0000-memory.dmp

Filesize
64KB

Download
memory/3008-89-0x000007FEE8DC0000-0x000007FEE8DEF000-memory.dmp

Filesize
188KB

Download
memory/3008-90-0x000007FEE8DA0000-0x000007FEE8DB1000-memory.dmp

Filesize
68KB

Download
memory/3008-91-0x000007FEE8D80000-0x000007FEE8D96000-memory.dmp

Filesize
88KB

Download
memory/3008-92-0x000007FEE8CB0000-0x000007FEE8D75000-memory.dmp

Filesize
788KB

Download
memory/3008-93-0x000007FEE8C60000-0x000007FEE8CA2000-memory.dmp

Filesize
264KB

Download
memory/3008-94-0x000007FEE8BF0000-0x000007FEE8C52000-memory.dmp

Filesize
392KB

Download
memory/3008-95-0x000007FEE8B80000-0x000007FEE8BED000-memory.dmp

Filesize
436KB

Download
memory/3008-96-0x000007FEE8A00000-0x000007FEE8B80000-memory.dmp

Filesize
1.5MB

Download