c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

Resubmissions

28-01-2025 00:13

250128-ahvwys1kdj 10

27-01-2025 20:14

250127-yz99zavkdl 10

Analysis

max time kernel
79s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-01-2025 00:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

builder.exe
Size

10KB
MD5

4f04f0e1ff050abf6f1696be1e8bb039
SHA1

bebf3088fff4595bfb53aea6af11741946bbd9ce
SHA256

ded51c306ee7e59fa15c42798c80f988f6310ea77ab77de3d12dc01233757cfa
SHA512

94713824b81de323e368fde18679ef8b8f2883378bffd2b7bd2b4e4bd5d48b35c6e71c9f8e9b058ba497db1bd0781807e5b7cecfd540dad611da0986c72b9f12
SSDEEP

96:IJXYAuB2glBLgyOk3LxdjP2rm549JSTuwUYXzP+B1izXTa/HFpff3LG+tzNt:IJXDk7LI4uwtDPC1ijCHffSs

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2904	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2904	vlc.exe

Suspicious use of FindShellTrayWindow 23 IoCs

pid	Process
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe

Suspicious use of SendNotifyMessage 21 IoCs

pid	Process
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe
2904	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2904	vlc.exe

C:\Users\Admin\AppData\Local\Temp\builder.exe
"C:\Users\Admin\AppData\Local\Temp\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2716

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SubmitStop.mpa"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SubmitStop.mpa"
1⤵
PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
75B

MD5
ec3f000d80e66ece2e7b8b2f21dcc869

SHA1
0ee50a5de3515d4edc33f002b7fd08a13c46d3b5

SHA256
d27e188714f4eac59aee0e8453f79d4b615b7191d918e19e874b54eb88243364

SHA512
deab4d8d5df20b9a9a0921e0207b91fe8cc05c64d8c63b15e57111722de61f5ab227b09bd1d22e8461a03dabfef40f3a76806a44ca19f951dbbb0c182eefe66d

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlcrc

Filesize
94KB

MD5
ec3bdb41d903f7f7569e7480d02999e3

SHA1
57c13d86e04a69e840f22092f75e9255fc81dbdf

SHA256
13f9604d1134251dbe1a950cd34cbde0ebb98c5cce8d3c81115e2fdee9f1270f

SHA512
82c2922003a03c853f9426f23c364503610a35301fe56917a97c72295ef0f8c23765734d84ed8d4c3748e14d4d3a23381671717102c3d4067f3d2383f2fc0ded

Download Submit
memory/2716-0-0x0000000074A0E000-0x0000000074A0F000-memory.dmp

Filesize
4KB

Download
memory/2716-1-0x0000000000D00000-0x0000000000D08000-memory.dmp

Filesize
32KB

Download
memory/2716-2-0x0000000074A00000-0x00000000750EE000-memory.dmp

Filesize
6.9MB

Download
memory/2716-3-0x0000000074A0E000-0x0000000074A0F000-memory.dmp

Filesize
4KB

Download
memory/2716-4-0x0000000074A00000-0x00000000750EE000-memory.dmp

Filesize
6.9MB

Download
memory/2748-13-0x000000013F510000-0x000000013F608000-memory.dmp

Filesize
992KB

Download
memory/2748-19-0x000007FEF8260000-0x000007FEF8294000-memory.dmp

Filesize
208KB

Download
memory/2748-20-0x000007FEF6A70000-0x000007FEF6D26000-memory.dmp

Filesize
2.7MB

Download
memory/2748-21-0x000007FEFB9F0000-0x000007FEFBA08000-memory.dmp

Filesize
96KB

Download
memory/2748-22-0x000007FEFAC70000-0x000007FEFAC87000-memory.dmp

Filesize
92KB

Download
memory/2748-23-0x000007FEF8240000-0x000007FEF8251000-memory.dmp

Filesize
68KB

Download
memory/2904-24-0x000000013F510000-0x000000013F608000-memory.dmp

Filesize
992KB

Download
memory/2904-29-0x000007FEF8240000-0x000007FEF8251000-memory.dmp

Filesize
68KB

Download
memory/2904-28-0x000007FEFAC70000-0x000007FEFAC87000-memory.dmp

Filesize
92KB

Download
memory/2904-27-0x000007FEFB9F0000-0x000007FEFBA08000-memory.dmp

Filesize
96KB

Download
memory/2904-26-0x000007FEF6A70000-0x000007FEF6D26000-memory.dmp

Filesize
2.7MB

Download
memory/2904-25-0x000007FEF8260000-0x000007FEF8294000-memory.dmp

Filesize
208KB

Download
memory/2904-30-0x000007FEF7720000-0x000007FEF7737000-memory.dmp

Filesize
92KB

Download
memory/2904-31-0x000007FEF7700000-0x000007FEF7711000-memory.dmp

Filesize
68KB

Download
memory/2904-32-0x000007FEF76E0000-0x000007FEF76FD000-memory.dmp

Filesize
116KB

Download
memory/2904-34-0x000007FEF76C0000-0x000007FEF76D1000-memory.dmp

Filesize
68KB

Download
memory/2904-35-0x000007FEF7200000-0x000007FEF7241000-memory.dmp

Filesize
260KB

Download
memory/2904-36-0x000007FEF71D0000-0x000007FEF71F1000-memory.dmp

Filesize
132KB

Download
memory/2904-37-0x000007FEF71B0000-0x000007FEF71C8000-memory.dmp

Filesize
96KB

Download
memory/2904-38-0x000007FEF7190000-0x000007FEF71A1000-memory.dmp

Filesize
68KB

Download
memory/2904-39-0x000007FEF7170000-0x000007FEF7181000-memory.dmp

Filesize
68KB

Download
memory/2904-40-0x000007FEF7150000-0x000007FEF7161000-memory.dmp

Filesize
68KB

Download
memory/2904-41-0x000007FEF7130000-0x000007FEF714B000-memory.dmp

Filesize
108KB

Download
memory/2904-42-0x000007FEF7110000-0x000007FEF7121000-memory.dmp

Filesize
68KB

Download
memory/2904-43-0x000007FEF70F0000-0x000007FEF7108000-memory.dmp

Filesize
96KB

Download
memory/2904-44-0x000007FEF70C0000-0x000007FEF70F0000-memory.dmp

Filesize
192KB

Download
memory/2904-33-0x000007FEF6860000-0x000007FEF6A6B000-memory.dmp

Filesize
2.0MB

Download
memory/2904-46-0x000007FEF5740000-0x000007FEF57A7000-memory.dmp

Filesize
412KB

Download
memory/2904-47-0x000007FEF56C0000-0x000007FEF573C000-memory.dmp

Filesize
496KB

Download
memory/2904-48-0x000007FEF70A0000-0x000007FEF70B1000-memory.dmp

Filesize
68KB

Download
memory/2904-49-0x000007FEF5660000-0x000007FEF56B7000-memory.dmp

Filesize
348KB

Download
memory/2904-45-0x000007FEF57B0000-0x000007FEF6860000-memory.dmp

Filesize
16.7MB

Download
memory/2904-50-0x000007FEF5630000-0x000007FEF5658000-memory.dmp

Filesize
160KB

Download
memory/2904-51-0x000007FEF5600000-0x000007FEF5624000-memory.dmp

Filesize
144KB

Download
memory/2904-52-0x000007FEF55E0000-0x000007FEF55F8000-memory.dmp

Filesize
96KB

Download
memory/2904-53-0x000007FEF55B0000-0x000007FEF55D3000-memory.dmp

Filesize
140KB

Download
memory/2904-54-0x000007FEF5590000-0x000007FEF55A1000-memory.dmp

Filesize
68KB

Download
memory/2904-55-0x000007FEF5570000-0x000007FEF5582000-memory.dmp

Filesize
72KB

Download
memory/2904-56-0x000007FEF2F20000-0x000007FEF2F41000-memory.dmp

Filesize
132KB

Download
memory/2904-57-0x000007FEF2EE0000-0x000007FEF2EF7000-memory.dmp

Filesize
92KB

Download
memory/2904-58-0x000007FEFAC60000-0x000007FEFAC70000-memory.dmp

Filesize
64KB

Download
memory/2904-59-0x000007FEF2EB0000-0x000007FEF2EDF000-memory.dmp

Filesize
188KB

Download
memory/2904-60-0x000007FEF2E90000-0x000007FEF2EA1000-memory.dmp

Filesize
68KB

Download
memory/2904-61-0x000007FEF2E70000-0x000007FEF2E86000-memory.dmp

Filesize
88KB

Download
memory/2904-62-0x000007FEF2DA0000-0x000007FEF2E65000-memory.dmp

Filesize
788KB

Download
memory/2904-63-0x000007FEF2D50000-0x000007FEF2D92000-memory.dmp

Filesize
264KB

Download
memory/2904-64-0x000007FEF2CE0000-0x000007FEF2D42000-memory.dmp

Filesize
392KB

Download
memory/2904-65-0x000007FEF2C70000-0x000007FEF2CDD000-memory.dmp

Filesize
436KB

Download
memory/2904-66-0x000007FEF2AF0000-0x000007FEF2C70000-memory.dmp

Filesize
1.5MB

Download
memory/2904-83-0x000007FEF6A70000-0x000007FEF6D26000-memory.dmp

Filesize
2.7MB

Download
memory/2904-82-0x000007FEF8260000-0x000007FEF8294000-memory.dmp

Filesize
208KB

Download
memory/2904-81-0x000000013F510000-0x000000013F608000-memory.dmp

Filesize
992KB

Download
memory/2904-84-0x000007FEF57B0000-0x000007FEF6860000-memory.dmp

Filesize
16.7MB

Download