5cd36c5b77c6377ae703096c144caf9e0feb406da9716a7f1295787cfa7fd08f

Resubmissions

28/03/2025, 17:56

250328-wh58ksy1ez 1

28/03/2025, 17:53

250328-wglsjs1mv9 1

Analysis

max time kernel
140s
max time network
141s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
28/03/2025, 17:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

audio.mp3
Size

351KB
MD5

92eb070c086d1bb9b28fcba5ebbb33c3
SHA1

1c6d662f3b5a72605f2f6f61a866e97117e6f86a
SHA256

5cd36c5b77c6377ae703096c144caf9e0feb406da9716a7f1295787cfa7fd08f
SHA512

e1606c4bdd0b3f6da9616a23a0bb045ce63a8ae1a407e94cfe08e968e1842eeac3044d3486d74903b07055b074fd7704b48119b74cf4e0d97b863dc161e9d130
SSDEEP

6144:buw56SUx3RzoozAHUJyiQWntNrXUc6MC4WnSGGLj0dHoRJjBc+HdCfAOWoLSJg:bXIx3SUJyQsDMCFzG8dYBc+w5Z

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4260	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4260	vlc.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	6060	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6060	AUDIODG.EXE
Token: 33	4260	vlc.exe
Token: SeIncBasePriorityPrivilege	4260	vlc.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
4260	vlc.exe
4260	vlc.exe
4260	vlc.exe
4260	vlc.exe
4260	vlc.exe
4260	vlc.exe
4260	vlc.exe
4260	vlc.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
4260	vlc.exe
4260	vlc.exe
4260	vlc.exe
4260	vlc.exe
4260	vlc.exe
4260	vlc.exe
4260	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4260	vlc.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\audio.mp3"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4260

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4bc 0x460
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4260-7-0x00007FF6197F0000-0x00007FF6198E8000-memory.dmp

Filesize
992KB

Download
memory/4260-8-0x00007FFB3E4B0000-0x00007FFB3E4E4000-memory.dmp

Filesize
208KB

Download
memory/4260-16-0x00007FFB3E400000-0x00007FFB3E411000-memory.dmp

Filesize
68KB

Download
memory/4260-9-0x00007FFB3DC40000-0x00007FFB3DEF6000-memory.dmp

Filesize
2.7MB

Download
memory/4260-15-0x00007FFB3E790000-0x00007FFB3E7AD000-memory.dmp

Filesize
116KB

Download
memory/4260-14-0x00007FFB3E980000-0x00007FFB3E991000-memory.dmp

Filesize
68KB

Download
memory/4260-13-0x00007FFB40630000-0x00007FFB40647000-memory.dmp

Filesize
92KB

Download
memory/4260-12-0x00007FFB42E90000-0x00007FFB42EA1000-memory.dmp

Filesize
68KB

Download
memory/4260-11-0x00007FFB454E0000-0x00007FFB454F7000-memory.dmp

Filesize
92KB

Download
memory/4260-10-0x00007FFB45740000-0x00007FFB45758000-memory.dmp

Filesize
96KB

Download
memory/4260-17-0x00007FFB2F290000-0x00007FFB2F49B000-memory.dmp

Filesize
2.0MB

Download
memory/4260-24-0x00007FFB3E290000-0x00007FFB3E2A1000-memory.dmp

Filesize
68KB

Download
memory/4260-23-0x00007FFB3E2E0000-0x00007FFB3E2F1000-memory.dmp

Filesize
68KB

Download
memory/4260-22-0x00007FFB3E300000-0x00007FFB3E311000-memory.dmp

Filesize
68KB

Download
memory/4260-18-0x00007FFB2E1E0000-0x00007FFB2F290000-memory.dmp

Filesize
16.7MB

Download
memory/4260-21-0x00007FFB3E360000-0x00007FFB3E378000-memory.dmp

Filesize
96KB

Download
memory/4260-20-0x00007FFB3E380000-0x00007FFB3E3A1000-memory.dmp

Filesize
132KB

Download
memory/4260-19-0x00007FFB3E3B0000-0x00007FFB3E3F1000-memory.dmp

Filesize
260KB

Download
memory/4260-54-0x00007FFB2E1E0000-0x00007FFB2F290000-memory.dmp

Filesize
16.7MB

Download