| File name: | news.m3u |
| Full analysis: | https://app.any.run/tasks/2acc8e31-27e4-4779-9e90-3c0d907ce059 |
| Verdict: | Malicious activity |
| Analysis date: | December 04, 2023, 02:07:06 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | text/plain |
| File info: | M3U playlist, UTF-8 Unicode text, with very long lines |
| MD5: | 89F4914D2D4314723C076C12A2E43E54 |
| SHA1: | 6E05E2F46FB75C5E3F1B41A7642E2172938A8FC7 |
| SHA256: | D43751FA7A8CF03C87C86C3AEBFF61CBF492B288FB6EF65000DFFAC67541E088 |
| SSDEEP: | 1536:GrsaMXr0p3SQ94678Yd6cLurHzLVlKR8YV33+PCw7bvcHUi1/QUGY5SrVfpJ:sskpJ8Y3LaTwdlHBllgD |
MALICIOUS
No malicious indicators.SUSPICIOUS
Reads settings of System Certificates
- vlc.exe (PID: 564)
INFO
Checks supported languages
- wmpnscfg.exe (PID: 3064)
- vlc.exe (PID: 564)
Reads the computer name
- wmpnscfg.exe (PID: 3064)
- vlc.exe (PID: 564)
Manual execution by a user
- wmpnscfg.exe (PID: 3064)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .m3u | | | Extended M3U playlist (100) |
|---|
Total processes
37
Monitored processes
2
Malicious processes
1
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 564 | "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\admin\AppData\Local\Temp\news.m3u" | C:\Program Files\VideoLAN\VLC\vlc.exe | explorer.exe | ||||||||||||
User: admin Company: VideoLAN Integrity Level: MEDIUM Description: VLC media player Exit code: 0 Version: 3.0.11 Modules
| |||||||||||||||
| 3064 | "C:\Program Files\Windows Media Player\wmpnscfg.exe" | C:\Program Files\Windows Media Player\wmpnscfg.exe | — | explorer.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Media Player Network Sharing Service Configuration Application Exit code: 0 Version: 12.0.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
Total events
56 523
Read events
56 503
Write events
20
Delete events
0
Modification events
| (PID) Process: | (564) vlc.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication |
| Operation: | write | Name: | Name |
Value: Explorer.EXE | |||
| (PID) Process: | (564) vlc.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication |
| Operation: | write | Name: | Name |
Value: vlc.exe | |||
Executable files
12
Suspicious files
0
Text files
5
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 564 | vlc.exe | C:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock | text | |
MD5:1D1843F3342635DC73939EC17744E04C | SHA256:13649A7318C76F879A7478B353C2088FE88F33E898E86BD511EB1B55FDAD5379 | |||
| 564 | vlc.exe | C:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.PER564 | ini | |
MD5:ABB3993902E19920B41C6074977345AC | SHA256:A976148FF9641B20E04C311607601FB7A61C1A735FF39C98B0F0074911A44516 | |||
| 564 | vlc.exe | C:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini | text | |
MD5:722BB8FFD195D8416775F23F0939AD34 | SHA256:281040FC59EDF500503513D29F8C79113E393B49A00C9C8CD741ACE977EE9EC5 | |||
| 564 | vlc.exe | C:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.qHp564 | text | |
MD5:722BB8FFD195D8416775F23F0939AD34 | SHA256:281040FC59EDF500503513D29F8C79113E393B49A00C9C8CD741ACE977EE9EC5 | |||
| 564 | vlc.exe | C:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.PJk564 | ini | |
MD5:9516DAE000C1EE983370FA5AE11D1C27 | SHA256:26C9A50BDA0358D18B90D5FA5D9D20F2116FF4372EAE85415D071F1B41DCF1FC | |||
| 564 | vlc.exe | C:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.tRS564 | text | |
MD5:1B81CCAE233888CD18E1FBFF84D40542 | SHA256:ED4938D415B8D8032011C47ECE515B8903368D22BFD3AC2792FE3A7703DDB84F | |||
| 564 | vlc.exe | C:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.xGg564 | text | |
MD5:86EE056BA8053B59C53A4E3FD2AC16F4 | SHA256:315E4D778DA31797A16FEBF4797712B63CBA3764718C94D40182E172F43ED846 | |||
| 564 | vlc.exe | C:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.yVR564 | text | |
MD5:1C49AEC0F0BC5FAF73A2BB07D86D4E46 | SHA256:2E1AE14ADD8E2159459F2A83DF0128C6FF3A3D141383985522D00DFFBBB65E0B | |||
| 564 | vlc.exe | C:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.Uhg564 | text | |
MD5:65891390D6E3C5B1441FA550B5187EE3 | SHA256:334B6376E86DB1DE8F85B3C0BAC4AE9D7183A97CF7C1744886ACF5956B519FA0 | |||
| 564 | vlc.exe | C:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.nPR564 | text | |
MD5:F7823B287E441E4FF7217CB72BF7A50A | SHA256:B21E78B23A0CB4366DE2F0C0A945D025038256F473AFD81A0F62DF43ED8EF5B9 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
55
DNS requests
9
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
564 | vlc.exe | GET | 206 | 57.128.159.87:80 | http://92news.vdn.dstreamone.net/92newshd/92hd/playlist.m3u8 | unknown | text | 149 b | unknown |
564 | vlc.exe | GET | 206 | 57.128.159.87:80 | http://92news.vdn.dstreamone.net:80/92newshd/92hd/chunks.m3u8?nimblesessionid=85169047 | unknown | text | 1.66 Kb | unknown |
564 | vlc.exe | GET | 200 | 57.128.159.87:80 | http://92news.vdn.dstreamone.net/92newshd/92hd/l_8221_5986784_5681.ts?nimblesessionid=85169047 | unknown | binary | 775 Kb | unknown |
564 | vlc.exe | GET | 200 | 57.128.159.87:80 | http://92news.vdn.dstreamone.net/92newshd/92hd/l_8221_5998784_5684.ts?nimblesessionid=85169047 | unknown | binary | 835 Kb | unknown |
564 | vlc.exe | GET | 200 | 57.128.159.87:80 | http://92news.vdn.dstreamone.net/92newshd/92hd/l_8221_5994784_5683.ts?nimblesessionid=85169047 | unknown | binary | 798 Kb | unknown |
564 | vlc.exe | GET | 200 | 57.128.159.87:80 | http://92news.vdn.dstreamone.net/92newshd/92hd/l_8221_5990784_5682.ts?nimblesessionid=85169047 | unknown | binary | 768 Kb | unknown |
564 | vlc.exe | GET | 200 | 57.128.159.87:80 | http://92news.vdn.dstreamone.net/92newshd/92hd/l_8221_6002784_5685.ts?nimblesessionid=85169047 | unknown | binary | 817 Kb | unknown |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
2588 | svchost.exe | 239.255.255.250:1900 | — | — | — | whitelisted |
564 | vlc.exe | 172.67.174.194:443 | ythls.armelin.one | CLOUDFLARENET | US | unknown |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
564 | vlc.exe | 104.21.59.99:443 | ythls.armelin.one | CLOUDFLARENET | — | unknown |
1080 | svchost.exe | 224.0.0.252:5355 | — | — | — | unknown |
564 | vlc.exe | 23.53.40.145:443 | 2gblive.akamaized.net | Akamai International B.V. | DE | unknown |
564 | vlc.exe | 57.128.159.87:80 | 92news.vdn.dstreamone.net | OVH SAS | FR | unknown |
564 | vlc.exe | 2.19.198.153:443 | abplivetv.akamaized.net | Akamai International B.V. | DE | unknown |
564 | vlc.exe | 2.19.198.139:443 | abplivetv.akamaized.net | Akamai International B.V. | DE | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
ythls.armelin.one |
| unknown |
2gblive.akamaized.net |
| unknown |
92news.vdn.dstreamone.net |
| unknown |
abplivetv.akamaized.net |
| unknown |
mdstrm.com |
| whitelisted |
us-b4-p-e-nq15.cdn.mdstrm.com |
| unknown |
Threats
Process | Message |
|---|---|
vlc.exe | main libvlc debug: min period: 1 ms, max period: 1000000 ms
|
vlc.exe | main libvlc debug: revision 3.0.11-0-gdc0c5ced72
|
vlc.exe | main libvlc debug: searching plug-in modules
|
vlc.exe | main libvlc debug: loading plugins cache file C:\Program Files\VideoLAN\VLC\plugins\plugins.dat
|
vlc.exe | main libvlc debug: configured with ../extras/package/win32/../../../configure '--enable-update-check' '--enable-lua' '--enable-faad' '--enable-flac' '--enable-theora' '--enable-avcodec' '--enable-merge-ffmpeg' '--enable-dca' '--enable-mpc' '--enable-libass' '--enable-schroedinger' '--enable-realrtsp' '--enable-live555' '--enable-dvdread' '--enable-shout' '--enable-goom' '--enable-caca' '--enable-qt' '--enable-skins2' '--enable-sse' '--enable-mmx' '--enable-libcddb' '--enable-zvbi' '--disable-telx' '--enable-nls' '--host=i686-w64-mingw32' '--with-breakpad=https://win.crashes.videolan.org' 'host_alias=i686-w64-mingw32' 'PKG_CONFIG_LIBDIR=/home/jenkins/workspace/vlc-release/windows/vlc-release-win32-x86/contrib/i686-w64-mingw32/lib/pkgconfig'
|
vlc.exe | main libvlc debug: VLC media player - 3.0.11 Vetinari
|
vlc.exe | main libvlc debug: Copyright © 1996-2020 the VideoLAN team
|
vlc.exe | main libvlc debug: using multimedia timers as clock source
|
vlc.exe | main libvlc debug: recursively browsing `C:\Program Files\VideoLAN\VLC\plugins'
|
vlc.exe | main libvlc debug: plug-ins loaded: 494 modules
|