File name:

Exploitefinal-pascalkoven.py

Full analysis: https://app.any.run/tasks/c558ab53-66cb-430b-9866-9154d942db99
Verdict: Malicious activity
Analysis date: July 04, 2024, 22:03:10
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/x-script.python
File info: Python script, Unicode text, UTF-8 text executable, with very long lines (579)
MD5:

8575C43E3F6E200CA9D605592C442D95

SHA1:

DCE880B1409177C6F767E02D927F301287D5F665

SHA256:

E8371ACAF25E11EC2BECEF5CB8CD7E32C30CE8E46C592D8577032EA8EE933875

SSDEEP:

1536:tIbyVhSxT/8ZjxhrZfxPzzklptIMgTaWPVtCOVQUYcMSClLKK61l:toxCZZPXe0RYuKOl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Detected use of alternative data streams (AltDS)

      • vlc.exe (PID: 3424)

    • There is functionality for taking screenshot (YARA)

      • vlc.exe (PID: 3424)

  • INFO

    • Checks supported languages

      • vlc.exe (PID: 3424)

    • Reads the computer name

      • vlc.exe (PID: 3424)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.m3u | Extended M3U playlist (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start THREAT vlc.exe

Process information

PID
CMD
Path
Indicators
Parent process
3424"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file C:\Users\admin\AppData\Local\Temp\Exploitefinal-pascalkoven.py.m3uC:\Program Files\VideoLAN\VLC\vlc.exe
explorer.exe
User:
admin
Company:
VideoLAN
Integrity Level:
MEDIUM
Description:
VLC media player
Version:
3.0.11
Modules
Images
c:\program files\videolan\vlc\vlc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\videolan\vlc\libvlc.dll
c:\program files\videolan\vlc\libvlccore.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
7 335
Read events
7 335
Write events
0
Delete events
0

Modification events

No data
Executable files
15
Suspicious files
0
Text files
24
Unknown types
0

Dropped files

PID
Process
Filename
Type
3424vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.Hp3424text
MD5:55C64F82502AEB34D90705797572E0BF
SHA256:6BF2835CA2B922EBB62F41DEE28D6B6EE9A22FA790B17958A7C824281A19B8CD
3424vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.iniini
MD5:55C64F82502AEB34D90705797572E0BF
SHA256:6BF2835CA2B922EBB62F41DEE28D6B6EE9A22FA790B17958A7C824281A19B8CD
3424vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.cr3424text
MD5:BDEF0DF2C5C44F9B3B30F118067E6D42
SHA256:61C08A5DC6ECD4EC959CD2F985D5886A2DCE87528EA4DE8069E76CA78F41F5E5
3424vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.xC3424text
MD5:3DB90C07A57CA156FF23C890FA013686
SHA256:B72CB65D399DDCBD562A78356B31A2C5122C2C68041737842838A107CCB82572
3424vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.locktext
MD5:06385B014E72624495D420F9347B1A6A
SHA256:AB1CFC2C2CB69B8C22056132C88645DB759B1828B638EF0C1C1FACFD8B78BA8E
3424vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.Xd3424ini
MD5:966C38F0F529928B0F788E7F494D6C66
SHA256:20D2ACCF3960FAC91B13FC1A9271E2FDA99C7A811A601163F26319763A3F9050
3424vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.wB3424ini
MD5:3CC0F3A2167698603E835706534DA9CC
SHA256:027188F843A51853AE57BD2B484C5041D3FC0061801B72032E27F08215447209
3424vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.sv3424text
MD5:70B071A3B57A24DB749C6FE7971270C8
SHA256:37C520C4EDECD52B87D6979FDADD56D4A630AA5558ECF6FE96F2B906D8D9FDC6
3424vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.uD3424text
MD5:1EA8A4C47389EF6AC69ABFE314CC4424
SHA256:58BD9D2D03CC5A2DFEF40C2C7AB0EDD778E421D03EEC962CC72BDF2762CA6A1B
3424vlc.exeC:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.Gg3424text
MD5:E8FFF4F63189D10CB094DF61B5717398
SHA256:7E47B8713F203E2B7EA268DCEE5C012F582A49C5604D384B855F2FFE4692A688
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
11
DNS requests
5
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1372
svchost.exe
GET
304
23.50.131.196:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
unknown
1372
svchost.exe
GET
200
23.53.40.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
1372
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
1060
svchost.exe
GET
304
23.50.131.200:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a9f83325acc8ca75
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
2564
svchost.exe
239.255.255.250:3702
whitelisted
1060
svchost.exe
224.0.0.252:5355
unknown
1372
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1372
svchost.exe
23.50.131.196:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
23.53.40.176:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
unknown
1060
svchost.exe
23.50.131.200:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
ctldl.windowsupdate.com
  • 23.50.131.196
  • 23.50.131.200
  • 23.50.131.216
whitelisted
crl.microsoft.com
  • 23.53.40.176
  • 23.53.40.178
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted

Threats

No threats detected
Process
Message
vlc.exe
main libvlc debug: VLC media player - 3.0.11 Vetinari
vlc.exe
main libvlc debug: Copyright © 1996-2020 the VideoLAN team
vlc.exe
main libvlc debug: revision 3.0.11-0-gdc0c5ced72
vlc.exe
main libvlc debug: configured with ../extras/package/win32/../../../configure '--enable-update-check' '--enable-lua' '--enable-faad' '--enable-flac' '--enable-theora' '--enable-avcodec' '--enable-merge-ffmpeg' '--enable-dca' '--enable-mpc' '--enable-libass' '--enable-schroedinger' '--enable-realrtsp' '--enable-live555' '--enable-dvdread' '--enable-shout' '--enable-goom' '--enable-caca' '--enable-qt' '--enable-skins2' '--enable-sse' '--enable-mmx' '--enable-libcddb' '--enable-zvbi' '--disable-telx' '--enable-nls' '--host=i686-w64-mingw32' '--with-breakpad=https://win.crashes.videolan.org' 'host_alias=i686-w64-mingw32' 'PKG_CONFIG_LIBDIR=/home/jenkins/workspace/vlc-release/windows/vlc-release-win32-x86/contrib/i686-w64-mingw32/lib/pkgconfig'
vlc.exe
main libvlc debug: using multimedia timers as clock source
vlc.exe
main libvlc debug: min period: 1 ms, max period: 1000000 ms
vlc.exe
main libvlc debug: searching plug-in modules
vlc.exe
main libvlc debug: loading plugins cache file C:\Program Files\VideoLAN\VLC\plugins\plugins.dat
vlc.exe
main libvlc debug: recursively browsing `C:\Program Files\VideoLAN\VLC\plugins'
vlc.exe
main libvlc error: stale plugins cache: modified C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Exploitefinal-pascalkoven.py