| File name: | documentary.m3u |
| Full analysis: | https://app.any.run/tasks/e1f26f09-ab07-4bd3-aa48-f2deb78371e2 |
| Verdict: | Malicious activity |
| Analysis date: | December 04, 2023, 02:10:06 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | text/plain |
| File info: | M3U playlist, UTF-8 Unicode text, with very long lines |
| MD5: | 71EE5543DE7FF7DAA2B0528CEF546AB0 |
| SHA1: | FD9C80F130152CFFF53A5B3234D6D1D43E591E90 |
| SHA256: | FD6697B12E9697ED21B4785B2F3931050697AE4557F34C5A47B5779CBAD56F80 |
| SSDEEP: | 384:XkcG9aq5MhSQHXA8NYVRIyHOTKhaMcvRcz5PmF0cWjYC1q5i0XhKN+cSYT4Taac/:Xlmaq5M4mXLiqyc1dk3AgCLBe |
MALICIOUS
No malicious indicators.SUSPICIOUS
Reads settings of System Certificates
- vlc.exe (PID: 844)
INFO
Checks supported languages
- vlc.exe (PID: 844)
- wmpnscfg.exe (PID: 1852)
Manual execution by a user
- wmpnscfg.exe (PID: 1852)
Reads the computer name
- vlc.exe (PID: 844)
- wmpnscfg.exe (PID: 1852)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .m3u | | | Extended M3U playlist (100) |
|---|
Total processes
38
Monitored processes
2
Malicious processes
1
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 844 | "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\admin\Desktop\documentary.m3u" | C:\Program Files\VideoLAN\VLC\vlc.exe | explorer.exe | ||||||||||||
User: admin Company: VideoLAN Integrity Level: MEDIUM Description: VLC media player Exit code: 0 Version: 3.0.11 Modules
| |||||||||||||||
| 1852 | "C:\Program Files\Windows Media Player\wmpnscfg.exe" | C:\Program Files\Windows Media Player\wmpnscfg.exe | — | explorer.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Media Player Network Sharing Service Configuration Application Exit code: 0 Version: 12.0.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
Total events
29 317
Read events
29 305
Write events
12
Delete events
0
Modification events
| (PID) Process: | (844) vlc.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication |
| Operation: | write | Name: | Name |
Value: Explorer.EXE | |||
| (PID) Process: | (844) vlc.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication |
| Operation: | write | Name: | Name |
Value: vlc.exe | |||
Executable files
2
Suspicious files
0
Text files
1
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 844 | vlc.exe | C:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini | text | |
MD5:92B17E05951345EA76A88E4ECAC75E85 | SHA256:64AA03CBC965409777B58DF2DC57AE993511AB4F9160CFFC718CB6D60571A4F0 | |||
| 844 | vlc.exe | C:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.qHp844 | text | |
MD5:92B17E05951345EA76A88E4ECAC75E85 | SHA256:64AA03CBC965409777B58DF2DC57AE993511AB4F9160CFFC718CB6D60571A4F0 | |||
| 844 | vlc.exe | C:\Users\admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock | text | |
MD5:9EA1D5510EA89CA0C4178CB3770BAFD0 | SHA256:084AC03E31D4BBCBF1F53F69BC8D871CCFDE653EA9FFB0CA67559E77D653EA0A | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
28
DNS requests
4
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
1080 | svchost.exe | 224.0.0.252:5355 | — | — | — | unknown |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
844 | vlc.exe | 18.66.112.125:443 | stitcher-ipv4.pluto.tv | AMAZON-02 | US | unknown |
2588 | svchost.exe | 239.255.255.250:1900 | — | — | — | whitelisted |
868 | svchost.exe | 23.35.228.137:80 | — | AKAMAI-AS | DE | unknown |
844 | vlc.exe | 18.245.86.24:443 | siloh-ns1.plutotv.net | — | US | unknown |
868 | svchost.exe | 184.30.20.134:80 | armmf.adobe.com | AKAMAI-AS | DE | unknown |
844 | vlc.exe | 18.245.86.26:443 | siloh-ns1.plutotv.net | — | US | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
stitcher-ipv4.pluto.tv |
| unknown |
siloh-ns1.plutotv.net |
| unknown |
armmf.adobe.com |
| whitelisted |
dns.msftncsi.com |
| shared |
Threats
Process | Message |
|---|---|
vlc.exe | main libvlc debug: recursively browsing `C:\Program Files\VideoLAN\VLC\plugins'
|
vlc.exe | main libvlc debug: revision 3.0.11-0-gdc0c5ced72
|
vlc.exe | main libvlc debug: VLC media player - 3.0.11 Vetinari
|
vlc.exe | main libvlc debug: Copyright © 1996-2020 the VideoLAN team
|
vlc.exe | main libvlc debug: searching plug-in modules
|
vlc.exe | main libvlc debug: loading plugins cache file C:\Program Files\VideoLAN\VLC\plugins\plugins.dat
|
vlc.exe | main libvlc debug: min period: 1 ms, max period: 1000000 ms
|
vlc.exe | main libvlc debug: configured with ../extras/package/win32/../../../configure '--enable-update-check' '--enable-lua' '--enable-faad' '--enable-flac' '--enable-theora' '--enable-avcodec' '--enable-merge-ffmpeg' '--enable-dca' '--enable-mpc' '--enable-libass' '--enable-schroedinger' '--enable-realrtsp' '--enable-live555' '--enable-dvdread' '--enable-shout' '--enable-goom' '--enable-caca' '--enable-qt' '--enable-skins2' '--enable-sse' '--enable-mmx' '--enable-libcddb' '--enable-zvbi' '--disable-telx' '--enable-nls' '--host=i686-w64-mingw32' '--with-breakpad=https://win.crashes.videolan.org' 'host_alias=i686-w64-mingw32' 'PKG_CONFIG_LIBDIR=/home/jenkins/workspace/vlc-release/windows/vlc-release-win32-x86/contrib/i686-w64-mingw32/lib/pkgconfig'
|
vlc.exe | main libvlc debug: using multimedia timers as clock source
|
vlc.exe | main libvlc debug: plug-ins loaded: 494 modules
|