Edit tour

Windows Analysis Report
#U821e#U8e48 #U4e66#U7b80 .mp3

Overview

General Information

Sample name:	#U821e#U8e48 #U4e66#U7b80 .mp3
Analysis ID:	1541198
MD5:	5e68bb8a9c2bc8217bc5a5eb1644d3a1
SHA1:	66d20de8ee3351156a8df81e6f9df0d6c57abe3d
SHA256:	4f611351b7336963d533c568734a33e3a7779e7cccf4d30dae33aad4a40f0500

Detection

Score:	21
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Query firmware table information (likely to detect VMs)

Allocates memory with a write watch (potentially for evading sandboxes)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Queries the volume information (name, serial number etc) of a device

Classification

Process Tree

System is w10x64native

Microsoft.Media.Player.exe (PID: 8820 cmdline: "C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe" -ServerName:Microsoft.ZuneMusic.AppXr954g6gg1tvs748d5g67zt981dvpmnr6.mca MD5: C99D9CA26E037E243B3C0F13BA59CC05)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: Microsoft.Media.Player.exe, 00000002.00000002.2206101649.000002A92C7F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://musicmatch-ssl.xboxlive.com/en-US/albums/suggest
Source: Microsoft.Media.Player.exe, 00000002.00000002.2206101649.000002A92C7F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://musicmatch-ssl.xboxlive.com/en-US/tracks/match

Source: classification engine

Classification label: sus21.evad.winMP3@1/6@0/0

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe

File created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\MediaPlayer.db

Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: microsoft.media.player.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: sharedlibrary.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mrt100_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: e_sqlite3.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: clrcompression.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mrt100_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: vcruntime140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mrt100.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.xaml.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.staterepositorycore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.staterepositoryclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.xaml.phone.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.xaml.controls.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: uiamanager.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.core.textinput.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.ui.immersive.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.storage.applicationdata.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: rometadata.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: capabilityaccessmanagerclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: usermgrproxy.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mfplat.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: rtworkq.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: comppkgsup.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.playback.mediaplayer.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.mediacontrol.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mfmediaengine.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.devices.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.media.playback.proxystub.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: profext.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.applicationmodel.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.devices.custom.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.devices.enumeration.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: devdispitemprovider.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: msvcp140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: vcruntime140_1_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.energy.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.graphics.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.staterepositorybroker.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windows.devices.picker.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: playtomanager.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: directmanipulation.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: threadpoolwinrt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: wuceffects.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mfsrcsnk.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mfcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: mp3dmod.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: msdmo.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: resampledmo.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Section loaded: dwmapi.dll	Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: #U821e#U8e48 #U4e66#U7b80 .mp3

Static file information: File size 3018439 > 1048576

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe

System information queried: FirmwareTableInformation

Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A92C720000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A944720000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A944A90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A944F40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A944FE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A947D70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A947D80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A947DB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F240000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F250000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F4C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F4D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F4E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F5F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F800000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F810000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F830000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F820000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F840000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F850000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F860000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F880000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F870000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F890000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F980000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F9B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F9C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94F9F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FC30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FC40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FC50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FC60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FD30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FD40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FD50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FD70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FD80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FDA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FDC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A94FDD0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Memory allocated: 2A950800000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe

Window / User API: threadDelayed 1628

Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\resources\fonts\MediaPlayerIcons.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	111 Virtualization/Sandbox Evasion	LSASS Memory	111 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	1 Application Window Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	11 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Name	Source	Malicious	Antivirus Detection	Reputation
https://musicmatch-ssl.xboxlive.com/en-US/albums/suggest	Microsoft.Media.Player.exe, 00000002.00000002.2206101649.000002A92C7F8000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://musicmatch-ssl.xboxlive.com/en-US/tracks/match	Microsoft.Media.Player.exe, 00000002.00000002.2206101649.000002A92C7F8000.00000004.00000800.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541198
Start date and time:	2024-10-24 15:08:25 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 58s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	#U821e#U8e48 #U4e66#U7b80 .mp3
Detection:	SUS
Classification:	sus21.evad.winMP3@1/6@0/0
Cookbook Comments:	Found application associated with file extension: .mp3

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, RuntimeBroker.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, ApplicationFrameHost.exe, svchost.exe
Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, ctldl.windowsupdate.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: #U821e#U8e48 #U4e66#U7b80 .mp3

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
File Type:	SQLite 3.x database, last written using SQLite version 3033000, writer version 2, read version 2, file counter 1, database pages 1, cookie 0, schema 0, unknown 0 encoding, version-valid-for 1
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	0.0905602561507182
Encrypted:	false
SSDEEP:	3:lSWFN3sl+ltlh6lXll:l9Fys10
MD5:	287A8DA9F4322ECF1C410C63EE2B033E
SHA1:	8256BF1D4AC6B126F0752DA1E850CF9415998F3C
SHA-256:	4B0F372CF45FCDB0A93E0DE44D25C2A6334E7F89B94CC3E4C4E0588F89314FE2
SHA-512:	3B8ECC7757702AAF04469C7373959650DC82FE02FFD9AC5987A2EAADF3C25D4E1A918E41B7363E327F98739FADAF8DAE4BFB96A8C7FF7258B7BAF55936715819
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................G.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\MediaPlayer.db-journal

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.26467752604825584
Encrypted:	false
SSDEEP:	3:7FEG2l/RfbltHlFll:7+/l/R
MD5:	B0ECBB112168AD4522C8AE601C2D0384
SHA1:	B7D03B7C41FEF40588ACB821404E421BF029048A
SHA-256:	D5317370CCF2F6C29B4B5A420F8781339E649AD9C9593ECBD14F17025B3E7E2C
SHA-512:	D080CF4FA65D7CA815EB844E060EB20C4FE685CBE1197F581B6E24A518CE0BC8AF1FA633910D0F00401A59BDF8A0DED1FA28690C5162E12459DD5E9ABE9DF537
Malicious:	false
Reputation:	low
Preview:	.... .c.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\MediaPlayer.db-shm

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.12017039547772755
Encrypted:	false
SSDEEP:	12:3yLC9nl/8cl/c8l/cstccl/xwcl/csMcKsuZqaK6wR:3yuf8cyUc30ScdK/qaK6w
MD5:	4B354C368752E5F9EB438FCCDC172FC4
SHA1:	E0E83EADA1700D69C3940274372523B9671185F6
SHA-256:	AD246480B0E4B1625498F42930DA5BB7D5551FED0D24EF8427B347E9F505DBEA
SHA-512:	B8E2CAA705F8B529642A2A8FFFD4B340E5C421B22526E7B7A3193570C9176DABBD6DEBB64D96E2B7A5402A1EB70F995BADB6E590D0C037D4F85E1E5985EB597D
Malicious:	false
Reputation:	low
Preview:	..-.............]...N...&...1.....>D=L ..~..@.....-.............]...N...&...1.....>D=L ..~..@...........]............................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-.................../...0...1...2...3...4...5...6...7...8...9...:...;...<...............2...=...>...?...@...A...B...C...D...E...F...G...H.......H...I...J...K...L...M...N.......I...J...K...L...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\MediaPlayer.db-wal

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	383192
Entropy (8bit):	1.4514348209342103
Encrypted:	false
SSDEEP:	6144:bMxXRALMxXRA0fMxXRA7MxXRAOMxXRArMxXRAbMxXRArMxXRA7:bMxXRALMxXRAKMxXRA7MxXRAOMxXRArJ
MD5:	590CD7746031EA7E923DBE22978C4AC2
SHA1:	D7D1AB70EBD8D3A445AB38726268B21D11DAAADC
SHA-256:	2F8CF3317B3924C66EBEC2B1145D0B1713B7F05FE51A8E545FD514EEDB28E51E
SHA-512:	7C9B5F9EA91530CB0E158802ABD73AC08383B41290CCBFAE555A8FC81C7AA3668901620617A2D5B0D06F174893ADC67734A784F28079A2B2E72B341177FC5FB8
Malicious:	false
Reputation:	low
Preview:	7....-............>D=L ..%.!.-............>D=L ...0..V..SQLite format 3......@ ..........................................................................G..........8...'..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	1.1810939844349462
Encrypted:	false
SSDEEP:	24:a44WCnAlDuUbwB76//+wB7sOiXn+p6Z/bvOqONz4eM11i8dqmcD:zJ6c87k73sTii1iaw
MD5:	57EB619D0D0E4831C5B47A12113313E3
SHA1:	C1D0A878894A59C43002AAFD9344EDEDB7B137BB
SHA-256:	87C4699396D0FD19C5B15DECB4574B92338CBCA9EAFDD167F0ECEAF0AB70D643
SHA-512:	409A72965D75E185B3B986BBDC130037044F59BEBE7041BA4AD242DBC08DCE41303F0B79AE85CF366BA164AEE529624574531FB118EA65B1943AAEADE50B6FC8
Malicious:	false
Reputation:	low
Preview:	regf........b.Q.7.................. ...........y.b.3.d.8.b.b.w.e.\.S.e.t.t.i.n.g.s.\.s.e.t.t.i.n.g.s...d.a.t...y..j.....J.....y..j.....J.........z..j.....J.....rmtmn..'.&...............................................................................................................................................................................................................................................................................................................................................Rm.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.LOG1

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	1.2170328009693285
Encrypted:	false
SSDEEP:	24:344W++7nAlDuUbwB76//+wB7sOiXn+p6Z/bvOqONz4eM11i8dqmcD:oJ1jc87k73sTii1iaw
MD5:	985085FCEB63F081CE5908190F5C7E37
SHA1:	BA892689340DE4E1628C61D12412994C8BE08D51
SHA-256:	C5201241C8AAF4F5688A0B903ED637090ADD7470FA67232BAED550C0B1EF4A40
SHA-512:	245AB3FD3834BBF0337C7C9DDA294BEE53F5B6DA0D5D131C7631777AF00244B1AA95AC4715F3AC5BB0F80AC6D2DF7F3F3881B4B607D7980A58F30E27F6FC6FE7
Malicious:	false
Reputation:	low
Preview:	regf........b.Q.7.................. ...........y.b.3.d.8.b.b.w.e.\.S.e.t.t.i.n.g.s.\.s.e.t.t.i.n.g.s...d.a.t...y..j.....J.....y..j.....J.........z..j.....J.....rmtmn..'.&...............................................................................................................................................................................................................................................................................................................................................Rm.HvLE....................IpH._.......\|.?.........hbin................b.Q.7..........nk,.T...7...... ...........................x...............................Test....p...sk..h...h.......t.......H...X.............4.........?.......................?....................... ... ...............YQ..fr]%dc;.............vk......8...........Music.LastQueryTime..............1..t..'.&...........~.K.&...~.K.&..`...p...sk..x...x.......t.......H...X.............4.........?.......................

Static File Info

General

File type:	Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo
Entropy (8bit):	7.927238848925224
TrID:	MP3 audio (ID3 v2.x tag) (3003/1) 100.00%
File name:	#U821e#U8e48 #U4e66#U7b80 .mp3
File size:	3'018'439 bytes
MD5:	5e68bb8a9c2bc8217bc5a5eb1644d3a1
SHA1:	66d20de8ee3351156a8df81e6f9df0d6c57abe3d
SHA256:	4f611351b7336963d533c568734a33e3a7779e7cccf4d30dae33aad4a40f0500
SHA512:	5a043347f51c505669cda7d7233901f31db1ccf8fddce8f2c4d473a05abf861089cd2f368e2c05f209a71f304342c873deec2c68e3cec5068e67c5fc09d021ba
SSDEEP:	49152:9XsnyQqkrQCeA9ftoL0EtbemI/1kaoU6/bXgPpnn9zKQsO4kDwNMqeRwXnNSICOy:9C3qGnJ9ftoL0ENeTiM6bgP3akwS9WNw
TLSH:	FCD533B8BDD6C364D05E95B2424D1373268A7DFD2B71AA83B05FFD2923B7099D20508B
File Content Preview:	ID3.....H.TYER.......2023.TDAT.......0703.TIME.......1204.PRIV......XMP.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 ">. <rdf:RDF xmlns:rdf

File Icon


Icon Hash:	74f0ccd6d6cce0c4

Target ID:	2
Start time:	09:10:52
Start date:	24/10/2024
Path:	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe" -ServerName:Microsoft.ZuneMusic.AppXr954g6gg1tvs748d5g67zt981dvpmnr6.mca
Imagebase:	0x7ff726f10000
File size:	29'184 bytes
MD5 hash:	C99D9CA26E037E243B3C0F13BA59CC05
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of open application windows. Window listings could convey information about how the system is used.For example, information about application windows could be used identify potential data to collect as well as identifying security tooling ( Security Software Discovery ) to evade.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report #U821e#U8e48 #U4e66#U7b80 .mp3

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\MediaPlayer.db

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\MediaPlayer.db-journal

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\MediaPlayer.db-shm

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\MediaPlayer.db-wal

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat

C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.LOG1

Static File Info

General

File Icon

Network Behavior

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: Microsoft.Media.Player.exePID: 8820, Parent PID: 600

General

Chronological Activities

Disassembly

Windows Analysis Report
#U821e#U8e48 #U4e66#U7b80 .mp3