Overview

overview

10

Static

static

9

111112.jpg.dll

windows7_x64

10

111112.jpg.dll

windows10_x64

1

Analysis

  • max time kernel
    149s
  • max time network
    113s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    26-11-2020 20:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    111112.jpg.dll

  • Size

    2.9MB

  • MD5

    008dbbd90f4850bd5100ec7f7a44a718

  • SHA1

    f40f99bab58d681f265cf1b6622cc087264c422c

  • SHA256

    aed677ba2f94ebf7b7b9b5df50f06f91764e0e040a546bc008bc808cd9b7fd81

  • SHA512

    6c02754f06976fda1dd2f24f1cd01e5156a184b1e1f65eef8010ebfade031960ff0ca203bcf7acc2ee45d04490a62366c59385e2c908d5a18204a3c12887d1ca

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 7 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Control Panel 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 25 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 38 IoCs
  • Suspicious use of SendNotifyMessage 39 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\111112.jpg.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3116
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\111112.jpg.dll,#1
      2⤵
        PID:668
    • C:\Windows\ImmersiveControlPanel\SystemSettings.exe
      "C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
      1⤵
      • Checks SCSI registry key(s)
      • Modifies Control Panel
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2188
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3148

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Query Registry

    1
    T1012

    Peripheral Device Discovery

    1
    T1120

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/668-2-0x0000000000000000-mapping.dmp
      Download