e6c7dd630e76632a770ec761bfdedca0e7cd0e1a05f2f74d7377d1784536726c | Triage

Resubmissions

30-04-2021 16:49

210430-h6a8netf2n 9

30-04-2021 16:32

210430-lpgpszxlg2 1

Analysis

max time kernel
4s
max time network
8s
platform
windows7_x64
resource
win7v20210410
submitted
30-04-2021 16:49

Sharing

Report Analysis Logs

General

Target

valuePasteList.dll
Size

57KB
MD5

d9ab20b129af3b50e9fd72e87025cebb
SHA1

07abe3a40d3ce2dab5c4ab51e57469cb79c90ce1
SHA256

e6c7dd630e76632a770ec761bfdedca0e7cd0e1a05f2f74d7377d1784536726c
SHA512

c2175e061b7b8da53c34e6295e5eb4b6598d341ab0b21bdde86a5be19581145998e8aed8cb17622044f54c94f1256ac7e90fa21481c647360c69ed3fac73227c

Score

9^/10

Photoloader

Malware Config

Signatures

PhotoLoader Payload 1 IoCs

IcedID downloder-Photloader.

Processes:

resource	yara_rule
behavioral1/memory/2000-61-0x0000000001D50000-0x0000000001DA4000-memory.dmp	crime_win32_icedid_stage1

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

2000 regsvr32.exe
2000 regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\valuePasteList.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2000-60-0x000007FEFC411000-0x000007FEFC413000-memory.dmp

Filesize
8KB

Download
memory/2000-61-0x0000000001D50000-0x0000000001DA4000-memory.dmp

Filesize
336KB

Download