Overview

overview

10

Static

static

boysLove.jpg.dll

windows7_x64

10

boysLove.jpg.dll

windows10_x64

10

Resubmissions

21-07-2021 14:13

210721-dgevqhqh56 10

Analysis

  • max time kernel
    108s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    21-07-2021 14:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    boysLove.jpg.dll

  • Size

    454KB

  • MD5

    a54bf8f8470245c908cc1de6063e04fc

  • SHA1

    a02f9a05c2fb54d898b71da065e87501ab60828c

  • SHA256

    738f4267728385be1d6336685338a0af96f09587218dbc6b3b88db07d1326877

  • SHA512

    1905141e3000aa2296fff83e0d2f576a7b8e5f3ef26bd884476aa38bc4dbc53e61dc0c9a0f31a9e0d320d932758b2da43cb4e6986607000ffdebd83ec0244680

Score
10/10

Malware Config

Signatures

  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1228
      • C:\Windows\system32\regsvr32.exe
        regsvr32 /s C:\Users\Admin\AppData\Local\Temp\boysLove.jpg.dll
        2⤵
        • Suspicious use of NtCreateUserProcessOtherParentProcess
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1856
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        2⤵
          PID:1048
      • C:\Windows\system32\regsvr32.exe
        regsvr32 /s "C:\Users\Admin\AppData\Local\Temp\boysLove.jpg.dll"
        1⤵
          PID:1892

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          MD5

          2902de11e30dcc620b184e3bb0f0c1cb

          SHA1

          5d11d14a2558801a2688dc2d6dfad39ac294f222

          SHA256

          e6a7f1f8810e46a736e80ee5ac6187690f28f4d5d35d130d410e20084b2c1544

          SHA512

          efd415cde25b827ac2a7ca4d6486ce3a43cdcc1c31d3a94fd7944681aa3e83a4966625bf2e6770581c4b59d05e35ff9318d9adaddade9070f131076892af2fa0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          MD5

          e927af0ae98adcdc7286decc9bb9e8ea

          SHA1

          fb1cb8736b937c2b044cd8221e816c3624d341c8

          SHA256

          a51271674acea7960837833779f9fd340c364411e6a5b1a6326d510654969def

          SHA512

          6e1d5b65546678b608e489f036ec80ed14f47a255de17dd198653072c6a3efa4500b3730b10797bb1f4260091529cbb6c00de6bcd00125e81c1dee588b24aff3

          Download Submit

        • memory/1048-62-0x000000013F7277D8-mapping.dmp

          Download

        • memory/1048-61-0x000000013F510000-0x000000013F755000-memory.dmp

          Filesize

          2.3MB

          Download

        • memory/1048-63-0x000000013F510000-0x000000013F755000-memory.dmp

          Filesize

          2.3MB

          Download

        • memory/1856-59-0x000007FEFBD21000-0x000007FEFBD23000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1856-60-0x0000000001F70000-0x000000000221A000-memory.dmp

          Filesize

          2.7MB

          Download

        • memory/1892-65-0x0000000001FD0000-0x000000000227A000-memory.dmp

          Filesize

          2.7MB

          Download