Overview

overview

10

Static

static

4

Adobe-Phot...op.exe

windows7_x64

Adobe-Phot...op.exe

windows10-2004_x64

10

Adobe-Phot...ft.exe

windows7_x64

1

Adobe-Phot...ft.exe

windows10-2004_x64

1

Adobe-Phot...er.exe

windows7_x64

1

Adobe-Phot...er.exe

windows10-2004_x64

1

Adobe-Phot...er.exe

windows7_x64

1

Adobe-Phot...er.exe

windows10-2004_x64

1

Adobe-Phot...10.dll

windows7_x64

1

Adobe-Phot...10.dll

windows10-2004_x64

1

Adobe-Phot...??.dll

windows7_x64

3

Adobe-Phot...??.dll

windows10-2004_x64

3

Adobe-Phot...rv.dll

windows7_x64

3

Adobe-Phot...rv.dll

windows10-2004_x64

3

Adobe-Phot...er.dll

windows7_x64

1

Adobe-Phot...er.dll

windows10-2004_x64

1

Adobe-Phot...re.dll

windows7_x64

1

Adobe-Phot...re.dll

windows10-2004_x64

1

Adobe-Phot...PS.dll

windows7_x64

10

Adobe-Phot...PS.dll

windows10-2004_x64

10

Adobe-Phot...te.url

windows7_x64

1

Adobe-Phot...te.url

windows10-2004_x64

1

Adobe-Phot...al.pdf

windows7_x64

1

Adobe-Phot...al.pdf

windows10-2004_x64

1

Adobe-Phot...el.exe

windows7_x64

1

Adobe-Phot...el.exe

windows10-2004_x64

1

Adobe-Phot...64.exe

windows7_x64

1

Adobe-Phot...64.exe

windows10-2004_x64

1

Adobe-Phot...ll.dll

windows7_x64

1

Adobe-Phot...ll.dll

windows10-2004_x64

1

Adobe-Phot...64.dll

windows7_x64

10

Adobe-Phot...64.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    148s
  • max time network
    321s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    20-04-2022 22:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Adobe-Photoshop-CC-2022-1.4-main/packages/packages/AppInfo/Microsoft Analysis Services/AS OLEDB/110/xmsrv ? ?????.dll

  • Size

    30.1MB

  • MD5

    1aea956e1b619bf7a19d8273c4746377

  • SHA1

    a4d1c8362cfc5186dba47660bcd262dcd15ad7f4

  • SHA256

    4a0934949784137f30f3f3b60f8cd8e10ffed0aa0d4eece58a3792072522611b

  • SHA512

    8e192ab562f0c7cb122a525868376204229cea36d9521d521891b8f904d4888ae0ae8ca1717daf89c2379192a57462cf83afaae212db1213da47016a040c1a24

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Adobe-Photoshop-CC-2022-1.4-main\packages\packages\AppInfo\Microsoft Analysis Services\AS OLEDB\110\xmsrv _ _____.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2456
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Adobe-Photoshop-CC-2022-1.4-main\packages\packages\AppInfo\Microsoft Analysis Services\AS OLEDB\110\xmsrv _ _____.dll",#1
      2⤵
      • Checks processor information in registry
      PID:5112
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 628
        3⤵
        • Program crash
        PID:2388
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5112 -ip 5112
    1⤵
      PID:4660

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Query Registry

    1
    T1012

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/5112-130-0x0000000000000000-mapping.dmp
      Download