Overview

overview

7

Static

static

CrossPilot.zip

windows7-x64

1

CrossPilot.zip

windows10-2004-x64

1

_locales/e...s.json

windows7-x64

3

_locales/e...s.json

windows10-2004-x64

3

_metadata/...s.json

windows7-x64

3

_metadata/...s.json

windows10-2004-x64

3

css/opera-store.css

windows7-x64

3

css/opera-store.css

windows10-2004-x64

7

css/options.css

windows7-x64

3

css/options.css

windows10-2004-x64

7

css/page.css

windows7-x64

3

css/page.css

windows10-2004-x64

7

css/popup.css

windows7-x64

3

css/popup.css

windows10-2004-x64

7

html/options.html

windows7-x64

1

html/options.html

windows10-2004-x64

1

html/page.html

windows7-x64

1

html/page.html

windows10-2004-x64

1

html/popup.html

windows7-x64

1

html/popup.html

windows10-2004-x64

1

html/sandbox.html

windows7-x64

1

html/sandbox.html

windows10-2004-x64

1

images/icons/128.png

windows7-x64

3

images/icons/128.png

windows10-2004-x64

3

images/icons/16.png

windows7-x64

3

images/icons/16.png

windows10-2004-x64

3

images/icons/32.png

windows7-x64

3

images/icons/32.png

windows10-2004-x64

3

images/icons/64.png

windows7-x64

3

images/icons/64.png

windows10-2004-x64

3

images/ico...up.png

windows7-x64

3

images/ico...up.png

windows10-2004-x64

3

Analysis

  • max time kernel
    42s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    31/01/2023, 19:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    images/icons/popup.png

  • Size

    6KB

  • MD5

    c50cdd7ca997988c633963d25aeea68a

  • SHA1

    5b8ff4775ccc2f5bdd8f9acf8c1b215b76c6493d

  • SHA256

    c385524c66436e5828812a7f9a1a332f7e959ecfe6ad1d9450bb5637fe85587a

  • SHA512

    f44d4940e8cd2fa15762ef981c58aa73cb344887d078e796f59f604d1799b5a536d67bdadd6af0591ffffc6c63be59ea5aa67b224ee60594d65d98ab9f88c246

  • SSDEEP

    96:WSID1MpuFXHNx3kK0g1ABpiIJDtmCKRXlVLOyqILXI2tAjn47rT7s+n1Jai73:WSIHXYqAPZtmC4lwmX1qj4s+nLaq3

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\images\icons\popup.png
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:880

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/880-54-0x000007FEFC521000-0x000007FEFC523000-memory.dmp

    Filesize

    8KB

    Download