Overview

overview

1

Static

static

1

PhotoScape...0.appx

windows7-x64

PhotoScape...0.appx

windows10-2004-x64

1

Analysis

  • max time kernel
    137s
  • max time network
    180s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-02-2023 15:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PhotoScapeXPro_2.9.0.0.appx

  • Size

    205.0MB

  • MD5

    c8bb65436bf9d6e59be89b79656f752a

  • SHA1

    ad1028b95b80e663b50941610fb3baa17c867b68

  • SHA256

    f96863ede9441e9d9ccfe5ac40b04c45da937fdede727e0338f8a149e83b212f

  • SHA512

    0ed36924230a9e8065e82b6b7e5778b041dfd5994fa9d90b389dac058075fd749dfbf4992d30919eddff6aa0a83df31f437bf97b7cc1542611ed16ffff8051e4

  • SSDEEP

    6291456:MmRzrUSIq6GjfADiHbOBOnSvrCbB2UHaqaTBh:pRzgBq6cfAD6OgKrD6taL

Score
1/10

Malware Config

Signatures

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell start shell:AppsFolder\MooiiTech.PhotoScapeXPro_f5eddttrpssna!MooiiTech.PhotoScapeXPro
    1⤵
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1836
  • C:\Windows\system32\Clipup.exe
    "C:\Windows\system32\Clipup.exe" -p -pfm MooiiTech.PhotoScapeXPro_f5eddttrpssna
    1⤵
      PID:3124
      • C:\Windows\system32\Clipup.exe
        "C:\Windows\system32\Clipup.exe" -p -pfm MooiiTech.PhotoScapeXPro_f5eddttrpssna -ppl C:\Windows\TEMP\tem48B1.tmp
        2⤵
          PID:4652

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\TEMP\tem48B1.tmp
        Filesize

        32B

        MD5

        3a696dbd1a68a556870c204865719787

        SHA1

        161f8934ed3fc5133b1d3b93c44ee2b8a482725a

        SHA256

        d049946b7e31069d77406134dfcad4cdab5247777b1a560c7719b47f56dcc194

        SHA512

        ffabbfc291f644f9b17df375bf4a1635b584ffcea9f544168e1c5b40ad637d29b86e1e8d6c57075eead2a1e0542508cca43204d3b795d5c290ffa7cbff18e529

        Download Submit

      • memory/1836-132-0x0000025BB3290000-0x0000025BB32B2000-memory.dmp

        Filesize

        136KB

        Download

      • memory/1836-133-0x00007FF99EF80000-0x00007FF99FA41000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/1836-134-0x00007FF99EF80000-0x00007FF99FA41000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/3124-135-0x0000019A96430000-0x0000019A96440000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3124-136-0x0000019A96430000-0x0000019A96440000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3124-142-0x0000019A96430000-0x0000019A96440000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3124-143-0x0000019A96430000-0x0000019A96440000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4652-138-0x000002723A600000-0x000002723A610000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4652-137-0x000002723A600000-0x000002723A610000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4652-139-0x000002723A600000-0x000002723A610000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4652-140-0x000002723A600000-0x000002723A610000-memory.dmp

        Filesize

        64KB

        Download