Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system -
submitted
09-04-2023 14:04
Static task
static1
Behavioral task
behavioral1
Sample
photowiz.exe
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
photowiz.exe
Resource
win7-20230220-en
Behavioral task
behavioral3
Sample
photowiz.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral4
Sample
photowiz.exe
Resource
android-x86-arm-20220823-en
Behavioral task
behavioral5
Sample
photowiz.exe
Resource
android-x64-20220823-en
Behavioral task
behavioral6
Sample
photowiz.exe
Resource
android-x64-arm64-20220823-en
Behavioral task
behavioral7
Sample
photowiz.exe
Resource
macos-20220504-en
Behavioral task
behavioral8
Sample
photowiz.exe
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral9
Sample
photowiz.exe
Resource
ubuntu1804-amd64-20221111-en
General
-
Target
photowiz.exe
-
Size
340KB
-
MD5
7cd1742ccc4825f94908744365330e08
-
SHA1
e402f4da98420b44442bf8feff0d4fa3075a375c
-
SHA256
003a6be25aed1e04592c3f6a153055b6c2e50f136315a079e99140d0f00c953a
-
SHA512
31f0d7baa5377e3ab0755aef2cc31200b72558abea14a69d9ac239fe4c586cbb9bdf5b53abd46877fc347c5377158d727c4c4ca0a82af4228c061cdc7e25991d
-
SSDEEP
6144:87v0APRNxu6+LJf484GOH2ELUF+CDcciNFd5lIj0O:IxeLJw8Z4LUF+CD5qd5K
Malware Config
Extracted
emotet
Epoch1
185.215.227.107:443
51.38.124.206:80
38.88.126.202:8080
54.37.42.48:8080
172.104.169.32:8080
68.183.190.199:8080
187.162.248.237:80
82.76.111.249:443
184.66.18.83:80
190.6.193.152:8080
77.238.212.227:80
199.203.62.165:80
188.2.217.94:80
185.94.252.12:80
178.250.54.208:8080
206.15.68.237:443
65.36.62.20:80
216.47.196.104:80
219.92.8.17:8080
213.60.96.117:80
77.55.211.77:8080
72.167.223.217:8080
177.74.228.34:80
186.103.141.250:443
190.163.31.26:80
85.109.159.61:443
68.183.170.114:8080
213.197.182.158:8080
45.161.242.102:80
71.197.211.156:80
104.131.103.37:8080
94.176.234.118:443
190.2.31.172:80
5.196.35.138:7080
190.195.129.227:8090
67.247.242.247:80
64.201.88.132:80
152.169.22.67:80
24.135.1.177:80
191.182.6.118:80
51.159.23.217:443
110.142.219.51:80
68.69.155.181:80
82.196.15.205:8080
77.90.136.129:8080
181.129.96.162:8080
45.33.77.42:8080
95.9.180.128:80
192.241.146.84:8080
91.219.169.180:80
188.135.15.49:80
212.71.237.140:8080
98.13.75.196:80
72.47.248.48:7080
209.236.123.42:8080
217.13.106.14:8080
219.92.13.25:80
177.72.13.80:80
12.162.84.2:8080
177.73.0.98:443
50.121.220.50:80
185.178.10.77:80
216.10.40.16:80
61.92.159.208:8080
170.81.48.2:80
45.16.226.117:443
185.94.252.27:443
217.199.160.224:7080
178.79.163.131:8080
186.70.127.199:8090
91.121.54.71:8080
190.190.148.27:8080
190.24.243.186:80
138.97.60.141:7080
104.131.41.185:8080
73.213.208.163:80
181.30.61.163:443
103.106.236.83:8080
192.241.143.52:8080
87.106.46.107:8080
2.47.112.152:80
45.173.88.33:80
204.225.249.100:7080
111.67.77.202:8080
70.32.115.157:8080
111.67.12.221:8080
70.32.84.74:8080
58.171.153.81:80
190.147.137.153:443
190.115.18.139:8080
83.169.21.32:7080
5.189.178.202:8080
50.28.51.143:8080
137.74.106.111:7080
189.2.177.210:443
72.135.200.124:80
51.255.165.160:8080
Signatures
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
Processes:
photowiz.exepid process 4124 photowiz.exe 4124 photowiz.exe 4124 photowiz.exe 4124 photowiz.exe 4124 photowiz.exe 4124 photowiz.exe 4124 photowiz.exe 4124 photowiz.exe 4124 photowiz.exe 4124 photowiz.exe 4124 photowiz.exe 4124 photowiz.exe 4124 photowiz.exe 4124 photowiz.exe 4124 photowiz.exe 4124 photowiz.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
photowiz.exepid process 4124 photowiz.exe 4124 photowiz.exe