Overview

overview

6

Static

static

1

emoticono-...71.jpg

windows7-x64

6

emoticono-...71.jpg

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2023, 01:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    emoticono-sorprendido-sorprendido-asustado-o-asombrado-con-ojos-salvajes-de-la-toma-que-salen-y-la-mandibula-que-cae-2bwx971.jpg

  • Size

    62KB

  • MD5

    9dcda9c290a7d1e9e6a029adceaf0eda

  • SHA1

    4cd2edf94cb4598f65594541480a413538d47c79

  • SHA256

    a87e3d8cde1d9359c038fccf70e3cf9e74ecaefdcec2f82a6456061bd4bc1e1f

  • SHA512

    23a6f7a23cbb15487ab670334e6789d630ddff9ee64c4966a58fd7544083e37582973bcaa3b5a5cf3d15009ea70ad305ae32364222c6d248de76315b762d58f6

  • SSDEEP

    1536:fafIDL0oj3PctWY3e+lG305uc2YSPhX6IWHlKmeGkXzMeOL:fSI/7IW+wSuzAJHreX9a

Score
6/10

Malware Config

Signatures

  • Drops desktop.ini file(s) 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\emoticono-sorprendido-sorprendido-asustado-o-asombrado-con-ojos-salvajes-de-la-toma-que-salen-y-la-mandibula-que-cae-2bwx971.jpg
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1276
  • C:\Program Files\Microsoft Games\minesweeper\minesweeper.exe
    "C:\Program Files\Microsoft Games\minesweeper\minesweeper.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2364

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{89FE5CB3-11CB-489C-AC0D-0C0B6707E1F6}\{89FE5CB3-11CB-489C-AC0D-0C0B6707E1F6}.gamestats
    Filesize

    3KB

    MD5

    11b1cb66abbbe81e007ddd2959f6b068

    SHA1

    f87a67ffe354b00cbb2f492701b6429762e9c87f

    SHA256

    cb5314886a9d885e9d9df33497476223bd30ead81d8cd8ddb7a977bf15675184

    SHA512

    efcba4aaddaea5e60c120811bf8e04664fea877b4fdf3559aac086a68ad679a8561d43b53a76ee6bef5d5ca8b4bd452a22082ed8a68a78ead7bde02b106230bb

    Download Submit

  • memory/1276-54-0x0000000000310000-0x0000000000311000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2364-60-0x00000000004D0000-0x00000000004DA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2364-61-0x00000000004D0000-0x00000000004DA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2364-62-0x00000000004E0000-0x00000000004E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2364-63-0x0000000001E10000-0x0000000001E1A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2364-66-0x000007FEF63B0000-0x000007FEF64E1000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2364-70-0x00000000004D0000-0x00000000004DA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2364-76-0x00000000004E0000-0x00000000004E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2364-77-0x0000000001E10000-0x0000000001E1A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2364-78-0x0000000001E10000-0x0000000001E1A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2364-79-0x000007FEF63B0000-0x000007FEF64E1000-memory.dmp

    Filesize

    1.2MB

    Download