Overview

overview

7

Static

static

7

PhotoDream...md.lnk

windows7-x64

3

PhotoDream...md.lnk

windows10-2004-x64

3

PhotoDream...lp.chm

windows7-x64

1

PhotoDream...lp.chm

windows10-2004-x64

1

PhotoDream...ce.dll

windows7-x64

7

PhotoDream...ce.dll

windows10-2004-x64

7

PhotoDream_ha/iis.exe

windows7-x64

7

PhotoDream_ha/iis.exe

windows10-2004-x64

7

PhotoDream...e.html

windows7-x64

1

PhotoDream...e.html

windows10-2004-x64

1

PhotoDream...��.exe

windows7-x64

1

PhotoDream...��.exe

windows10-2004-x64

1

PhotoDream...��.exe

windows7-x64

1

PhotoDream...��.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    0s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 03:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PhotoDream_ha/sample/sample.html

  • Size

    5KB

  • MD5

    215be643e7d7bedf18bbdcbd6226152b

  • SHA1

    9f7b5ec98cb21140914ede3e18f3de1ab7b7249c

  • SHA256

    29268da4a4f88dac6383cb9367dad4bd903c2c5b1cb936c96bfe311b16855059

  • SHA512

    9fdd7a47b46109bed0ce7582ec3212e997848e0c880f83ab81013f1c71af7f787883df9a2c593c0413dea733ab57357bbaf38d5f9f01e8d1e3115873112773ff

  • SSDEEP

    96:PbIIThmSqRQ3vJ5ZGgfSIACJMuU2ibAjrwT3kHVQzebVyfuVG9WavAAj7KBd4zye:U4hmSqRQ3vJ5ZGgfSfCJfpibAjrwT3kw

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\PhotoDream_ha\sample\sample.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1656
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1656 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2616

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    34c365a76162b5b5871d69a8e632edf7

    SHA1

    125ef6ee301e43b6d5437de95d7a056d5171d37a

    SHA256

    5bd2842840248f9839ba7f3230c356403b60c48dc024cc05f9a74099d7aa163d

    SHA512

    7d5c230441c2bac41c80afd69278ed85325b69ac1c35d76cfe32e1e7686de11e02dcb484407f35492761bc3c19dfd7b43e1dde5ff6d45f0ee0b3dc3b3dfec828

    Download Submit