Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
19-02-2024 05:40
General
-
Target
_MG_2626-Edit.jpg_
-
Size
12.8MB
-
MD5
ef631b72dabeb4caff1e25d2f7b7bbed
-
SHA1
a3be67771294622e02b0c13da12e43171473a6e6
-
SHA256
23a77efe807e4ca1e7e0857a3dd4e672b2dc396d810db641ddbc72f1ab829315
-
SHA512
bffdcd5408a9301acf3515369ee91eda0731d49502d91ccda51247661a68bef5af5b39478866769cfaa8b3995006d2962cf8058a28764016349d4b838961e0b7
-
SSDEEP
196608:0fXECNZ5f/9s6nMOtu+0ThGsimziepWc9B+IibJMwCuSkZ18C53u8QQao:0fEG9sFgghGupW1fMbGZ18S3ucao
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 9 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\_MG_2626-Edit.jpg_1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\_MG_2626-Edit.jpg_2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\_MG_2626-Edit.jpg_"3⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD57d50a0df52eb2f08758d1830bd251730
SHA16f9c47b46f4be5d7848e20dab7d9a33c77abb143
SHA25687333ae500ce93f533f852d490639838ce3cadac528850b968351138d62d86b1
SHA512a2e8ace22780b37ae94eb774ca0992ca685da54fe3812627245530552e0c988f38165cfc50af52b75d836983c7dfab602d628d19c0b2777d9847429f45b3271c