Overview

overview

3

Static

static

1

OMGMARVINM...ER.jpg

windows10-1703-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    158s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    28/02/2024, 19:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    OMGMARVINMOVIEPOSTER.jpg

  • Size

    12KB

  • MD5

    30915ead07e418186cc57a6a45580669

  • SHA1

    bc4ae653157621d55d0406cb83e42c56d824beb6

  • SHA256

    06d4415a7e646291607b793aa3d09fae98d5104fd669b3f5e0a9bf0d24ad1d07

  • SHA512

    7719fab8da9da518c419585f155216fda3c4165482b2480588e654f0fb76bd67cd1070783dfc48f787678f2c48d54939c887a360d3d65a55b1e102137a14bcea

  • SSDEEP

    384:F2pebNDSqA63aosE1G7Ydf7U2UWPJNQ1SctY:FkebNE27G7gIWJkScC

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\OMGMARVINMOVIEPOSTER.jpg
    1⤵
      PID:5040
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      1⤵
      • Modifies Internet Explorer Phishing Filter
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2008
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4944

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
      Filesize

      2KB

      MD5

      0c4cf2674cf09d47bef691b59da1a2b3

      SHA1

      92c69a79f25294b289bcb28954934ef92e2bdada

      SHA256

      6f8041ec74df39d90a3586e7b5a5fce202f0188eb372c8d428b6bde8cef56da2

      SHA512

      ac7ad7f9cfecbcc99ff29cc71b43f1b7abe5eeb9358974f7d128799f8cade1c3ce291f873509ff9a956a31573388f949c662e78f34539c70efc3b3d51f9d2d33

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
      Filesize

      4KB

      MD5

      1bfe591a4fe3d91b03cdf26eaacd8f89

      SHA1

      719c37c320f518ac168c86723724891950911cea

      SHA256

      9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

      SHA512

      02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      5b6d81f77f891be9efa742bbd2509a2f

      SHA1

      ad57da3eac1afa638b3ff6f97720fc568a48c28c

      SHA256

      6ae961632a3f8f4055909b466a1481cfa58f224a41f2d9941f51dc49b65379e9

      SHA512

      177a134f2b3db9a0812b26bb5a40c66f28f4e91c4a34211d0e6ad1d320f7b65796b2c440ab06c13d8c4c11c142adf386f1e03e79c7dc05f2cb8a6329c313d6b1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
      Filesize

      1KB

      MD5

      5b9dc51eb6ca5e3eb57730ccccac4f46

      SHA1

      07defab0c9026042c3c2163c7f62c3cf1bd0b2ae

      SHA256

      43dfc1607db310f03dcf964636f54ff9dbd749b80ff34f5f2d508e0ae8b4b6c8

      SHA512

      eb4dfcab07d111894bf57dd3f15d2ea1ee2535c492ea94587fd89fe282909d660b9218930a3ada93371b2d58640dc2fb3a9756c44a958d658b758ea91f3373d4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0802E4632F2005DDCC501E41C2958E5
      Filesize

      472B

      MD5

      57af19713425a7ec4fcc2c6c5ad68cad

      SHA1

      6737f5a0a35c9e4b9fc7939615ecd7280c4178c1

      SHA256

      0e000f566f3148f4df67c7198bde148d6427286467e46be497b65b9257c893f1

      SHA512

      53beb65a8405311245fff79c121731a0fc1b9d11a99066f05299f6cb23f0217205911ea84bf3c200a28af865f4a051bedf80fbc96b84e0459a1168e368fc69c5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
      Filesize

      488B

      MD5

      197c649e671ab0f6bd6556b9d5325fb0

      SHA1

      1c70025b148140185f450ea57bdd3e24025325d2

      SHA256

      4baac00cbf76a555d7395cf397f410d7c3f0ba3175f73af75a9da4411d880793

      SHA512

      dee4c4d7227a9c07daba0e01edf36ea7345e293a355d0496e6e90e9217cc801f8a5581ddc80fef07951a91371fa9e77447063e806b0e0b3f8fc0d07be1ee3c1f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
      Filesize

      338B

      MD5

      d19f3c3e413ec2bd9a9257af91c87d6e

      SHA1

      e7f510f09b25d2bfd25657c6941e020b4a218a41

      SHA256

      b9a17539e88b4d75179919b1d1c2f3698594868cd659bbcdb81b86c23a31b5c7

      SHA512

      51dc262591ae57f66c3d5dfe268c0614fc4e5d7ecd10c62b23b3b115683d22b33619eefff8808b300ef2ad48cfc0954777a77532eb6433b29a4db95dc8bd31ae

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      404B

      MD5

      301f16aff6dcd27c7cc65031d0ca7367

      SHA1

      516626616fb10283428215079358bc168d30d746

      SHA256

      c89665c08f7f1c23a31da9e6bdd7bed92836bdc7ead4fd7dbdacf55e5ca96633

      SHA512

      5c06bdd7a122a9bdbfe212aa50646e318e5881eda690e0be3ca9f67d4674f75dbbc0a76266db5e0ea70f2d223ea6b825809750bf155aec3082b3a3164ba6d4ba

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
      Filesize

      482B

      MD5

      611c08f9e069e541e0a7e2b9eab6ea78

      SHA1

      30c7ddfe326cf0c0037b1a1537c8512e15d84523

      SHA256

      0deb85efabd7f55d0c8f2357de5b4a8b5f8a05299a65986537ee4fb35056dbd9

      SHA512

      0bedcc0946a3d665bd5747a3b6f5e4846867017344de2876f3d49f99ce6c3666fc77655ae7ad3f6af1a085a991cbc2eee919a301d2d823ecb7d65496d0b04b66

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0802E4632F2005DDCC501E41C2958E5
      Filesize

      480B

      MD5

      6751da5ab8e9430e9442d062faa7e584

      SHA1

      ac8c75242529e452d036b6b31e0684066911db15

      SHA256

      66c7ffe9fbd15e80578c4490db26381e330397a7e523a8054fdbac6ddaafc8d5

      SHA512

      398de94f72dc2d3a154087d1004c3fd35ef2907e2fc661080d99dfd85d3fe2f975bf12a31baab68ac3d40e5e434387bc24ca2b8110131a76c4aef7671b246cb4

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\58SGIT5I\favicon-trans-bg-blue-mg[1].ico
      Filesize

      4KB

      MD5

      30967b1b52cb6df18a8af8fcc04f83c9

      SHA1

      aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

      SHA256

      439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

      SHA512

      7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\58SGIT5I\mPvxwP1Ufvl32ssSfm98yGE7vro[1].css
      Filesize

      50KB

      MD5

      b84ebe0795d71db67affce0388cfc1ad

      SHA1

      0b381fe0dfff39b0efa0c0bce530ec3b2fc245b3

      SHA256

      541b200e7cbec60f85c6a103e7501e0a4f0027125c348afcd71a2c5a2ace87d5

      SHA512

      4a7d95156a2ce92655b8642d260b2bdd4c5920d6b228eba18cb53b5e97fa411596f61fba85ad809f93d91cddff056a3ed252bb5070bc49aee3a03e2fd5102605

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O2ZZN7ZH\qsml[1].xml
      Filesize

      552B

      MD5

      4cc13a2e6f5a14792da01459e7c033b6

      SHA1

      6d65a6f60028d67cabe35e6a54b8dba92eeb9988

      SHA256

      db476c4959d0f176a620e7e4ea347c7e57d215fde1c022769958f5e7870ba928

      SHA512

      7aa15d11664a5b34bb65ec68b6ecce607eca81a980f4b1682d7f1068d4e5cdcfa111084fcff656d0c3a7a784d2ff35382b9120202db1a1e89af4d489f100f4c8

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O2ZZN7ZH\qsml[2].xml
      Filesize

      469B

      MD5

      84f36b3b3682255df03c3301ca1f1aab

      SHA1

      bf3b29b62b165009fa50cd92d8c451a0fce42eda

      SHA256

      06d6746b22b371158ba346ac25fc236a8c73e457857196e6624bb5ef4f372f2d

      SHA512

      372539b2fc3222a55eb19d31226ed68e59b3833948ac0aa42690a63450717da81165a0317424c8659d93921d8b14b045ce2de3d6f8169da1fbda18987d50a666

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O2ZZN7ZH\qsml[3].xml
      Filesize

      473B

      MD5

      91f19e8c33641613c0cf817ffae970b0

      SHA1

      c5dd473fac8c1547a46af44b0ea80ec3a33989b8

      SHA256

      d19d51113eda934f0aaff007ae221d0c19ec5a3726b463ce10e55ad8d15a4d5e

      SHA512

      25ae580b61c93d09338085714896ec9fb525955407998ef955f02e8602834a0d3f62f66b7957e26dba0fbfb64d35ad2db2408bb601977cbf9e7291bbdf54a1b6

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O2ZZN7ZH\qsml[4].xml
      Filesize

      472B

      MD5

      f5d9a942122e131b69f0601b1c99e327

      SHA1

      b32ba74f3f9c7c746f208e73524d60768ad66ed9

      SHA256

      9c16fe445d14fb817fc59321c32882d1b77a9dd3503b25ddf6d050db30d8963f

      SHA512

      ff5c422d337b0296422f016557fd00f1b6a8fdaa08acabc856521762e5e31f3d1ca2a1e04b880b08410360c879409cd03ae2894073a970db5e343662c9454ade

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O2ZZN7ZH\qsml[5].xml
      Filesize

      482B

      MD5

      2b6843ed828cb4123de7ef2da19982f9

      SHA1

      1ce9c3cf09e798be68be853f2b55b537de4e17ca

      SHA256

      ec152363e4d732262b25b2752c4b486ec5e695377bab5b02e51dd72c40446320

      SHA512

      9ecefa571ce538ac2a09050a56d536f724c5900b68aa342bbcf8426eff57e61dcebc4fb9e4beb5b5706a3a41af6084c1670b560ce7fe4a5cbb6497c7514e560c

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O2ZZN7ZH\qsml[6].xml
      Filesize

      508B

      MD5

      ff4ef206dfdd17407f265d3daad7ffe9

      SHA1

      05c730568db939afe6bec51e91e43469b229d21c

      SHA256

      caa2f1add66d87ee3914041543ecd4542a5c2b5766d6e95aef0ee573dbe1993f

      SHA512

      9ecbf99eaf33285a667d35291a4aca48a9fde0c488a5524c46edd80602957cd837d9747a126f993e20f2b2b06f6cb90997cf53bbe88b87d4606bacd6e2f09497

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O2ZZN7ZH\qsml[8].xml
      Filesize

      560B

      MD5

      5944cfd87ac280a89adb2cd3c377b3b6

      SHA1

      34de9ef7d5796506139dce3f90701c763e5315a8

      SHA256

      8d4572537fd764bdd569a5f7f3cf80b4864cb13f67898590aa1a6b27c1872c18

      SHA512

      207362b3f3da78352a94305c737fb893a8e8db35a3db27a2fd275a86bcde588f7fa19d55c98b6a83ad53593b9f26987d8063b747f577e35ae27b45a941554d80

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YTAV2Q1Z\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\XBK6RNPC.cookie
      Filesize

      101B

      MD5

      79fa7160d60b8f043d21bf9c75c66551

      SHA1

      c18f5e30eb9d08938c8933ba0912cc6f63fe222c

      SHA256

      894f69b522d3e056a03893d5613b3bc7376672b0d111a3d2f1f2e075c7ffa39c

      SHA512

      c82dfbf2747dfa60b9248697bc57b53d99490d2c6b420f6bc98749e5d643c5bb1dd64b0c93e98617797836d7fd04ee03f6359f9ff38db661c1a61ab4336482b2

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\XCDCGGIK.cookie
      Filesize

      535B

      MD5

      b7c72f9726d8e2ce0226ad2fb766a589

      SHA1

      f751ca1fe425c8445373bf52618f39f6c02e8f2b

      SHA256

      9a6c862fcbcf40424b8074adb08920753f06f3c5e5681d9dd300bef14c2781f6

      SHA512

      291dbb6b2acbc21e339f866c4410ddae037787f368ce7eee294e2f2a0576a34cd2f8da67955e015fcf6dab2cb9e9b3abf418f7817329da45b9c5e02bc1175b45

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\Y0JAAS7K.cookie
      Filesize

      515B

      MD5

      5a09ea92cdfd8609a24d8eea2160bad9

      SHA1

      a245970cd9fb1a6fad07723389b2eb2d07a5ba59

      SHA256

      121ffa05f7ceb8e17bcf237651f47d9eb384ea632bc8f8b6517b64f910e13bf9

      SHA512

      6e96b37fa59c6e445344d9e49fbba587a4300367d3ac8532702e4305fa24c57299c80f26ccf20419da736ec9f5cc0f6335ee75aa64487f80769cb6723db17d01

      Download Submit