Analysis
-
max time kernel
141s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
20-04-2024 01:13
Behavioral task
behavioral1
Sample
ImageSee/ImageSee.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ImageSee/ImageSee.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
ImageSee/新云软件.url
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
ImageSee/新云软件.url
Resource
win10v2004-20240412-en
General
-
Target
ImageSee/ImageSee.exe
-
Size
1000KB
-
MD5
1a0d5ec13998674dd3fb0bd4a04e39e9
-
SHA1
42c1e0d77989f8da2d47e5fb8ff640bed2584f69
-
SHA256
048fc88d4a59f74a636a14e5676fb75f92496e29785bb195e16fbbcf49718831
-
SHA512
910611f50acc5a40ef098e2df6926b0c557e8c3c90efc94c22f59cdcb1c32a7ebc0d6862ad50362550094709ad5a502662c4af9ae3391bb3efff23105e6de741
-
SSDEEP
12288:jHk3TV3CJu/0JCHIUXcevHzTRu/hGO2aYZVFQrU7g2H2h+elLW5tcJGm:Lk3TV3CxFSvHHRqhG/D9B82k+eFW7c
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 32 IoCs
Processes:
ImageSee.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.bmp\ = "ImageSee.Document" ImageSee.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.tif\ = "ImageSee.Document" ImageSee.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.jp2 ImageSee.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.ico ImageSee.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.cur\ = "ImageSee.Document" ImageSee.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.emf\ = "ImageSee.Document" ImageSee.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.jpg ImageSee.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.png ImageSee.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.png\ = "ImageSee.Document" ImageSee.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.wmf\ = "ImageSee.Document" ImageSee.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.raw ImageSee.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ImageSee.Document\shell\open\command ImageSee.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ImageSee.Document\shell\open ImageSee.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pcx ImageSee.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.wmf ImageSee.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ImageSee.Document\DefaultIcon ImageSee.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.jpg\ = "ImageSee.Document" ImageSee.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tif ImageSee.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.psd ImageSee.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pmx ImageSee.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.gif\ = "ImageSee.Document" ImageSee.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ImageSee.Document ImageSee.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ImageSee.Document\shell ImageSee.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.ico\ = "ImageSee.Document" ImageSee.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.j2k ImageSee.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.gif ImageSee.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.cur ImageSee.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.dcx ImageSee.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.bmp ImageSee.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.emf ImageSee.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tga ImageSee.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ImageSee.Document\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\ImageSee\\ImageSee.exe\",0" ImageSee.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2804-0-0x00000000002B0000-0x00000000002B1000-memory.dmpFilesize
4KB
-
memory/2804-1-0x0000000000400000-0x00000000006C6000-memory.dmpFilesize
2.8MB
-
memory/2804-3-0x00000000002B0000-0x00000000002B1000-memory.dmpFilesize
4KB
-
memory/2804-8-0x0000000000400000-0x00000000006C6000-memory.dmpFilesize
2.8MB