24574706d373ea0de2e011ef33739ede79c43f9b4ebe94ad5db4169d8570cfe7

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ImageSee/ImageSee.exe
Size

1000KB
MD5

1a0d5ec13998674dd3fb0bd4a04e39e9
SHA1

42c1e0d77989f8da2d47e5fb8ff640bed2584f69
SHA256

048fc88d4a59f74a636a14e5676fb75f92496e29785bb195e16fbbcf49718831
SHA512

910611f50acc5a40ef098e2df6926b0c557e8c3c90efc94c22f59cdcb1c32a7ebc0d6862ad50362550094709ad5a502662c4af9ae3391bb3efff23105e6de741
SSDEEP

12288:jHk3TV3CJu/0JCHIUXcevHzTRu/hGO2aYZVFQrU7g2H2h+elLW5tcJGm:Lk3TV3CxFSvHHRqhG/D9B82k+eFW7c

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 32 IoCs

Processes:

ImageSee.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\.bmp\ = "ImageSee.Document"	ImageSee.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.psd	ImageSee.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.j2k	ImageSee.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.pmx	ImageSee.exe
Key created	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\.gif	ImageSee.exe
Key created	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\.tif	ImageSee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\.ico\ = "ImageSee.Document"	ImageSee.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.wmf\ = "ImageSee.Document"	ImageSee.exe
Key created	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\.raw	ImageSee.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tga	ImageSee.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ImageSee.Document	ImageSee.exe
Key created	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\.png	ImageSee.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cur\ = "ImageSee.Document"	ImageSee.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ImageSee.Document\shell	ImageSee.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.emf\ = "ImageSee.Document"	ImageSee.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ImageSee.Document\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\ImageSee\\ImageSee.exe\",0"	ImageSee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\.tif\ = "ImageSee.Document"	ImageSee.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.jp2	ImageSee.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dcx	ImageSee.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ImageSee.Document\DefaultIcon	ImageSee.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ImageSee.Document\shell\open	ImageSee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\.gif\ = "ImageSee.Document"	ImageSee.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.emf	ImageSee.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.wmf	ImageSee.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ImageSee.Document\shell\open\command	ImageSee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\.jpg\ = "ImageSee.Document"	ImageSee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\.png\ = "ImageSee.Document"	ImageSee.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.pcx	ImageSee.exe
Key created	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\.bmp	ImageSee.exe
Key created	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\.jpg	ImageSee.exe
Key created	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\.ico	ImageSee.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cur	ImageSee.exe

C:\Users\Admin\AppData\Local\Temp\ImageSee\ImageSee.exe
"C:\Users\Admin\AppData\Local\Temp\ImageSee\ImageSee.exe"
1⤵
- Modifies registry class
PID:2008

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ILIST-5DAD9C7F.tmp
Filesize
256KB

MD5
42d78fe9410cf629f88b62f49a7f2d13

SHA1
254807f905d9971ef72730f6f01ab67a3f35323f

SHA256
377cd67cdc6eec5899444b59bb9f0f631bade9714024a2f12e3848f96397a358

SHA512
c5a481d92920d3c6f14e014caace80d4f809b1e6acd4b1dc595a48a387d646e98a174387104677a30e83b80b3e706f468dc6698bc9e8cf81b62384ef4f789bc5

Download Submit
memory/2008-0-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download
memory/2008-3-0x0000000000400000-0x00000000006C6000-memory.dmp

Filesize
2.8MB

Download
memory/2008-8-0x0000000000400000-0x00000000006C6000-memory.dmp

Filesize
2.8MB

Download
memory/2008-9-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download
memory/2008-14-0x0000000000400000-0x00000000006C6000-memory.dmp

Filesize
2.8MB

Download
memory/2008-19-0x0000000000400000-0x00000000006C6000-memory.dmp

Filesize
2.8MB

Download
memory/2008-22-0x0000000000400000-0x00000000006C6000-memory.dmp

Filesize
2.8MB

Download
memory/2008-31-0x0000000000400000-0x00000000006C6000-memory.dmp

Filesize
2.8MB

Download
memory/2008-37-0x0000000000400000-0x00000000006C6000-memory.dmp

Filesize
2.8MB

Download