Overview

overview

7

Static

static

3

Lightshot.exe

windows7-x64

7

Lightshot.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    28/05/2024, 19:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Lightshot.exe

  • Size

    992KB

  • MD5

    75487d0431f23da08b97052b35014847

  • SHA1

    c838f758230aa00cada78e5a235b0db2f955b389

  • SHA256

    f7af5cb387ff872f28afcaaf5418bd08f08bee449c56c73076a64adc9e3cfb6d

  • SHA512

    2dbd073fba7e692555576c437c56a0c9d8a5a0d569ad9aa12d482343ec790f9a30462829520fd8fe61c4c0276c2ac13920ea21db9a32bbfad601549b0fe665f5

  • SSDEEP

    24576:tQiJIagjq7VdaWDW3uystwK4XnlmzQC0QwM2ipz4fxIczELVMEr:t9nguPleTnFM50QNeDor

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Lightshot.exe
    "C:\Users\Admin\AppData\Local\Temp\Lightshot.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:824
    • C:\Users\Admin\AppData\Local\Temp\is-JQFJA.tmp\Lightshot.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-JQFJA.tmp\Lightshot.tmp" /SL5="$40026,735229,81408,C:\Users\Admin\AppData\Local\Temp\Lightshot.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\is-JQFJA.tmp\Lightshot.tmp
    Filesize

    714KB

    MD5

    793dc281be8b2e358474422f418a07ae

    SHA1

    1ebd072e51122e1c0bfdadff83d738b44e7fdbb4

    SHA256

    28641e7bce2974e244d53da10d26924e8cdf9a689b0fe8914cf9c51e27be35d4

    SHA512

    b5e8997cf7d4dde9dd414c6fe99edaa6c178675193ea500f6f3264490666b82da4995787f4605fa8371d2e7ce157c01fd412ead186bc74cf2ac7e699990e7943

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-RCED7.tmp\_isetup\_shfoldr.dll
    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

    Download Submit

  • memory/824-0-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/824-2-0x0000000000401000-0x000000000040B000-memory.dmp

    Filesize

    40KB

    Download

  • memory/824-15-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2308-8-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download

  • memory/2308-16-0x0000000000400000-0x00000000004C2000-memory.dmp

    Filesize

    776KB

    Download