21df242a377d7ddea14251178bb29a2300c8535eac6bdde541f910f709472223

Resubmissions

09/07/2024, 23:29

240709-3gzgzasejn 10

09/07/2024, 23:27

240709-3fsysssdmp 3

09/07/2024, 14:14

240709-rj642sxfqk 10

Analysis

max time kernel
70s
max time network
27s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 23:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fffddsfdsgfd.png
Size

82KB
MD5

d586f6d0e6532c1e30c420f7167856bd
SHA1

2b3cd081d870b29df1f6249f3f50d890321bb983
SHA256

21df242a377d7ddea14251178bb29a2300c8535eac6bdde541f910f709472223
SHA512

3f3dc9059bc45b0ff79ac586a8440a87879168ea5ba8f5d07279e99a072656a15ec6d4b7037dfdd3a1faafc087c982116085a902e057b064fef908098888bf5f
SSDEEP

1536:hpk3C1qszuBnQbxe/xRgGbFBH4dCOPEtp7VpRKYlkUTZMdFsiHyfc0Nz196:A3ASBQbxsfg8Fh4dC4WpXRV1ZiSkS96

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3028	rundll32.exe
3028	rundll32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3028	rundll32.exe
3028	rundll32.exe
3028	rundll32.exe
3028	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\fffddsfdsgfd.png
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3028

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\ApproveCompare.TTS

Filesize
558KB

MD5
7b126bcf5af303c5d90d308c6516b109

SHA1
4e22fbf29b740bb8726e0af8aaff7815d6aad651

SHA256
0afe2a3b1b3fe197379aa7e3281aaa0fe1bc78d580f6e003ba75826b7b041475

SHA512
1abe6f2536426915c851db0a9c95ab073c2d88d7c4beaf34fef0b6725fd6417c1282843845ffa09dacefd690b6460db9e78bd69d92ceed4255b1448578427e69

Download Submit
C:\Program Files\AssertProtect.rle

Filesize
964KB

MD5
45c5e7d6db56df3147df6f6dd81725e1

SHA1
dd6775fb16cf5aa5f3a057cc911a22dc4764d90b

SHA256
72191db68835cb55481fe4c5dc6238951faaca5d89b357e2f6e3101a279f03b9

SHA512
9f3b08e01afa70ab58ad25c80098f1b513da0b36f39d6178f5654b0f57b4cdb84b22a5219ddfd9744a5cb2bc52668a57b3194b15ed098e768d7c9c6efef50c0a

Download Submit
C:\Program Files\ConnectStop.otf

Filesize
1.4MB

MD5
fc63131adde75b16b6dc2996f7e8a56d

SHA1
6dde691b7ed37bea1ed381e20254687112d88dd4

SHA256
d9bf04c45a7e41205b699adec7a5faa587cdcf5a560e021b46e55608affb0746

SHA512
8fd00b370437fccee977c08ea517a3da488f7c3259fb3d6326912e3b72f77bad43a70f3526beb01f266dd7bc943bf7fee0524d8befbe09cf4d343608ea35ac16

Download Submit
C:\Program Files\LockStep.WTV

Filesize
761KB

MD5
ce2424d4fe2fa1a517be1f8aa05b8eb3

SHA1
934d04a709178e5d9113f8edb2786926fce83258

SHA256
9080cbfd131e35d33055a7615b51560713597e8d19854bd2578e8fabdb980736

SHA512
280983ae7e31c80ed0c0a61faabd28273a2191099d2995299803295721c51cf9fec9be9c17cb9e99647407860c75989adb2f48853403387643d4c0a7ed078c70

Download Submit
C:\Program Files\MoveDebug.asp

Filesize
863KB

MD5
ce1c120e584351478754f8a7d218e252

SHA1
a85d45ddc58c1a890bed7bef962e4c057fa1669e

SHA256
8595ee7767c192b9e11706f84f84ab7c331247c85de247862aec7ff8a77c2bfa

SHA512
5bf31d1408c64afad89415c5097f1bfbb212611054bb979a0e8bcb1e2df57d57027f7e5e6ad93d9e71d0cdbc0ac5330f06f9190c6856218fbef0e5654d0c9232

Download Submit
C:\Program Files\RedoDisconnect.ocx

Filesize
2.1MB

MD5
d0d82e678d72dbe48c0067875ce50942

SHA1
a0b81b56cba3c0d9eda40700e9da61971f656b42

SHA256
90efc6d37fcffe939c52b3c96e43c58fa1435be03a94296e0e27af7c1a768ad3

SHA512
2a387d87b474f98de7a2eb537956297f56e037a9d49ee910ad00fd4db721797efde34367ddd13470a9dafce11049dbabd5a0593de0e1c7c95304c6f068e3e005

Download Submit
C:\Program Files\RepairRemove.MTS

Filesize
1.1MB

MD5
4126330103b742bad23a174c490a8387

SHA1
d36235bd511e9832ae4842b2ebe9252253e845bc

SHA256
1dba401b424eda71362bfba18c3b34014f61aa292e14c95ba73d3396e49b6422

SHA512
f87b760601aa48cd9dc600746eb9d74cbb8bfa0722e9df2909f53e21c191161493310017f15cc5e5cb5ad882fd7524abb8d85975abffb97324e5fa3613dc4da9

Download Submit
C:\Program Files\RequestPush.gif

Filesize
1.3MB

MD5
dc08241b9b6595c2515c58faee45294a

SHA1
5de7dcac7a7d10b8eaa4485d22163155cd496259

SHA256
9d0254de4989861e6015338883b185e224afdb21010c717d3dd83968bffbacd7

SHA512
19bba39124d3399eafa3d7d0f2c25f29d03a29cdd11b9b4ae4ceda4bdfa6f315bec6cfbce21ab1273be9d0de17866d1f94ec16035aed4de8ffa31966576d521c

Download Submit
C:\Program Files\UndoBlock.xltx

Filesize
1.2MB

MD5
d0cf6c8f7abea40aa1c4365f746f5d21

SHA1
fd317e77644ba98fa9475abe64be787b27d9b7d0

SHA256
fd2c27fb93d6a92a33de7720819a46e000f530e807145fe869a2c39c7a4f9647

SHA512
0a89958a48ec6b39d22681d9af33659789864280a52156acc3638905421e4051c1e1212499fd4f2b843b1c76e5c478eb95d8a6cb422381859e949e06e1d85f58

Download Submit
C:\Program Files\UnregisterUninstall.3g2

Filesize
660KB

MD5
a5a7f1ed3d62c3b81d8b21d80097ba8b

SHA1
a7f95ebad29aef0968a866c42e896865e2d94e83

SHA256
931e1acfc0e34b32c900ba7c0ca0b15b9a20494008c0d5d322b7edd7fefe7f5a

SHA512
6a0daeb5ef0b4cab58ef427c12a20ba7f8d83a360e6a4098422989e8010c7527685571a423bf4061f741bc7b46f302dc163ec4dcfee79220c0f8790ef280f82f

Download Submit
C:\Program Files\WatchTrace.xml

Filesize
1.0MB

MD5
82bf1de5cea815efc23258378102c93e

SHA1
080850686c16ef90bf1151e1d6ec9b0d98f75fc2

SHA256
b1bb7a52950f8352a2ea80d9d0684f25d98cbb6fa164abe61aeea5b10c4a27a3

SHA512
e8b2d9d6c2b534df84b373b92677b19e2b6d6218ffd3eb6f96c6911cc27275787b935cf2e4dc0c1075a0063c677f4502d41975bdfeb9cec038b71feb7f67ebc6

Download Submit
C:\vcredist2010_x64.log-MSI_vc_red.msi.txt

Filesize
362KB

MD5
17060447a369b9c6e961df5a37784745

SHA1
74e64c95ea8a34d9b730a3bc82ab91cd4e70682a

SHA256
761f7b932d43d4413ed7e0e23e6f9db85b01d5f48fd4c7f96ada15af96ce9dde

SHA512
1d2c512c17b4248485305a0f6cabaafe143a475457ec0368a20531b018a22613227365d658ab4b0b19c8743dc2b079c9c8610db80419c784384c066258f80ceb

Download Submit
C:\vcredist2010_x64.log.html

Filesize
85KB

MD5
79a7ae3bea1793909ea2b3d838bff42d

SHA1
4ffed542b8e8d56ef19849001fa77c8d4a56685d

SHA256
fb09e924d39f542604cd08e279ae8603c9f9dbd08e9222d26fb032c0739a93f2

SHA512
e118c97b181bf0d237e3b04db2e7bf92ce985adc7271834a3f518e0855135212f0e17aef99de7eab93ef58a9a87c8b392640abdaef450710b98748b75239a1ed

Download Submit
C:\vcredist2010_x86.log-MSI_vc_red.msi.txt

Filesize
379KB

MD5
cf9e1b5835601278abe64bb993dcbdce

SHA1
b8a818879ac9b96121c41e2a713ec38facf9dd56

SHA256
41d728ed719a8738c3ba78ec78fdcf311cca1a5f44bb0c6e534fc0272326e9c6

SHA512
647adbaa495602f9d3db95cf65c322bb39b3249dd6d3c60599f9f52d3b3a23c4b63ce0998fb4e888653ea0bcb827f5bd1de58f06bcbf00c08941a14f220aa03d

Download Submit
C:\vcredist2010_x86.log.html

Filesize
81KB

MD5
e8969a1b0e8bf9e5bf557e006da7e9df

SHA1
83dfbb72dfb1fa3f458cff2df107fb37e44180df

SHA256
81f7b0eb873b1656c5a7c93cf7018c96cc5752fbc27e4a93205251a47bf274f9

SHA512
caebfe3fd31c43cfe57221db7a86005e30a5961a628ac39a1a11ac95cb4ef596bb3c8a5798e6f08df5c54abece4dd22cb3eadb102b3fcf84fe8f2e78ad70bbfb

Download Submit
C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log

Filesize
165KB

MD5
94218825702b3a5ae7997f4c60e88b07

SHA1
fd112e1db02469c09aff471cc15dc2b71cf5fd4d

SHA256
e40d41b1d86933cb65e86c9c6e86a629ef2a91056869d73496345c756be8f2cc

SHA512
bb8d2ac1ff2e9160baed71ec585a1867c11e397e98ddb551b7305a26a2ede69da378219ee3eb5c14d3dfbd989fa78b8f85b129e54fdbc7b93dcc083093838825

Download Submit
C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log

Filesize
193KB

MD5
2adf1208d52b2c7993d161242bcf3181

SHA1
a591bc887ffa5e40ba6c101e0e7577b80b157181

SHA256
1a5c1b5254238be5efbe7a3f8dc82894c4946cb3e8126ef502b6188c64e51565

SHA512
70495b8d079586bd68a974eed5a883bf8f97689805634d3842a70b88c4b42e24b6dd7a6dde2bfacab08048654fcb952b457e11132367a4af79aece32ef6869a4

Download Submit
C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log

Filesize
168KB

MD5
9c45ef7d5b292cdfe61a74b64f7bc0a1

SHA1
74600e67cd715a0d37bb077a27785553aa16b2c2

SHA256
588fbc71d3cfbb24ec08dc571a8a4cf386ebbb9586654d13ed03687df733503a

SHA512
db55cb72be3d0a17237a9fe1f717a8da664fe3e59bd815db98e49d4298fa51ed2daf53d0e7957d8853c770c74707d0ee2055ff7b9963061b9b34c30ccba06465

Download Submit
C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log

Filesize
206KB

MD5
83bbcfbef155b1173175cf342b403990

SHA1
d592edff0e0c4bcf538a844132c1162472391675

SHA256
4f081c6dc5c89e45cf77ce24d42c888edda510db0faaa12ce5620f65f6b80e69

SHA512
175c775ee4bd58d68569dc01c89ade1fb2a71be64539bf92f873154c6e33000ca2975e51dbe21b34f2286487dfceda7a365170f834143fa7251b4d4600df7d61

Download Submit
C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log

Filesize
167KB

MD5
f4c63d043c14d7da9e24ef753c8ba563

SHA1
d025b65098d2ac567b352de66dc07734c6dca1ea

SHA256
c823f5b7b3b7203de4ba99c8b6937a5121863c7ad8ae01ea5106def90971fca4

SHA512
9a438f2789e944bec69cf67a9bf5c73e5107627d87ed06e0ae2526457a817cfaa505b8be9b3d6e86fccb7d261e5e26d19bb60412c75cd4c6dc2f1e46232c3466

Download Submit
C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log

Filesize
188KB

MD5
82b1f48074ba6a43eb347e05b82b886f

SHA1
6bc1ad1a6ec518d5a4cdfa724eea1d7142efd0ac

SHA256
e1b0a98b937692cad2ace55b6b3dd84ff52d43de3cc4041b78d4762f4f35c705

SHA512
13d4a3d15b6acc0b5bd61c38a82a94e2df5ffa3bd51e75e0ca32b45dab629384d4fd6412b4bde8b29c02314f12578f822c3c1fb0c36c5837b9f158ee0cd2aeb6

Download Submit
C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log

Filesize
168KB

MD5
3a2deb4c8316b2460e244d6b2503e1dc

SHA1
ffdef8e601aa72377dfe2841565cffaff740073c

SHA256
fc2df9f481d01d246a8c16479281dd0eebd111e1c519a41bb0d4f98c4cfd6215

SHA512
55ff072e3b262614ebf79f97485ffac3acb32b3bd375a77f1e5f4248eaf478665fd5e290c6825d9b8fbb5fdd8e57b1995d6030d6c3597862a338770bbc027cff

Download Submit
C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log

Filesize
196KB

MD5
d55e8c505055e5e26515eb92a948121b

SHA1
1f893414d4e107506aa1593900cb26b1333b9058

SHA256
8110940bcf8785a1d24e670c90da6065a62e922f01e9ddacda54b77fc6df2e54

SHA512
8cb4da9d96af93515793ea3ba56895d9ba2d73e2224cdf69be3c70394fcc7c65b4afccad7b199ad6ebb73708eb112915dab06ebd24c3b98172a3654549017a20

Download Submit
C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log

Filesize
120KB

MD5
8238e6f6818022f17eacae76898bc654

SHA1
137ec18cbb915d89293a881cb138389855d9bf91

SHA256
d5c76b225a955cb4633668775eb5d87b9139e1e38b04559d9740a48beea7a049

SHA512
159392f96f4bde2a3dc2f041a5afe1ee9d622ee012451cd7ae64643daace80db218c885b0879970d125dedb90cc7a5a650f5a6757761e6e2dbb74a145fbef222

Download Submit
C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log

Filesize
127KB

MD5
cd1a04839e7055f3ed345507adc014d1

SHA1
40f1e53cb8887b9082c18bbf12cb5daf250094ef

SHA256
b50158482ba15923ac527e18aecc4768a7127a59d352e9664250a352a52a3a30

SHA512
b38b3ead00a9fe7e8bb3ac34b357eaa49738a29ce2af7f10bdb413ac81bddc17373d7395fe66471aebf928ae6d2e7506acb0a9eeb251595bef026f1841f0f554

Download Submit
C:\vcredist2022_x86_001_vcRuntimeMinimum_x86.log

Filesize
121KB

MD5
37e1b9b12dc91eaba0c0a652e7d503a8

SHA1
7db90234267e28e37c35505a49ebde0210e95965

SHA256
cb899b82d6ff35465d8c6b6d0e96f353c7ba24633e7304618161ada32dbabfdc

SHA512
227a26270d1a8b98d4f4b7311757127a7b663dfd8176d6f3b3c960bc5835cd09d0e577116ff6e6cbba36e2e601e419f6ba2870956f6e1520028a76f604b63745

Download Submit
C:\vcredist2022_x86_002_vcRuntimeAdditional_x86.log

Filesize
133KB

MD5
cf698045c3c890f9d06c5a58a90d3cff

SHA1
2f9ef72355c18e678427cb70a0071a8b017e85e7

SHA256
04ada0e0f4d0c9ec2f6118e833fe79e01872eb2fd4cc37a7c46d735a450e0a47

SHA512
3188716c878c1ea8a6afd66e7050c9f83bc4338e1d7a98b2c5c73da252883c65001e3e91c494afe829848078ef52091170664bdbbf1e5c50bd05f76f2b20a958

Download Submit
memory/3028-0-0x0000000001ED0000-0x0000000001ED1000-memory.dmp

Filesize
4KB

Download