Overview

overview

3

Static

static

1

fffddsfdsgfd.png

windows7-x64

3

fffddsfdsgfd.png

windows10-2004-x64

3

Resubmissions

09-07-2024 23:29

240709-3gzgzasejn 10

09-07-2024 23:27

240709-3fsysssdmp 3

09-07-2024 14:14

240709-rj642sxfqk 10

Analysis

  • max time kernel
    70s
  • max time network
    27s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09-07-2024 23:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fffddsfdsgfd.png

  • Size

    82KB

  • MD5

    d586f6d0e6532c1e30c420f7167856bd

  • SHA1

    2b3cd081d870b29df1f6249f3f50d890321bb983

  • SHA256

    21df242a377d7ddea14251178bb29a2300c8535eac6bdde541f910f709472223

  • SHA512

    3f3dc9059bc45b0ff79ac586a8440a87879168ea5ba8f5d07279e99a072656a15ec6d4b7037dfdd3a1faafc087c982116085a902e057b064fef908098888bf5f

  • SSDEEP

    1536:hpk3C1qszuBnQbxe/xRgGbFBH4dCOPEtp7VpRKYlkUTZMdFsiHyfc0Nz196:A3ASBQbxsfg8Fh4dC4WpXRV1ZiSkS96

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\fffddsfdsgfd.png
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:3028
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2736

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\PerfLogs
      MD5

      d41d8cd98f00b204e9800998ecf8427e

      SHA1

      da39a3ee5e6b4b0d3255bfef95601890afd80709

      SHA256

      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      SHA512

      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

      Download Submit

    • C:\Program Files\ApproveCompare.TTS
      Filesize

      558KB

      MD5

      7b126bcf5af303c5d90d308c6516b109

      SHA1

      4e22fbf29b740bb8726e0af8aaff7815d6aad651

      SHA256

      0afe2a3b1b3fe197379aa7e3281aaa0fe1bc78d580f6e003ba75826b7b041475

      SHA512

      1abe6f2536426915c851db0a9c95ab073c2d88d7c4beaf34fef0b6725fd6417c1282843845ffa09dacefd690b6460db9e78bd69d92ceed4255b1448578427e69

      Download Submit

    • C:\Program Files\AssertProtect.rle
      Filesize

      964KB

      MD5

      45c5e7d6db56df3147df6f6dd81725e1

      SHA1

      dd6775fb16cf5aa5f3a057cc911a22dc4764d90b

      SHA256

      72191db68835cb55481fe4c5dc6238951faaca5d89b357e2f6e3101a279f03b9

      SHA512

      9f3b08e01afa70ab58ad25c80098f1b513da0b36f39d6178f5654b0f57b4cdb84b22a5219ddfd9744a5cb2bc52668a57b3194b15ed098e768d7c9c6efef50c0a

      Download Submit

    • C:\Program Files\ConnectStop.otf
      Filesize

      1.4MB

      MD5

      fc63131adde75b16b6dc2996f7e8a56d

      SHA1

      6dde691b7ed37bea1ed381e20254687112d88dd4

      SHA256

      d9bf04c45a7e41205b699adec7a5faa587cdcf5a560e021b46e55608affb0746

      SHA512

      8fd00b370437fccee977c08ea517a3da488f7c3259fb3d6326912e3b72f77bad43a70f3526beb01f266dd7bc943bf7fee0524d8befbe09cf4d343608ea35ac16

      Download Submit

    • C:\Program Files\LockStep.WTV
      Filesize

      761KB

      MD5

      ce2424d4fe2fa1a517be1f8aa05b8eb3

      SHA1

      934d04a709178e5d9113f8edb2786926fce83258

      SHA256

      9080cbfd131e35d33055a7615b51560713597e8d19854bd2578e8fabdb980736

      SHA512

      280983ae7e31c80ed0c0a61faabd28273a2191099d2995299803295721c51cf9fec9be9c17cb9e99647407860c75989adb2f48853403387643d4c0a7ed078c70

      Download Submit

    • C:\Program Files\MoveDebug.asp
      Filesize

      863KB

      MD5

      ce1c120e584351478754f8a7d218e252

      SHA1

      a85d45ddc58c1a890bed7bef962e4c057fa1669e

      SHA256

      8595ee7767c192b9e11706f84f84ab7c331247c85de247862aec7ff8a77c2bfa

      SHA512

      5bf31d1408c64afad89415c5097f1bfbb212611054bb979a0e8bcb1e2df57d57027f7e5e6ad93d9e71d0cdbc0ac5330f06f9190c6856218fbef0e5654d0c9232

      Download Submit

    • C:\Program Files\RedoDisconnect.ocx
      Filesize

      2.1MB

      MD5

      d0d82e678d72dbe48c0067875ce50942

      SHA1

      a0b81b56cba3c0d9eda40700e9da61971f656b42

      SHA256

      90efc6d37fcffe939c52b3c96e43c58fa1435be03a94296e0e27af7c1a768ad3

      SHA512

      2a387d87b474f98de7a2eb537956297f56e037a9d49ee910ad00fd4db721797efde34367ddd13470a9dafce11049dbabd5a0593de0e1c7c95304c6f068e3e005

      Download Submit

    • C:\Program Files\RepairRemove.MTS
      Filesize

      1.1MB

      MD5

      4126330103b742bad23a174c490a8387

      SHA1

      d36235bd511e9832ae4842b2ebe9252253e845bc

      SHA256

      1dba401b424eda71362bfba18c3b34014f61aa292e14c95ba73d3396e49b6422

      SHA512

      f87b760601aa48cd9dc600746eb9d74cbb8bfa0722e9df2909f53e21c191161493310017f15cc5e5cb5ad882fd7524abb8d85975abffb97324e5fa3613dc4da9

      Download Submit

    • C:\Program Files\RequestPush.gif
      Filesize

      1.3MB

      MD5

      dc08241b9b6595c2515c58faee45294a

      SHA1

      5de7dcac7a7d10b8eaa4485d22163155cd496259

      SHA256

      9d0254de4989861e6015338883b185e224afdb21010c717d3dd83968bffbacd7

      SHA512

      19bba39124d3399eafa3d7d0f2c25f29d03a29cdd11b9b4ae4ceda4bdfa6f315bec6cfbce21ab1273be9d0de17866d1f94ec16035aed4de8ffa31966576d521c

      Download Submit

    • C:\Program Files\UndoBlock.xltx
      Filesize

      1.2MB

      MD5

      d0cf6c8f7abea40aa1c4365f746f5d21

      SHA1

      fd317e77644ba98fa9475abe64be787b27d9b7d0

      SHA256

      fd2c27fb93d6a92a33de7720819a46e000f530e807145fe869a2c39c7a4f9647

      SHA512

      0a89958a48ec6b39d22681d9af33659789864280a52156acc3638905421e4051c1e1212499fd4f2b843b1c76e5c478eb95d8a6cb422381859e949e06e1d85f58

      Download Submit

    • C:\Program Files\UnregisterUninstall.3g2
      Filesize

      660KB

      MD5

      a5a7f1ed3d62c3b81d8b21d80097ba8b

      SHA1

      a7f95ebad29aef0968a866c42e896865e2d94e83

      SHA256

      931e1acfc0e34b32c900ba7c0ca0b15b9a20494008c0d5d322b7edd7fefe7f5a

      SHA512

      6a0daeb5ef0b4cab58ef427c12a20ba7f8d83a360e6a4098422989e8010c7527685571a423bf4061f741bc7b46f302dc163ec4dcfee79220c0f8790ef280f82f

      Download Submit

    • C:\Program Files\WatchTrace.xml
      Filesize

      1.0MB

      MD5

      82bf1de5cea815efc23258378102c93e

      SHA1

      080850686c16ef90bf1151e1d6ec9b0d98f75fc2

      SHA256

      b1bb7a52950f8352a2ea80d9d0684f25d98cbb6fa164abe61aeea5b10c4a27a3

      SHA512

      e8b2d9d6c2b534df84b373b92677b19e2b6d6218ffd3eb6f96c6911cc27275787b935cf2e4dc0c1075a0063c677f4502d41975bdfeb9cec038b71feb7f67ebc6

      Download Submit

    • C:\vcredist2010_x64.log-MSI_vc_red.msi.txt
      Filesize

      362KB

      MD5

      17060447a369b9c6e961df5a37784745

      SHA1

      74e64c95ea8a34d9b730a3bc82ab91cd4e70682a

      SHA256

      761f7b932d43d4413ed7e0e23e6f9db85b01d5f48fd4c7f96ada15af96ce9dde

      SHA512

      1d2c512c17b4248485305a0f6cabaafe143a475457ec0368a20531b018a22613227365d658ab4b0b19c8743dc2b079c9c8610db80419c784384c066258f80ceb

      Download Submit

    • C:\vcredist2010_x64.log.html
      Filesize

      85KB

      MD5

      79a7ae3bea1793909ea2b3d838bff42d

      SHA1

      4ffed542b8e8d56ef19849001fa77c8d4a56685d

      SHA256

      fb09e924d39f542604cd08e279ae8603c9f9dbd08e9222d26fb032c0739a93f2

      SHA512

      e118c97b181bf0d237e3b04db2e7bf92ce985adc7271834a3f518e0855135212f0e17aef99de7eab93ef58a9a87c8b392640abdaef450710b98748b75239a1ed

      Download Submit

    • C:\vcredist2010_x86.log-MSI_vc_red.msi.txt
      Filesize

      379KB

      MD5

      cf9e1b5835601278abe64bb993dcbdce

      SHA1

      b8a818879ac9b96121c41e2a713ec38facf9dd56

      SHA256

      41d728ed719a8738c3ba78ec78fdcf311cca1a5f44bb0c6e534fc0272326e9c6

      SHA512

      647adbaa495602f9d3db95cf65c322bb39b3249dd6d3c60599f9f52d3b3a23c4b63ce0998fb4e888653ea0bcb827f5bd1de58f06bcbf00c08941a14f220aa03d

      Download Submit

    • C:\vcredist2010_x86.log.html
      Filesize

      81KB

      MD5

      e8969a1b0e8bf9e5bf557e006da7e9df

      SHA1

      83dfbb72dfb1fa3f458cff2df107fb37e44180df

      SHA256

      81f7b0eb873b1656c5a7c93cf7018c96cc5752fbc27e4a93205251a47bf274f9

      SHA512

      caebfe3fd31c43cfe57221db7a86005e30a5961a628ac39a1a11ac95cb4ef596bb3c8a5798e6f08df5c54abece4dd22cb3eadb102b3fcf84fe8f2e78ad70bbfb

      Download Submit

    • C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log
      Filesize

      165KB

      MD5

      94218825702b3a5ae7997f4c60e88b07

      SHA1

      fd112e1db02469c09aff471cc15dc2b71cf5fd4d

      SHA256

      e40d41b1d86933cb65e86c9c6e86a629ef2a91056869d73496345c756be8f2cc

      SHA512

      bb8d2ac1ff2e9160baed71ec585a1867c11e397e98ddb551b7305a26a2ede69da378219ee3eb5c14d3dfbd989fa78b8f85b129e54fdbc7b93dcc083093838825

      Download Submit

    • C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log
      Filesize

      193KB

      MD5

      2adf1208d52b2c7993d161242bcf3181

      SHA1

      a591bc887ffa5e40ba6c101e0e7577b80b157181

      SHA256

      1a5c1b5254238be5efbe7a3f8dc82894c4946cb3e8126ef502b6188c64e51565

      SHA512

      70495b8d079586bd68a974eed5a883bf8f97689805634d3842a70b88c4b42e24b6dd7a6dde2bfacab08048654fcb952b457e11132367a4af79aece32ef6869a4

      Download Submit

    • C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log
      Filesize

      168KB

      MD5

      9c45ef7d5b292cdfe61a74b64f7bc0a1

      SHA1

      74600e67cd715a0d37bb077a27785553aa16b2c2

      SHA256

      588fbc71d3cfbb24ec08dc571a8a4cf386ebbb9586654d13ed03687df733503a

      SHA512

      db55cb72be3d0a17237a9fe1f717a8da664fe3e59bd815db98e49d4298fa51ed2daf53d0e7957d8853c770c74707d0ee2055ff7b9963061b9b34c30ccba06465

      Download Submit

    • C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log
      Filesize

      206KB

      MD5

      83bbcfbef155b1173175cf342b403990

      SHA1

      d592edff0e0c4bcf538a844132c1162472391675

      SHA256

      4f081c6dc5c89e45cf77ce24d42c888edda510db0faaa12ce5620f65f6b80e69

      SHA512

      175c775ee4bd58d68569dc01c89ade1fb2a71be64539bf92f873154c6e33000ca2975e51dbe21b34f2286487dfceda7a365170f834143fa7251b4d4600df7d61

      Download Submit

    • C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log
      Filesize

      167KB

      MD5

      f4c63d043c14d7da9e24ef753c8ba563

      SHA1

      d025b65098d2ac567b352de66dc07734c6dca1ea

      SHA256

      c823f5b7b3b7203de4ba99c8b6937a5121863c7ad8ae01ea5106def90971fca4

      SHA512

      9a438f2789e944bec69cf67a9bf5c73e5107627d87ed06e0ae2526457a817cfaa505b8be9b3d6e86fccb7d261e5e26d19bb60412c75cd4c6dc2f1e46232c3466

      Download Submit

    • C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log
      Filesize

      188KB

      MD5

      82b1f48074ba6a43eb347e05b82b886f

      SHA1

      6bc1ad1a6ec518d5a4cdfa724eea1d7142efd0ac

      SHA256

      e1b0a98b937692cad2ace55b6b3dd84ff52d43de3cc4041b78d4762f4f35c705

      SHA512

      13d4a3d15b6acc0b5bd61c38a82a94e2df5ffa3bd51e75e0ca32b45dab629384d4fd6412b4bde8b29c02314f12578f822c3c1fb0c36c5837b9f158ee0cd2aeb6

      Download Submit

    • C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log
      Filesize

      168KB

      MD5

      3a2deb4c8316b2460e244d6b2503e1dc

      SHA1

      ffdef8e601aa72377dfe2841565cffaff740073c

      SHA256

      fc2df9f481d01d246a8c16479281dd0eebd111e1c519a41bb0d4f98c4cfd6215

      SHA512

      55ff072e3b262614ebf79f97485ffac3acb32b3bd375a77f1e5f4248eaf478665fd5e290c6825d9b8fbb5fdd8e57b1995d6030d6c3597862a338770bbc027cff

      Download Submit

    • C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log
      Filesize

      196KB

      MD5

      d55e8c505055e5e26515eb92a948121b

      SHA1

      1f893414d4e107506aa1593900cb26b1333b9058

      SHA256

      8110940bcf8785a1d24e670c90da6065a62e922f01e9ddacda54b77fc6df2e54

      SHA512

      8cb4da9d96af93515793ea3ba56895d9ba2d73e2224cdf69be3c70394fcc7c65b4afccad7b199ad6ebb73708eb112915dab06ebd24c3b98172a3654549017a20

      Download Submit

    • C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log
      Filesize

      120KB

      MD5

      8238e6f6818022f17eacae76898bc654

      SHA1

      137ec18cbb915d89293a881cb138389855d9bf91

      SHA256

      d5c76b225a955cb4633668775eb5d87b9139e1e38b04559d9740a48beea7a049

      SHA512

      159392f96f4bde2a3dc2f041a5afe1ee9d622ee012451cd7ae64643daace80db218c885b0879970d125dedb90cc7a5a650f5a6757761e6e2dbb74a145fbef222

      Download Submit

    • C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log
      Filesize

      127KB

      MD5

      cd1a04839e7055f3ed345507adc014d1

      SHA1

      40f1e53cb8887b9082c18bbf12cb5daf250094ef

      SHA256

      b50158482ba15923ac527e18aecc4768a7127a59d352e9664250a352a52a3a30

      SHA512

      b38b3ead00a9fe7e8bb3ac34b357eaa49738a29ce2af7f10bdb413ac81bddc17373d7395fe66471aebf928ae6d2e7506acb0a9eeb251595bef026f1841f0f554

      Download Submit

    • C:\vcredist2022_x86_001_vcRuntimeMinimum_x86.log
      Filesize

      121KB

      MD5

      37e1b9b12dc91eaba0c0a652e7d503a8

      SHA1

      7db90234267e28e37c35505a49ebde0210e95965

      SHA256

      cb899b82d6ff35465d8c6b6d0e96f353c7ba24633e7304618161ada32dbabfdc

      SHA512

      227a26270d1a8b98d4f4b7311757127a7b663dfd8176d6f3b3c960bc5835cd09d0e577116ff6e6cbba36e2e601e419f6ba2870956f6e1520028a76f604b63745

      Download Submit

    • C:\vcredist2022_x86_002_vcRuntimeAdditional_x86.log
      Filesize

      133KB

      MD5

      cf698045c3c890f9d06c5a58a90d3cff

      SHA1

      2f9ef72355c18e678427cb70a0071a8b017e85e7

      SHA256

      04ada0e0f4d0c9ec2f6118e833fe79e01872eb2fd4cc37a7c46d735a450e0a47

      SHA512

      3188716c878c1ea8a6afd66e7050c9f83bc4338e1d7a98b2c5c73da252883c65001e3e91c494afe829848078ef52091170664bdbbf1e5c50bd05f76f2b20a958

      Download Submit

    • memory/3028-0-0x0000000001ED0000-0x0000000001ED1000-memory.dmp

      Filesize

      4KB

      Download