Overview

overview

3

Static

static

1

3434.jpg

windows7-x64

3

3434.jpg

windows10-2004-x64

3

Analysis

  • max time kernel
    434s
  • max time network
    437s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/07/2024, 09:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3434.jpg

  • Size

    8KB

  • MD5

    10a46a20c4450cfe007f5f68e12d7873

  • SHA1

    8bb6fca2366c097573e30ebf33118c529ee22aa2

  • SHA256

    971df10ec16ca9bdb77fea3ca1b8bb58606f3510f51aa69457d556da0e68b25d

  • SHA512

    35cd53bb0660a68e3ae9d3784719071d626ad909c3bd3f5ef9b922c4d5a453a1603f3effc77b31c4d5b60164e415367aaecc4081322a0a96e8daa9676ffbdcb8

  • SSDEEP

    192:ewok1sF4KlS/qiL6EWvhN90GRnA7I6vuuViRZ3GeKYu3IbXA6c:ewok1sF4Kpc6lhN7e862uVEuwFc

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 37 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 62 IoCs
  • Suspicious use of SendNotifyMessage 35 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\3434.jpg
    1⤵
      PID:3520
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:460

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/460-0-0x000002312C140000-0x000002312C141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/460-2-0x000002312C140000-0x000002312C141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/460-1-0x000002312C140000-0x000002312C141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/460-6-0x000002312C140000-0x000002312C141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/460-12-0x000002312C140000-0x000002312C141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/460-11-0x000002312C140000-0x000002312C141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/460-10-0x000002312C140000-0x000002312C141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/460-9-0x000002312C140000-0x000002312C141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/460-8-0x000002312C140000-0x000002312C141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/460-7-0x000002312C140000-0x000002312C141000-memory.dmp

      Filesize

      4KB

      Download