Overview

overview

7

Static

static

7

PhotoRescu...se.htm

windows7-x64

3

PhotoRescu...se.htm

windows10-2004-x64

3

PhotoRescu...r.html

windows7-x64

3

PhotoRescu...r.html

windows10-2004-x64

3

PhotoRescu...x.html

windows7-x64

3

PhotoRescu...x.html

windows10-2004-x64

3

PhotoRescu...lib.js

windows7-x64

3

PhotoRescu...lib.js

windows10-2004-x64

3

PhotoRescu...ro.dll

windows7-x64

3

PhotoRescu...ro.dll

windows10-2004-x64

3

PhotoRescu...ro.exe

windows7-x64

6

PhotoRescu...ro.exe

windows10-2004-x64

6

PhotoRescu...ro.url

windows7-x64

1

PhotoRescu...ro.url

windows10-2004-x64

1

PhotoRescu...es.htm

windows7-x64

3

PhotoRescu...es.htm

windows10-2004-x64

3

PhotoRescu...Hs.exe

windows7-x64

7

PhotoRescu...Hs.exe

windows10-2004-x64

7

PhotoRescu...ro.chm

windows7-x64

1

PhotoRescu...ro.chm

windows10-2004-x64

1

PhotoRescu...��.url

windows7-x64

1

PhotoRescu...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/07/2024, 04:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PhotoRescue Pro/PhotoRescuePro.exe

  • Size

    2.5MB

  • MD5

    777b61019224402deba1f49691449b21

  • SHA1

    ec5917216195fb3a62d9bb75ae80c23f7592d1e7

  • SHA256

    5271c0fb31fc8cdeba0fd7dc9375dcf8f2d1c896f04714ee181afc450d49975a

  • SHA512

    91c642d042a59cee3325dd20c967cd4fa1fe8dd40ff37349207d35801bc8553c552392c52094e0eac20c39cf85f154e54297c53ec6103fee1a99d6965f106b58

  • SSDEEP

    49152:roynyZVz8ISmMUixn0dgtGarLPsJHRkqrSY3:z4RRMUixn0dgtGaHPspRkqrS

Score
6/10
discovery

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PhotoRescue Pro\PhotoRescuePro.exe
    "C:\Users\Admin\AppData\Local\Temp\PhotoRescue Pro\PhotoRescuePro.exe"
    1⤵
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:2000

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2000-0-0x0000000002E10000-0x0000000002E11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2000-1-0x00000000011A0000-0x00000000011A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2000-2-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2000-4-0x0000000002E10000-0x0000000002E11000-memory.dmp

    Filesize

    4KB

    Download