Resubmissions
07/10/2024, 19:03
241007-xqldtavhra 627/09/2024, 23:46
240927-3samzsybkf 827/09/2024, 23:14
240927-28aggsxbnh 1027/09/2024, 23:12
240927-26vpmsvbjk 827/09/2024, 20:13
240927-yzes3axdnk 827/09/2024, 20:12
240927-yy349sxdmm 327/09/2024, 20:10
240927-yxq4bazcma 327/09/2024, 20:02
240927-yr5drazaqf 827/09/2024, 19:59
240927-yqh45axamm 327/09/2024, 19:56
240927-ynwx7swhll 3Analysis
-
max time kernel
1564s -
max time network
1688s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
07/10/2024, 19:03
General
-
Target
Screenshot 2024-09-24 2.11.17 PM.png
-
Size
45KB
-
MD5
578c76503d19e73f7a935cdfb1a4108e
-
SHA1
74644b49ebeb844cfa821fe70251f8e56ac6e112
-
SHA256
3e5e23c0adf484b96a726f9ecdbd4a3089ad7f8979329616b73e521825e183ae
-
SHA512
52b1cb29234be0e46a90cc26f8ac9ad6ff45887f80fbaf20da53bce7c9530111778317aaa393e6e94fe97f3f15372a0de869f709e768f278bd74ba989599ca0d
-
SSDEEP
768:54PXdrAREaTeqsZ+93ArVC7UpbJss0JAKEKFXsojUIFI5A29+FKn2g5Fh2O:54Pa1swmfNIOKEKSY29tnxhz
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-09-24 2.11.17 PM.png"1⤵
-
C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe"C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe"1⤵
- Drops desktop.ini file(s)
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x46c1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
40KB
-
Filesize
40KB
-
Filesize
4KB
-
Filesize
40KB
-
Filesize
40KB
-
Filesize
84KB
-
Filesize
84KB