f79cd6d2163c5b8aed2594160d7d62049a3b4b9b35768ffab36557625e60d11b

Analysis

max time kernel
127s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 08:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Polícia de Segurança Pública (PSP)1.jpg
Size

941KB
MD5

6a536439fca61e2f7dba9ea633fa9459
SHA1

439b16cc5e5bffa5bfe12f8299dea1892f723764
SHA256

f79cd6d2163c5b8aed2594160d7d62049a3b4b9b35768ffab36557625e60d11b
SHA512

1ea40a28fa6b75ef6d42c920176cf208b431824ba078a84b721b6bec9f5cab2a646bbae17140b1c6571049d90842aedf4dabde98010fa31dd8056efa901e56fe
SSDEEP

12288:ueOHm9XoumVoe8qdz5PQ2N78/ERzWcsmGxNnLOtcvQL31YUDhcKsXKyUC/59aBFX:u5oXouuoe8g0/Ed3saLixUC/54Cev

Score

1^/10

Malware Config

Signatures

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2808	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2600	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2600	vlc.exe

Suspicious use of FindShellTrayWindow 14 IoCs

pid	Process
2600	vlc.exe
2600	vlc.exe
2600	vlc.exe
2600	vlc.exe
2600	vlc.exe
2600	vlc.exe
2600	vlc.exe
2600	vlc.exe
2600	vlc.exe
2600	vlc.exe
2600	vlc.exe
2600	vlc.exe
2600	vlc.exe
2600	vlc.exe

Suspicious use of SendNotifyMessage 13 IoCs

pid	Process
2600	vlc.exe
2600	vlc.exe
2600	vlc.exe
2600	vlc.exe
2600	vlc.exe
2600	vlc.exe
2600	vlc.exe
2600	vlc.exe
2600	vlc.exe
2600	vlc.exe
2600	vlc.exe
2600	vlc.exe
2600	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2600	vlc.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\Polícia de Segurança Pública (PSP)1.jpg"
1⤵
PID:2756

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\UnprotectSet.inf
1⤵
- Opens file in notepad (likely ransom note)
PID:2808

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UninstallShow.mov"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2600-13-0x000007FEF7860000-0x000007FEF7894000-memory.dmp

Filesize
208KB

Download
memory/2600-12-0x000000013FDE0000-0x000000013FED8000-memory.dmp

Filesize
992KB

Download
memory/2600-16-0x000007FEFA850000-0x000007FEFA867000-memory.dmp

Filesize
92KB

Download
memory/2600-14-0x000007FEF6700000-0x000007FEF69B6000-memory.dmp

Filesize
2.7MB

Download
memory/2600-19-0x000007FEF76F0000-0x000007FEF7701000-memory.dmp

Filesize
68KB

Download
memory/2600-21-0x000007FEF76B0000-0x000007FEF76C1000-memory.dmp

Filesize
68KB

Download
memory/2600-20-0x000007FEF76D0000-0x000007FEF76ED000-memory.dmp

Filesize
116KB

Download
memory/2600-18-0x000007FEF7710000-0x000007FEF7727000-memory.dmp

Filesize
92KB

Download
memory/2600-17-0x000007FEFA800000-0x000007FEFA811000-memory.dmp

Filesize
68KB

Download
memory/2600-15-0x000007FEFB010000-0x000007FEFB028000-memory.dmp

Filesize
96KB

Download
memory/2600-23-0x000007FEF6C50000-0x000007FEF6C91000-memory.dmp

Filesize
260KB

Download
memory/2600-25-0x000007FEF6C30000-0x000007FEF6C48000-memory.dmp

Filesize
96KB

Download
memory/2600-24-0x000007FEF7680000-0x000007FEF76A1000-memory.dmp

Filesize
132KB

Download
memory/2600-22-0x000007FEF5950000-0x000007FEF5B5B000-memory.dmp

Filesize
2.0MB

Download
memory/2600-32-0x000007FEF6B70000-0x000007FEF6B88000-memory.dmp

Filesize
96KB

Download
memory/2600-31-0x000007FEF6B90000-0x000007FEF6BA1000-memory.dmp

Filesize
68KB

Download
memory/2600-30-0x000007FEF6BB0000-0x000007FEF6BCB000-memory.dmp

Filesize
108KB

Download
memory/2600-29-0x000007FEF6BD0000-0x000007FEF6BE1000-memory.dmp

Filesize
68KB

Download
memory/2600-28-0x000007FEF6BF0000-0x000007FEF6C01000-memory.dmp

Filesize
68KB

Download
memory/2600-27-0x000007FEF6C10000-0x000007FEF6C21000-memory.dmp

Filesize
68KB

Download
memory/2600-35-0x000007FEF6350000-0x000007FEF63CC000-memory.dmp

Filesize
496KB

Download
memory/2600-38-0x000007FEF6AF0000-0x000007FEF6B18000-memory.dmp

Filesize
160KB

Download
memory/2600-44-0x000007FEF3900000-0x000007FEF3917000-memory.dmp

Filesize
92KB

Download
memory/2600-43-0x000007FEF4850000-0x000007FEF4862000-memory.dmp

Filesize
72KB

Download
memory/2600-42-0x000007FEF62D0000-0x000007FEF62E1000-memory.dmp

Filesize
68KB

Download
memory/2600-41-0x000007FEF4870000-0x000007FEF4893000-memory.dmp

Filesize
140KB

Download
memory/2600-40-0x000007FEF65F0000-0x000007FEF6608000-memory.dmp

Filesize
96KB

Download
memory/2600-39-0x000007FEF66D0000-0x000007FEF66F4000-memory.dmp

Filesize
144KB

Download
memory/2600-37-0x000007FEF62F0000-0x000007FEF6347000-memory.dmp

Filesize
348KB

Download
memory/2600-36-0x000007FEF6B20000-0x000007FEF6B31000-memory.dmp

Filesize
68KB

Download
memory/2600-26-0x000007FEF48A0000-0x000007FEF5950000-memory.dmp

Filesize
16.7MB

Download
memory/2600-34-0x000007FEF6610000-0x000007FEF6677000-memory.dmp

Filesize
412KB

Download
memory/2600-33-0x000007FEF6B40000-0x000007FEF6B70000-memory.dmp

Filesize
192KB

Download
memory/2600-56-0x000007FEF7860000-0x000007FEF7894000-memory.dmp

Filesize
208KB

Download
memory/2600-55-0x000000013FDE0000-0x000000013FED8000-memory.dmp

Filesize
992KB

Download
memory/2600-57-0x000007FEF6700000-0x000007FEF69B6000-memory.dmp

Filesize
2.7MB

Download
memory/2600-58-0x000007FEF48A0000-0x000007FEF5950000-memory.dmp

Filesize
16.7MB

Download