Resubmissions
07-11-2024 03:23
241107-dxvraavdnj 307-11-2024 03:22
241107-dwyrjsvarc 326-09-2024 15:21
240926-srkfpatgqp 10Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
07-11-2024 03:23
Static task
static1
Behavioral task
behavioral1
Sample
AHA.png
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
AHA.png
Resource
win10v2004-20241007-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
AHA.png
-
Size
463KB
-
MD5
e453d2a309bddf4d823eb17f6022a0f1
-
SHA1
136fabdc8a2192708c63da84b0876c2736975435
-
SHA256
f47933f20a1a427349f57fdb839b9085d006ef91bb635b55447ff2d3f6c4fcfd
-
SHA512
3108e807f532251603d8bc585d94d91e3d778b4b3945bc127aa441091e4945242bb70cc782fd01b1f1b65812c16531164dbb4dafcfbd41c8b6afc6c90b0ced7e
-
SSDEEP
12288:QlBbFqavzhwL4YciIPARZF0EzJkQyn9a1g/DhxdF+ZJ+ROeWEF:aBb77hLYG4hkxa1gbhPCJSO3Q
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2400 rundll32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2400 rundll32.exe 2400 rundll32.exe
Processes
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\AHA.png1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2400
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:1800