Analysis
-
max time kernel
60s -
max time network
63s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241023-en -
resource tags
-
submitted
14-11-2024 23:20
General
-
Target
alkaline_trio___2_by_letsplaysuicide_d5l988-fullview.jpg
-
Size
96KB
-
MD5
5a67b2ccd59a9026d7a65808e7fbe2b5
-
SHA1
d98c2e6d0d7746a4b8cb974bf3137a4b7815c8f0
-
SHA256
d0096ae477363291c2bd6307776c5674dfd0d6f718f0b99647f4d77d1f58117e
-
SHA512
bf8337c3d0db282e666908a66aecdddadd3910c993bdbf6ebe824296952e6f6caab5f9785c4a37777a1b0b03789db7864f60c9a04e6ea89cabf25359c64a1f88
-
SSDEEP
768:fNhjT3NZha5hyhai4CK/LZjtqjm4uHByznKM1++xW0+aE2OUb/scRuoxSa+EgQ:fzT3fha5hyhai4PLSy4p4gtHIEgQ
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\alkaline_trio___2_by_letsplaysuicide_d5l988-fullview.jpg1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\mspaint.exe"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\alkaline_trio___2_by_letsplaysuicide_d5l988-fullview.jpg"2⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵