Malware Analysis Report

2025-01-03 06:23

Sample ID 241120-lnebyazkel
Target Image_processed_by_Vidnoz.png⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀.exe
SHA256 106b8ab5586be4278c912337bffd6800d9ac4f9ef70b719cbe18720c3665f8a6
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

106b8ab5586be4278c912337bffd6800d9ac4f9ef70b719cbe18720c3665f8a6

Threat Level: Shows suspicious behavior

The file Image_processed_by_Vidnoz.png⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary


Executes dropped EXE

Loads dropped DLL

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-11-20 09:40

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-20 09:40

Reported

2024-11-20 09:44

Platform

win7-20241010-en

Max time kernel

121s

Max time network

131s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Image_processed_by_Vidnoz.png⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀��.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Image_processed_by_Vidnoz.png⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀��.exe

"C:\Users\Admin\AppData\Local\Temp\Image_processed_by_Vidnoz.png⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀��.exe"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-20 09:40

Reported

2024-11-20 09:44

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Image_processed_by_Vidnoz.png⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀��.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\Image_processed_by_Vidnoz.png⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀��.exe

"C:\Users\Admin\AppData\Local\Temp\Image_processed_by_Vidnoz.png⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀��.exe"

C:\Users\Admin\AppData\Local\Temp\d022f8d0e23179a9a6e782d0ac8e4fca\Image.exe

C:\Users\Admin\AppData\Local\Temp\d022f8d0e23179a9a6e782d0ac8e4fca\Image.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.73.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\d022f8d0e23179a9a6e782d0ac8e4fca\Qt5Core.dll

MD5 81dfc4d19287e5a20ea735c996f31e79
SHA1 4549705d9577d8412650e75a450b87b6f41d6bda
SHA256 9bf148b63984bda3e68c853064974661b191adaa38a813d722ed0c6e843e92b5
SHA512 5283d91d17ea63229159e7a8c3765369fd08334084c0cb89aacae6087c186b7af8bbc5f05b2d690f93fb76c8336e120fae3f6ff6bb05a86a8e010c7de38e4fd0

C:\Users\Admin\AppData\Local\Temp\d022f8d0e23179a9a6e782d0ac8e4fca\Image.exe

MD5 25ab75a586f4b22ebae81e74b20bfee9
SHA1 97f52704adbbd42f1c6415f565241ba1521c450f
SHA256 14a4044215f341ba1ece3e49d475e309749b65c8959f2724d26209ed705a225a
SHA512 cfa18fcccdeb95450f9ddb24dd620edca3faec765d339395884bcd2369783e37fd41ab3923a2d7439512670eb9389555dfc5a72adb725c818d2a5f4ea5154f7c

C:\Users\Admin\AppData\Local\Temp\d022f8d0e23179a9a6e782d0ac8e4fca\msvcp140.dll

MD5 29c6c243cfb1cec96b4a1008274f9600
SHA1 c54b10ef6305cc3814c68e6c8fd6daecbb27622a
SHA256 44a5af24f8d5f9c50a9e5a200a0486100afb6a0e86377e2e3e622a7bbb57cb04
SHA512 39c34554ea7b6d433c2aecfdeff87959e625e943bf7a446ebca8e5878eaf24198c1b188359a0343fb78478f2bc8b986ca4d0e69d39bac6ff80cb901fe4f113ee

C:\Users\Admin\AppData\Local\Temp\d022f8d0e23179a9a6e782d0ac8e4fca\vcruntime140_1.dll

MD5 d8d1a08176ba2542c58669c1c04da1b7
SHA1 e0d0059baf23fb5e1d2dadedc12e2f53c930256d
SHA256 26c29d01df73a8e35d32e430c892d925abb6e4ad62d3630ae42b69daacba1a0d
SHA512 5308790fbcf6348e87e7d5b9235ed66942527326f7ba556c910d68d94617bdd247a4ed540b4b9f8d4e73d15cf4a7204c0a57d4fd348ec26e53f39b91be8617fb

C:\Users\Admin\AppData\Local\Temp\d022f8d0e23179a9a6e782d0ac8e4fca\vcruntime140.dll

MD5 02794a29811ba0a78e9687a0010c37ce
SHA1 97b5701d18bd5e25537851614099e2ffce25d6d8
SHA256 1729421a22585823493d5a125cd43a470889b952a2422f48a7bc8193f5c23b0f
SHA512 caf2a478e9c78c8e93dd2288ed98a9261fcf2b7e807df84f2e4d76f8130c2e503eb2470c947a678ac63e59d7d54f74e80e743d635428aa874ec2d06df68d0272