106b8ab5586be4278c912337bffd6800d9ac4f9ef70b719cbe18720c3665f8a6

Resubmissions

20-11-2024 09:57

241120-ly8njawbjq 10

20-11-2024 09:40

241120-lnebyazkel 7

Analysis

max time kernel
270s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 09:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Image_processed_by_Vidnoz.png⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀��.exe
Size

61.1MB
MD5

a83705763f911f07c48df4910f0978a6
SHA1

1ee5bb301336c1687f6ebb0ef30d636f9e493c3d
SHA256

106b8ab5586be4278c912337bffd6800d9ac4f9ef70b719cbe18720c3665f8a6
SHA512

6fb9c048428c61525f3de99e592d4bab4c591c6c65e709c6619ba80cf7c3cc337990f97030e70a7cda8d8a14d5ccea49038cbf28dd869d85367274fa16f921a8
SSDEEP

393216:j76L6otUitqtH7wHtXq2pt2jbOCacCFIK0fpP9HF4VW8yfEnVQx4urYsANulL7Nd:j0LoCOn+2Es4urYDNulLBiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

Image.exe

pid process

2476 Image.exe
Loads dropped DLL 5 IoCs

Processes:

Image.exe

pid process

2476 Image.exe
2476 Image.exe
2476 Image.exe
2476 Image.exe
2476 Image.exe

pid	process
2476	Image.exe

pid	process
2476	Image.exe
2476	Image.exe
2476	Image.exe
2476	Image.exe
2476	Image.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

Image_processed_by_Vidnoz.png⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀��.exe

description	pid	process	target process
PID 1352 wrote to memory of 2476	1352	Image_processed_by_Vidnoz.png⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀��.exe	Image.exe
PID 1352 wrote to memory of 2476	1352	Image_processed_by_Vidnoz.png⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀��.exe	Image.exe

C:\Users\Admin\AppData\Local\Temp\Image_processed_by_Vidnoz.png⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀��.exe
"C:\Users\Admin\AppData\Local\Temp\Image_processed_by_Vidnoz.png⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀��.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Users\Admin\AppData\Local\Temp\ab1d9672ee1938b18f747ca12ae0afd9\Image.exe
  C:\Users\Admin\AppData\Local\Temp\ab1d9672ee1938b18f747ca12ae0afd9\Image.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ab1d9672ee1938b18f747ca12ae0afd9\Image.exe

Filesize
45KB

MD5
25ab75a586f4b22ebae81e74b20bfee9

SHA1
97f52704adbbd42f1c6415f565241ba1521c450f

SHA256
14a4044215f341ba1ece3e49d475e309749b65c8959f2724d26209ed705a225a

SHA512
cfa18fcccdeb95450f9ddb24dd620edca3faec765d339395884bcd2369783e37fd41ab3923a2d7439512670eb9389555dfc5a72adb725c818d2a5f4ea5154f7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ab1d9672ee1938b18f747ca12ae0afd9\MSVCP140.dll

Filesize
552KB

MD5
29c6c243cfb1cec96b4a1008274f9600

SHA1
c54b10ef6305cc3814c68e6c8fd6daecbb27622a

SHA256
44a5af24f8d5f9c50a9e5a200a0486100afb6a0e86377e2e3e622a7bbb57cb04

SHA512
39c34554ea7b6d433c2aecfdeff87959e625e943bf7a446ebca8e5878eaf24198c1b188359a0343fb78478f2bc8b986ca4d0e69d39bac6ff80cb901fe4f113ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\ab1d9672ee1938b18f747ca12ae0afd9\Qt5Core.dll

Filesize
2.8MB

MD5
81dfc4d19287e5a20ea735c996f31e79

SHA1
4549705d9577d8412650e75a450b87b6f41d6bda

SHA256
9bf148b63984bda3e68c853064974661b191adaa38a813d722ed0c6e843e92b5

SHA512
5283d91d17ea63229159e7a8c3765369fd08334084c0cb89aacae6087c186b7af8bbc5f05b2d690f93fb76c8336e120fae3f6ff6bb05a86a8e010c7de38e4fd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ab1d9672ee1938b18f747ca12ae0afd9\vcruntime140.dll

Filesize
94KB

MD5
02794a29811ba0a78e9687a0010c37ce

SHA1
97b5701d18bd5e25537851614099e2ffce25d6d8

SHA256
1729421a22585823493d5a125cd43a470889b952a2422f48a7bc8193f5c23b0f

SHA512
caf2a478e9c78c8e93dd2288ed98a9261fcf2b7e807df84f2e4d76f8130c2e503eb2470c947a678ac63e59d7d54f74e80e743d635428aa874ec2d06df68d0272

Download Submit
C:\Users\Admin\AppData\Local\Temp\ab1d9672ee1938b18f747ca12ae0afd9\vcruntime140_1.dll

Filesize
36KB

MD5
d8d1a08176ba2542c58669c1c04da1b7

SHA1
e0d0059baf23fb5e1d2dadedc12e2f53c930256d

SHA256
26c29d01df73a8e35d32e430c892d925abb6e4ad62d3630ae42b69daacba1a0d

SHA512
5308790fbcf6348e87e7d5b9235ed66942527326f7ba556c910d68d94617bdd247a4ed540b4b9f8d4e73d15cf4a7204c0a57d4fd348ec26e53f39b91be8617fb

Download Submit