Analysis Overview
SHA256
106b8ab5586be4278c912337bffd6800d9ac4f9ef70b719cbe18720c3665f8a6
Threat Level: Known bad
The file Image_processed_by_Vidnoz.png⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀.exe was found to be: Known bad.
Malicious Activity Summary
Stormkitty family
AsyncRat
StormKitty payload
Asyncrat family
StormKitty
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
Suspicious use of SetThreadContext
Program crash
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-20 09:57
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-20 09:57
Reported
2024-11-20 10:03
Platform
win11-20241007-en
Max time kernel
92s
Max time network
204s
Command Line
Signatures
AsyncRat
Asyncrat family
StormKitty
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Stormkitty family
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\Image.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\Image.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\Image.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\Image.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\Image.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\Image.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\Image.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\Software\Microsoft\Windows\CurrentVersion\Run\Image = "cmd.exe /C start \"\" /D \"C:\\Users\\Admin\\Document\" \"C:\\Users\\Admin\\Document\\Image.exe\"" | C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\Image.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2020 set thread context of 5636 | N/A | C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\Image.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Image_processed_by_Vidnoz.png⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀��.exe
"C:\Users\Admin\AppData\Local\Temp\Image_processed_by_Vidnoz.png⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀��.exe"
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\Image.exe
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\Image.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5636 -ip 5636
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 1304
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\Image.exe
| MD5 | 25ab75a586f4b22ebae81e74b20bfee9 |
| SHA1 | 97f52704adbbd42f1c6415f565241ba1521c450f |
| SHA256 | 14a4044215f341ba1ece3e49d475e309749b65c8959f2724d26209ed705a225a |
| SHA512 | cfa18fcccdeb95450f9ddb24dd620edca3faec765d339395884bcd2369783e37fd41ab3923a2d7439512670eb9389555dfc5a72adb725c818d2a5f4ea5154f7c |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\Qt5Core.dll
| MD5 | 81dfc4d19287e5a20ea735c996f31e79 |
| SHA1 | 4549705d9577d8412650e75a450b87b6f41d6bda |
| SHA256 | 9bf148b63984bda3e68c853064974661b191adaa38a813d722ed0c6e843e92b5 |
| SHA512 | 5283d91d17ea63229159e7a8c3765369fd08334084c0cb89aacae6087c186b7af8bbc5f05b2d690f93fb76c8336e120fae3f6ff6bb05a86a8e010c7de38e4fd0 |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\MSVCP140.dll
| MD5 | 29c6c243cfb1cec96b4a1008274f9600 |
| SHA1 | c54b10ef6305cc3814c68e6c8fd6daecbb27622a |
| SHA256 | 44a5af24f8d5f9c50a9e5a200a0486100afb6a0e86377e2e3e622a7bbb57cb04 |
| SHA512 | 39c34554ea7b6d433c2aecfdeff87959e625e943bf7a446ebca8e5878eaf24198c1b188359a0343fb78478f2bc8b986ca4d0e69d39bac6ff80cb901fe4f113ee |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\VCRUNTIME140.dll
| MD5 | 02794a29811ba0a78e9687a0010c37ce |
| SHA1 | 97b5701d18bd5e25537851614099e2ffce25d6d8 |
| SHA256 | 1729421a22585823493d5a125cd43a470889b952a2422f48a7bc8193f5c23b0f |
| SHA512 | caf2a478e9c78c8e93dd2288ed98a9261fcf2b7e807df84f2e4d76f8130c2e503eb2470c947a678ac63e59d7d54f74e80e743d635428aa874ec2d06df68d0272 |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\VCRUNTIME140_1.dll
| MD5 | d8d1a08176ba2542c58669c1c04da1b7 |
| SHA1 | e0d0059baf23fb5e1d2dadedc12e2f53c930256d |
| SHA256 | 26c29d01df73a8e35d32e430c892d925abb6e4ad62d3630ae42b69daacba1a0d |
| SHA512 | 5308790fbcf6348e87e7d5b9235ed66942527326f7ba556c910d68d94617bdd247a4ed540b4b9f8d4e73d15cf4a7204c0a57d4fd348ec26e53f39b91be8617fb |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\concrt140e.dll
| MD5 | 40059b087a7e9e13a994061f792ee0f4 |
| SHA1 | 61622bbc8969b2da776bb13519c414114f232c8a |
| SHA256 | c0e2767ff31b0f4702fea6f34c1502a3150a23b5c2222f67045c12613b9fe379 |
| SHA512 | 5190ccb2ec91b5af0e9a10531b5c2a3c82e316388d26811fae4261402f633aa4e391813a71104dc170f97fad3e09ebabaa584cf8756056a915b593b61832d0cc |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\api-ms-win-crt-conio-l1-1-0.dll
| MD5 | fa770bcd70208a479bde8086d02c22da |
| SHA1 | 28ee5f3ce3732a55ca60aee781212f117c6f3b26 |
| SHA256 | e677497c1baefffb33a17d22a99b76b7fa7ae7a0c84e12fda27d9be5c3d104cf |
| SHA512 | f8d81e350cebdba5afb579a072bad7986691e9f3d4c9febca8756b807301782ee6eb5ba16b045cfa29b6e4f4696e0554c718d36d4e64431f46d1e4b1f42dc2b8 |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | 4ec4790281017e616af632da1dc624e1 |
| SHA1 | 342b15c5d3e34ab4ac0b9904b95d0d5b074447b7 |
| SHA256 | 5cf5bbb861608131b5f560cbf34a3292c80886b7c75357acc779e0bf98e16639 |
| SHA512 | 80c4e20d37eff29c7577b2d0ed67539a9c2c228edb48ab05d72648a6ed38f5ff537715c130342beb0e3ef16eb11179b9b484303354a026bda3a86d5414d24e69 |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | 7a859e91fdcf78a584ac93aa85371bc9 |
| SHA1 | 1fa9d9cad7cc26808e697373c1f5f32aaf59d6b7 |
| SHA256 | b7ee468f5b6c650dada7db3ad9e115a0e97135b3df095c3220dfd22ba277b607 |
| SHA512 | a368f21eca765afca86e03d59cf953500770f4a5bff8b86b2ac53f1b5174c627e061ce9a1f781dc56506774e0d0b09725e9698d4dc2d3a59e93da7ef3d900887 |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | 972544ade7e32bfdeb28b39bc734cdee |
| SHA1 | 87816f4afabbdec0ec2cfeb417748398505c5aa9 |
| SHA256 | 7102f8d9d0f3f689129d7fe071b234077fba4dd3687071d1e2aeaa137b123f86 |
| SHA512 | 5e1131b405e0c7a255b1c51073aff99e2d5c0d28fd3e55cabc04d463758a575a954008ea1ba5b4e2b345b49af448b93ad21dfc4a01573b3cb6e7256d9ecceef1 |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | 8906279245f7385b189a6b0b67df2d7c |
| SHA1 | fcf03d9043a2daafe8e28dee0b130513677227e4 |
| SHA256 | f5183b8d7462c01031992267fe85680ab9c5b279bedc0b25ab219f7c2184766f |
| SHA512 | 67cac89ae58cc715976107f3bdf279b1e78945afd07e6f657e076d78e92ee1a98e3e7b8feae295af5ce35e00c804f3f53a890895badb1eed32377d85c21672b9 |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | dd8176e132eedea3322443046ac35ca2 |
| SHA1 | d13587c7cc52b2c6fbcaa548c8ed2c771a260769 |
| SHA256 | 2eb96422375f1a7b687115b132a4005d2e7d3d5dc091fb0eb22a6471e712848e |
| SHA512 | 77cb8c44c8cc8dd29997fba4424407579ac91176482db3cf7bc37e1f9f6aa4c4f5ba14862d2f3a9c05d1fdd7ca5a043b5f566bd0e9a9e1ed837da9c11803b253 |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\api-ms-win-crt-math-l1-1-0.dll
| MD5 | a6a3d6d11d623e16866f38185853facd |
| SHA1 | fbeadd1e9016908ecce5753de1d435d6fcf3d0b5 |
| SHA256 | a768339f0b03674735404248a039ec8591fcba6ff61a3c6812414537badd23b0 |
| SHA512 | abbf32ceb35e5ec6c1562f9f3b2652b96b7dbd97bfc08d918f987c0ec0503e8390dd697476b2a2389f0172cd8cf16029fd2ec5f32a9ba3688bf2ebeefb081b2c |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\api-ms-win-crt-multibyte-l1-1-0.dll
| MD5 | b5c8af5badcdefd8812af4f63364fe2b |
| SHA1 | 750678935010a83e2d83769445f0d249e4568a8d |
| SHA256 | 7101b3dff525ea47b7a40dd96544c944ae400447df7a6acd07363b6d7968b889 |
| SHA512 | a2a8d08d658f5ed368f9fb556bfb13b897f31e9540bfdfff6567826614d6c5f0d64bd08fec66c63e74d852ab6b083294e187507e83f2bc284dfb7ca5c86ae047 |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\api-ms-win-crt-private-l1-1-0.dll
| MD5 | d76e7aaecb3d1ca9948c31bdae52eb9d |
| SHA1 | 142a2bb0084faa2a25d0028846921545f09d9ae9 |
| SHA256 | 785c49fd9f99c6eb636d78887aa186233e9304921dd835dee8f72e2609ff65c4 |
| SHA512 | 52da403286659cf201c72fa0ab3c506ade86c7e2fef679f35876a5cec4aee97afbc5bb13a259c51efb8706f6ae7f5a6a3800176b89f424b6a4e9f3d5b8289620 |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | f1a23c251fcbb7041496352ec9bcffbe |
| SHA1 | be4a00642ec82465bc7b3d0cc07d4e8df72094e8 |
| SHA256 | d899c2f061952b3b97ab9cdbca2450290b0f005909ddd243ed0f4c511d32c198 |
| SHA512 | 31f8c5cd3b6e153073e2e2edf0ca8072d0f787784f1611a57219349c1d57d6798a3adbd6942b0f16cef781634dd8691a5ec0b506df21b24cb70aee5523a03fd9 |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\api-ms-win-crt-process-l1-1-0.dll
| MD5 | 074b81a625fb68159431bb556d28fab5 |
| SHA1 | 20f8ead66d548cfa861bc366bb1250ced165be24 |
| SHA256 | 3af38920e767bd9ebc08f88eaf2d08c748a267c7ec60eab41c49b3f282a4cf65 |
| SHA512 | 36388c3effa0d94cf626decaa1da427801cc5607a2106abdadf92252c6f6fd2ce5bf0802f5d0a4245a1ffdb4481464c99d60510cf95e83ebaf17bd3d6acbc3dc |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | 55b2eb7f17f82b2096e94bca9d2db901 |
| SHA1 | 44d85f1b1134ee7a609165e9c142188c0f0b17e0 |
| SHA256 | f9d3f380023a4c45e74170fe69b32bca506ee1e1fbe670d965d5b50c616da0cb |
| SHA512 | 0cf0770f5965a83f546253decfa967d8f85c340b5f6ea220d3caa14245f3cdb37c53bf8d3da6c35297b22a3fa88e7621202634f6b3649d7d9c166a221d3456a5 |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\api-ms-win-crt-string-l1-1-0.dll
| MD5 | 9b79965f06fd756a5efde11e8d373108 |
| SHA1 | 3b9de8bf6b912f19f7742ad34a875cbe2b5ffa50 |
| SHA256 | 1a916c0db285deb02c0b9df4d08dad5ea95700a6a812ea067bd637a91101a9f6 |
| SHA512 | 7d4155c00d65c3554e90575178a80d20dc7c80d543c4b5c4c3f508f0811482515638fe513e291b82f958b4d7a63c9876be4e368557b07ff062961197ed4286fb |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\api-ms-win-crt-time-l1-1-0.dll
| MD5 | 1d48a3189a55b632798f0e859628b0fb |
| SHA1 | 61569a8e4f37adc353986d83efc90dc043cdc673 |
| SHA256 | b56bc94e8539603dd2f0fea2f25efd17966315067442507db4bffafcbc2955b0 |
| SHA512 | 47f329102b703bfbb1ebaeb5203d1c8404a0c912019193c93d150a95bb0c5ba8dc101ac56d3283285f9f91239fc64a66a5357afe428a919b0be7194bada1f64f |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | dbc27d384679916ba76316fb5e972ea6 |
| SHA1 | fb9f021f2220c852f6ff4ea94e8577368f0616a4 |
| SHA256 | dd14133adf5c534539298422f6c4b52739f80aca8c5a85ca8c966dea9964ceb1 |
| SHA512 | cc0d8c56749ccb9d007b6d3f5c4a8f1d4e368bb81446ebcd7cc7b40399bbd56d0acaba588ca172ecb7472a8cbddbd4c366ffa38094a832f6d7e343b813ba565e |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\concrt140.dll
| MD5 | 8e658a8572dbe14ea8af0420d7238a13 |
| SHA1 | 121695b55a4c920a23f52c3a0f34db289342c800 |
| SHA256 | 8330266110921bd09707b5e1dd5e78b26c43a7c90fa3851cd890a9a95b59cb43 |
| SHA512 | f4212fad6c057633f6ba177b9fcf83f3ab4b3805970da1cdefe756f5456ff9ed69a56cd47cfadffd79d8320a3e8c9d73522b7f613f2fe02bcd3aac19f5099b78 |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\libcueify.dll
| MD5 | 506d7cf2810e4d3ff7e50ee7c71b62d0 |
| SHA1 | aba5e009696554ca768211f2f906f00c81fa6a38 |
| SHA256 | a43722085c8c223aeefe3779bf3242cd69b1e80765ffce03d228c72dd2d6aae5 |
| SHA512 | 82965bd4b2263d878e99fe51d57f4895f036db847e14033224a8ba54c631a538d92e83aaa54f2eb1697ad4aff4a025017e06cc0d0f40f3e2909c920646de5fee |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\msvcp140_codecvt_ids.dll
| MD5 | 9e2c3f3f64d1dc9c9250b57e9aba9c65 |
| SHA1 | 01b5ba668fe14d1ef2cbc11f4c7b1e1637dd8191 |
| SHA256 | 72cf299b6202746283aa34a24a09e4a379f1c55b204c45051c25806831231d30 |
| SHA512 | cca38e3c51a1b9d94666208dac643d45cdf62845d9c4c9b00a92385d0a8237e1b4bfdf56627b2bd9a3a0207d9fbcf90aa6a2a8dab7b85fd84ce363b514e31f1f |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\msvcp140_atomic_wait.dll
| MD5 | b0b12a70523474dfa921cfab93b3b4d1 |
| SHA1 | b32bd6e6cee84d782c37a58837e5134614148ad7 |
| SHA256 | 5f7f53042fb676ce44b5ac727aad4b455406f468386002be58d0a921ab8e6b60 |
| SHA512 | 96c717a895100cf7b478746de71598c83c7c24689fdf0dc2d01db92acde9fc4cd73a28072654b32001302421e7c60edc0ea04a298a4fbf6790cd5542aa104fa9 |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\msvcp140_2.dll
| MD5 | e295254863c16050233c102baea803d9 |
| SHA1 | 4aed63d2e75c034569107564d9d62b30deaf7f78 |
| SHA256 | d4579c608880afefccdcaa40b392bca578c7d29a1fa2bec592e2fa5615e598a8 |
| SHA512 | f68161e8913d91fb9d66c7514889cb6e73b98bbfa4840200c32915d3620ea3904a2e869d160c079b33ec307a8a9507149db648b22931f28c31ada202e7bfce5e |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\msvcp140_1.dll
| MD5 | be0a66fb57f23c904f3ed2bb14dac688 |
| SHA1 | 78dbb1de942f35e81154339ae1e8e4cedc2e5dad |
| SHA256 | 6599ae8785f4ce2fe28ceb2c313e418ae690a72bbff74d120f8c8f54cf7ff7f3 |
| SHA512 | d23d03e8c89cada02734331337cf8a86b7ae26b03c6ee0515855061efecfd093663a96a4115b1f6614f3304cd32b45ebfeb65dada11cdd1a468c8026e870106b |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\vcomp140.dll
| MD5 | 5135a292d5762ecc7577b90fbf4189eb |
| SHA1 | 7f9c0c4a1f08e458857bebd1bbcd84b8f6d0b7d0 |
| SHA256 | def922f1fce75c46765e04daa5a598e77c941f001481da9f0dc9b47ca8570a8e |
| SHA512 | fa3cd95cec8a73fc560f536e9c7e41cea7af6b96258e1381a2a140f9b609be7cd7843da849977b436beb9760924a5b70d97373c0816f4fd56f501d5f4fd511ff |
C:\Users\Admin\AppData\Local\Temp\eccbd1059c11c11329dc1f625b6afd2d\ucrtbase.dll
| MD5 | 849959a003fa63c5a42ae87929fcd18b |
| SHA1 | d1b80b3265e31a2b5d8d7da6183146bbd5fb791b |
| SHA256 | 6238cbfe9f57c142b75e153c399c478d492252fda8cb40ee539c2dcb0f2eb232 |
| SHA512 | 64958dabdb94d21b59254c2f074db5d51e914ddbc8437452115dff369b0c134e50462c3fdbbc14b6fa809a6ee19ab2fb83d654061601cc175cddcb7d74778e09 |
memory/5636-96-0x0000000000400000-0x000000000064A000-memory.dmp
memory/5636-97-0x000000007498E000-0x000000007498F000-memory.dmp
memory/5636-98-0x00000000061D0000-0x0000000006776000-memory.dmp
memory/5636-100-0x0000000074980000-0x0000000075131000-memory.dmp
memory/5636-101-0x00000000059D0000-0x0000000005A36000-memory.dmp
memory/5636-102-0x0000000074980000-0x0000000075131000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-20 09:57
Reported
2024-11-20 10:03
Platform
win10v2004-20241007-en
Max time kernel
270s
Max time network
204s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ab1d9672ee1938b18f747ca12ae0afd9\Image.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ab1d9672ee1938b18f747ca12ae0afd9\Image.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ab1d9672ee1938b18f747ca12ae0afd9\Image.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ab1d9672ee1938b18f747ca12ae0afd9\Image.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ab1d9672ee1938b18f747ca12ae0afd9\Image.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ab1d9672ee1938b18f747ca12ae0afd9\Image.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1352 wrote to memory of 2476 | N/A | C:\Users\Admin\AppData\Local\Temp\Image_processed_by_Vidnoz.png⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀��.exe | C:\Users\Admin\AppData\Local\Temp\ab1d9672ee1938b18f747ca12ae0afd9\Image.exe |
| PID 1352 wrote to memory of 2476 | N/A | C:\Users\Admin\AppData\Local\Temp\Image_processed_by_Vidnoz.png⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀��.exe | C:\Users\Admin\AppData\Local\Temp\ab1d9672ee1938b18f747ca12ae0afd9\Image.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Image_processed_by_Vidnoz.png⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀��.exe
"C:\Users\Admin\AppData\Local\Temp\Image_processed_by_Vidnoz.png⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀��.exe"
C:\Users\Admin\AppData\Local\Temp\ab1d9672ee1938b18f747ca12ae0afd9\Image.exe
C:\Users\Admin\AppData\Local\Temp\ab1d9672ee1938b18f747ca12ae0afd9\Image.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\ab1d9672ee1938b18f747ca12ae0afd9\Image.exe
| MD5 | 25ab75a586f4b22ebae81e74b20bfee9 |
| SHA1 | 97f52704adbbd42f1c6415f565241ba1521c450f |
| SHA256 | 14a4044215f341ba1ece3e49d475e309749b65c8959f2724d26209ed705a225a |
| SHA512 | cfa18fcccdeb95450f9ddb24dd620edca3faec765d339395884bcd2369783e37fd41ab3923a2d7439512670eb9389555dfc5a72adb725c818d2a5f4ea5154f7c |
C:\Users\Admin\AppData\Local\Temp\ab1d9672ee1938b18f747ca12ae0afd9\Qt5Core.dll
| MD5 | 81dfc4d19287e5a20ea735c996f31e79 |
| SHA1 | 4549705d9577d8412650e75a450b87b6f41d6bda |
| SHA256 | 9bf148b63984bda3e68c853064974661b191adaa38a813d722ed0c6e843e92b5 |
| SHA512 | 5283d91d17ea63229159e7a8c3765369fd08334084c0cb89aacae6087c186b7af8bbc5f05b2d690f93fb76c8336e120fae3f6ff6bb05a86a8e010c7de38e4fd0 |
C:\Users\Admin\AppData\Local\Temp\ab1d9672ee1938b18f747ca12ae0afd9\MSVCP140.dll
| MD5 | 29c6c243cfb1cec96b4a1008274f9600 |
| SHA1 | c54b10ef6305cc3814c68e6c8fd6daecbb27622a |
| SHA256 | 44a5af24f8d5f9c50a9e5a200a0486100afb6a0e86377e2e3e622a7bbb57cb04 |
| SHA512 | 39c34554ea7b6d433c2aecfdeff87959e625e943bf7a446ebca8e5878eaf24198c1b188359a0343fb78478f2bc8b986ca4d0e69d39bac6ff80cb901fe4f113ee |
C:\Users\Admin\AppData\Local\Temp\ab1d9672ee1938b18f747ca12ae0afd9\vcruntime140_1.dll
| MD5 | d8d1a08176ba2542c58669c1c04da1b7 |
| SHA1 | e0d0059baf23fb5e1d2dadedc12e2f53c930256d |
| SHA256 | 26c29d01df73a8e35d32e430c892d925abb6e4ad62d3630ae42b69daacba1a0d |
| SHA512 | 5308790fbcf6348e87e7d5b9235ed66942527326f7ba556c910d68d94617bdd247a4ed540b4b9f8d4e73d15cf4a7204c0a57d4fd348ec26e53f39b91be8617fb |
C:\Users\Admin\AppData\Local\Temp\ab1d9672ee1938b18f747ca12ae0afd9\vcruntime140.dll
| MD5 | 02794a29811ba0a78e9687a0010c37ce |
| SHA1 | 97b5701d18bd5e25537851614099e2ffce25d6d8 |
| SHA256 | 1729421a22585823493d5a125cd43a470889b952a2422f48a7bc8193f5c23b0f |
| SHA512 | caf2a478e9c78c8e93dd2288ed98a9261fcf2b7e807df84f2e4d76f8130c2e503eb2470c947a678ac63e59d7d54f74e80e743d635428aa874ec2d06df68d0272 |