cc36161b6d8ea29528bed7d5883ad260cfc8d8e32825938c52e93c1a495c355b

Submit
Reports

Overview

overview

Static

static

picasa39-setup.exe

windows7-x64

picasa39-setup.exe

windows10-2004-x64

$PLUGINSDI...de.dll

windows7-x64

$PLUGINSDI...de.dll

windows10-2004-x64

$PLUGINSDI...ls.dll

windows7-x64

$PLUGINSDI...ls.dll

windows10-2004-x64

$PLUGINSDI...em.dll

windows7-x64

$PLUGINSDI...em.dll

windows10-2004-x64

$PLUGINSDI...gs.dll

windows7-x64

$PLUGINSDI...gs.dll

windows10-2004-x64

$SYSDIR/GPhotos.scr

windows7-x64

$SYSDIR/GPhotos.scr

windows10-2004-x64

MovieThumb.exe

windows7-x64

MovieThumb.exe

windows10-2004-x64

Picasa3.exe

windows7-x64

Picasa3.exe

windows10-2004-x64

Picasa3i18n.dll

windows7-x64

Picasa3i18n.dll

windows10-2004-x64

PicasaPhotoViewer.exe

windows7-x64

PicasaPhotoViewer.exe

windows10-2004-x64

cdautorun/...sa.url

windows7-x64

cdautorun/...sa.url

windows10-2004-x64

cdautorun/...pector

macos-10.15-amd64

cdautorun/...urces/

macos-10.15-amd64

cdautorun/...deshow

macos-10.15-amd64

cdautorun/...pector

macos-10.15-amd64

cdautorun/.../Repor

macos-10.15-amd64

cdautorun/...estore

macos-10.15-amd64

cdautorun/...ts.ps1

windows7-x64

cdautorun/...ts.ps1

windows10-2004-x64

cdautorun/...CD.exe

windows7-x64

cdautorun/...CD.exe

windows10-2004-x64

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 11:19

Sharing

Copy URL

Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

picasa39-setup.exe

Resource

win7-20241010-en

discovery

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

picasa39-setup.exe

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

14 signatures

150 seconds

Behavioral task

behavioral3

Sample

$PLUGINSDIR/NSIS_Picasa_Unicode.dll

Resource

win7-20241023-en

discovery

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral4

Sample

$PLUGINSDIR/NSIS_Picasa_Unicode.dll

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral5

Sample

$PLUGINSDIR/StdUtils.dll

Resource

win7-20240903-en

discovery

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral6

Sample

$PLUGINSDIR/StdUtils.dll

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral7

Sample

$PLUGINSDIR/System.dll

Resource

win7-20240903-en

discovery

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral8

Sample

$PLUGINSDIR/System.dll

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral9

Sample

$PLUGINSDIR/nsDialogs.dll

Resource

win7-20240903-en

discovery

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral10

Sample

$PLUGINSDIR/nsDialogs.dll

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral11

Sample

$SYSDIR/GPhotos.scr

Resource

win7-20241010-en

discovery

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral12

Sample

$SYSDIR/GPhotos.scr

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral13

Sample

MovieThumb.exe

Resource

win7-20241010-en

discovery

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral14

Sample

MovieThumb.exe

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral15

Sample

Picasa3.exe

Resource

win7-20240903-en

discovery

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral16

Sample

Picasa3.exe

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral17

Sample

Picasa3i18n.dll

Resource

win7-20240903-en

discovery

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral18

Sample

Picasa3i18n.dll

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral19

Sample

PicasaPhotoViewer.exe

Resource

win7-20240708-en

discovery

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral20

Sample

PicasaPhotoViewer.exe

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral21

Sample

cdautorun/Download Picasa.url

Resource

win7-20240729-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

cdautorun/Download Picasa.url

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

cdautorun/Picasa CD Slideshow.app/Contents/Frameworks/GoogleBreakpad.framework/Versions/A/Resources/Inspector

Resource

macos-20241101-en

evasion

macos-10.15-amd64

1 signatures

150 seconds

Behavioral task

behavioral24

Sample

cdautorun/Picasa CD Slideshow.app/Contents/Frameworks/GoogleBreakpad.framework/Versions/A/Resources/

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

cdautorun/Picasa CD Slideshow.app/Contents/MacOS/Picasa CD Slideshow

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

cdautorun/Picasa Restore.app/Contents/Frameworks/GoogleBreakpad.framework/Versions/A/Resources/Inspector

Resource

macos-20241106-en

evasion

macos-10.15-amd64

1 signatures

150 seconds

Behavioral task

behavioral27

Sample

cdautorun/Picasa Restore.app/Contents/Frameworks/GoogleBreakpad.framework/Versions/A/Resources/Repor

Resource

macos-20241106-en

evasion

macos-10.15-amd64

1 signatures

150 seconds

Behavioral task

behavioral28

Sample

cdautorun/Picasa Restore.app/Contents/MacOS/Picasa Restore

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

cdautorun/Picasa Restore.app/Contents/Resources/sv.lproj/PRMainMenu.nib/keyedobjects.ps1

Resource

win7-20241010-en

execution

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral30

Sample

cdautorun/Picasa Restore.app/Contents/Resources/sv.lproj/PRMainMenu.nib/keyedobjects.ps1

Resource

win10v2004-20241007-en

execution

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral31

Sample

cdautorun/PicasaCD.exe

Resource

win7-20240903-en

discovery

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral32

Sample

cdautorun/PicasaCD.exe

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

4 signatures

150 seconds

Report Analysis Logs

General

Target

$SYSDIR/GPhotos.scr
Size

4.4MB
MD5

404c6c3c3a59784456da52660f86c52b
SHA1

b3917505f1374e002e480b0f9684945c57b73a98
SHA256

7479d71a52d7a638fe6cd6d0e494b8a6cacd8a5cb04a3ebe8d95dd30023901dc
SHA512

9b997a67b91b16d365c94f102e4d12fb313593cf4c444fbaa7f2d2d1e882659b03b8199de6eff9ea65c2a3fa9d646bb2ecec4c952e99da6f96fcef3af11ca256
SSDEEP

98304:zZm/RKAjTcGEPdnHbLXt/34smaZmaRME9i5:zZmJEL9PJmaZma

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

GPhotos.scr

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GPhotos.scr

Processes

C:\Users\Admin\AppData\Local\Temp\$SYSDIR\GPhotos.scr
"C:\Users\Admin\AppData\Local\Temp\$SYSDIR\GPhotos.scr" /S
1⤵
- System Location Discovery: System Language Discovery
PID:2324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads