Analysis

  • max time kernel
    120s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25-11-2024 11:19

General

  • Target

    cdautorun/PicasaCD.exe

  • Size

    1.8MB

  • MD5

    1905daa36ac5d7b30ed79a232766e510

  • SHA1

    60e0495a78513cda4959289ae3cdfb19c0e782f6

  • SHA256

    b96bf61562a551184301e26ae475d63421dc8f22c6ca574f12942439efd59023

  • SHA512

    379f5a389a7c5783ca9e08a46a08e4c526ab41104adf5e1ba61e50feb66a49dd8ba502952805e779382d5c7ab278971dbf9fbcf871497a6b48a0a256ea07d1bf

  • SSDEEP

    24576:slq+TZtG00f3GQgYHhDZRkPKIHJ4uyFte6diOcOyTBlfrD:MNTZ0VDVRkP3pediOcjTvfrD

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 20 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cdautorun\PicasaCD.exe
    "C:\Users\Admin\AppData\Local\Temp\cdautorun\PicasaCD.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2928
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2140

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads