Analysis
-
max time kernel
12s -
max time network
14s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20250113-en -
resource tags
-
submitted
24-01-2025 06:13
General
-
Target
DexLogo.png
-
Size
104KB
-
MD5
3c996b6f3a892ca41e22b203714c21b2
-
SHA1
45a2af707f4f93196f05a0c30db044e14b0698bb
-
SHA256
0ac8093eb7a5cad5f85c462be90ab5c33a093490e3118f1d98846fd5bffee686
-
SHA512
68f4162e0d9e18f39687d14babc4cb4e63b422dc8295f2a0bc37d8fc0dd3b72889b1e9fdb99a92c17714518081b7471a3371ea921bd8769a162c5ec498960798
-
SSDEEP
1536:S9ISS5AVuCkdD3v5ytq3s7uhrQmxxZOeIBEr9UiyV:S9IltCwf5cqgO02xZwEZWV
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\DexLogo.png1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\mspaint.exe"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\DexLogo.png"2⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService1⤵