Resubmissions

27/01/2025, 14:59

250127-sctqtavkek 7

27/01/2025, 14:49

250127-r7d36stlct 7

27/01/2025, 14:44

250127-r4aatatjgz 7

Analysis

  • max time kernel
    93s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/01/2025, 14:44

General

  • Target

    2025 - Password.png

  • Size

    36KB

  • MD5

    eda1f48e234f2e45563fa6c54c4d6f6b

  • SHA1

    7c5266181b1ee1570769c74467c30249255c4bfc

  • SHA256

    a7204601c9afa820241cf153211375d96f0c2dafe0ec732f9ac1e80e93a05b32

  • SHA512

    e9efd4b4298a31b32dd303e50a6d2ddc9544f40bb61651e810eacc9c74f74c924d1694c93dd555c5dfdb3ee37d9afc297e8fc956b08d4a806fa088c18657853e

  • SSDEEP

    768:3r4xwH7zBYUedDBXZKb3mxLR6F8LPQ/8voA11111113111111/Na0t11/:38wve5BJhxEOo/8v9a6

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Windows\system32\mspaint.exe
    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\2025 - Password.png"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:624
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
    1⤵
      PID:1776

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads