Overview

overview

10

Static

static

3

Release_18...al.exe

windows7-x64

10

Release_18...al.exe

windows10-2004-x64

10

Release_18...al.jpg

windows7-x64

1

Release_18...al.jpg

windows10-2004-x64

1

Release_18...32.dll

windows7-x64

3

Release_18...32.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    10/03/2025, 11:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Release_1807/Expediente de pruebas de infracción de propiedad intelectual.jpg

  • Size

    186.0MB

  • MD5

    f0d5d35fd26c65e42f4af8b610e2a051

  • SHA1

    c62969ec1dff803b9a76b50ae8565fbaa6713508

  • SHA256

    0b8533914e417a5c0ce2b58affa1a1923c0426d3ab2aa6cbf16a344d1172e7bd

  • SHA512

    762ed2a403395d3fed28f6e26599c70e7295a79c7cd92ec06650ffcf4f71f43034fe26f68ebda48459d1c00722438e4d015fb51974e5f3e878cb3cd23623ccdb

  • SSDEEP

    3145728:lP5we+ubm/Z/QpQWQPkIhmuMm9ul4u395zv0pm7+GEovGtmmIYuOJI3vzvIosQ:lP2etm/ZNkI0PmAl4uN7i4mmm2OJEjIm

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\Release_1807\Expediente de pruebas de infracción de propiedad intelectual.jpg"
    1⤵
      PID:2096
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:2560
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x474
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2520

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads