Overview

overview

10

Static

static

3

Release_18...al.exe

windows7-x64

10

Release_18...al.exe

windows10-2004-x64

10

Release_18...al.jpg

windows7-x64

1

Release_18...al.jpg

windows10-2004-x64

1

Release_18...32.dll

windows7-x64

3

Release_18...32.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/03/2025, 11:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Release_1807/Expediente de pruebas de infracción de propiedad intelectual.jpg

  • Size

    186.0MB

  • MD5

    f0d5d35fd26c65e42f4af8b610e2a051

  • SHA1

    c62969ec1dff803b9a76b50ae8565fbaa6713508

  • SHA256

    0b8533914e417a5c0ce2b58affa1a1923c0426d3ab2aa6cbf16a344d1172e7bd

  • SHA512

    762ed2a403395d3fed28f6e26599c70e7295a79c7cd92ec06650ffcf4f71f43034fe26f68ebda48459d1c00722438e4d015fb51974e5f3e878cb3cd23623ccdb

  • SSDEEP

    3145728:lP5we+ubm/Z/QpQWQPkIhmuMm9ul4u395zv0pm7+GEovGtmmIYuOJI3vzvIosQ:lP2etm/ZNkI0PmAl4uN7i4mmm2OJEjIm

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Windows\system32\mspaint.exe
    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Release_1807\Expediente de pruebas de infracción de propiedad intelectual.jpg"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:4584
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
    1⤵
      PID:3740

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads