dafa62260b8f61cb5d22c73cdc74c43a8c427bc28de420fb33a08f0f312b0b6d | Triage

Analysis

max time kernel
104s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
17/03/2025, 00:50

Sharing

Report Analysis Logs

General

Target

juicewrld.jpg
Size

152KB
MD5

5252a0128845849d952cec74c84cbee7
SHA1

2c5fce854b92be89c8ac62ba8ae136cdd1029307
SHA256

dafa62260b8f61cb5d22c73cdc74c43a8c427bc28de420fb33a08f0f312b0b6d
SHA512

416e886bdf9072682c070a7ef8cfa400815807c8711242e55fc7dd27628156f84cd31fa8c6b66767de4e399cdf5b7c7a139add6180a64ac9f7ff944c79d4a02e
SSDEEP

3072:SMLL+MWEsIWEovj1GIliHyAHTZ5Vh2sVlv/+Ho8y+H:SM1WEiUI27Vwsrv/s3H

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5384	mspaint.exe
5384	mspaint.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
5384	mspaint.exe
5384	mspaint.exe
5384	mspaint.exe
5384	mspaint.exe

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\juicewrld.jpg"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5384

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:2984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads