download: | Muca-1.jpg |
Full analysis: | https://app.any.run/tasks/2f341833-337d-4f92-a976-4b38beb3634a |
Verdict: | Malicious activity |
Analysis date: | September 30, 2020, 11:02:17 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | image/jpeg |
File info: | JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, comment: "Created with GIMP", progressive, precision 8, 565x524, frames 3 |
MD5: | 50EBF6EC604994236A0124A00860EBDA |
SHA1: | FBFD0EC0A30FA714A137BDE66FDF8869B9604B64 |
SHA256: | 16D77B9F75ABF4C19A50616E2A621AB07FFD8C089D7886464789A4F21D1A1DA4 |
SSDEEP: | 1536:5HZOqRPxmB9r4fmEm674eD3Uunx50j06fUz4km4rCOKkzmDptjkWu0:asPxmumLKpnxK06Qm42OxzmDTAC |
.jpg | | | JFIF JPEG bitmap (38.1) |
---|---|---|
.jpg | | | JPEG bitmap (28.5) |
.mp3 | | | MP3 audio (ID3 v1.x tag) (23.8) |
.mp3 | | | MP3 audio (9.5) |
Megapixels: | 0.296 |
---|---|
ImageSize: | 565x524 |
DeviceModelDesc: | sRGB |
---|---|
DeviceMfgDesc: | GIMP |
ChromaticityChannel3: | 0.15001 0.06 |
ChromaticityChannel2: | 0.3 0.60001 |
ChromaticityChannel1: | 0.64 0.33002 |
ChromaticityColorant: | Unknown (0) |
ChromaticityChannels: | 3 |
BlueTRC: | (Binary data 32 bytes, use -b option to extract) |
GreenTRC: | (Binary data 32 bytes, use -b option to extract) |
RedTRC: | (Binary data 32 bytes, use -b option to extract) |
GreenMatrixColumn: | 0.38512 0.7169 0.09706 |
BlueMatrixColumn: | 0.14305 0.06061 0.71393 |
RedMatrixColumn: | 0.43604 0.22249 0.01392 |
ChromaticAdaptation: | 1.04788 0.02292 -0.05022 0.02959 0.99048 -0.01707 -0.00925 0.01508 0.75168 |
MediaWhitePoint: | 0.9642 1 0.82491 |
ProfileCopyright: | Public Domain |
ProfileDescription: | GIMP built-in sRGB |
ProfileID: | - |
ProfileCreator: | lcms |
ConnectionSpaceIlluminant: | 0.9642 1 0.82491 |
RenderingIntent: | Perceptual |
DeviceAttributes: | Reflective, Glossy, Positive, Color |
DeviceModel: | - |
DeviceManufacturer: | - |
CMMFlags: | Not Embedded, Independent |
PrimaryPlatform: | Microsoft Corporation |
ProfileFileSignature: | acsp |
ProfileDateTime: | 2020:04:21 08:37:22 |
ProfileConnectionSpace: | XYZ |
ColorSpaceData: | RGB |
ProfileClass: | Display Device Profile |
ProfileVersion: | 4.3.0 |
ProfileCMMType: | lcms |
YResolution: | 300 |
---|---|
XResolution: | 300 |
ResolutionUnit: | inches |
JFIFVersion: | 1.01 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2128 | "C:\Windows\System32\rundll32.exe" "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\admin\AppData\Local\Temp\Muca-1.jpg | C:\Windows\System32\rundll32.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3292 | "C:\Windows\System32\NOTEPAD.EXE" C:\Users\admin\Desktop\bla.bat | C:\Windows\System32\NOTEPAD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2292 | cmd /c ""C:\Users\admin\Desktop\bla.bat" " | C:\Windows\system32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3792 | cmd.exe | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
580 | cmd.exe | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
340 | cmd.exe | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
308 | cmd.exe | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1516 | cmd.exe | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3732 | cmd.exe | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2700 | cmd.exe | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
(PID) Process: | — | Key: | HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication |
Operation: | write | Name: | Name |
Value: rundll32.exe | |||
(PID) Process: | — | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows Photo Viewer\Viewer |
Operation: | write | Name: | MainWndPos |
Value: 6000000034000000A00400008002000000000000 | |||
(PID) Process: | (3292) NOTEPAD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Notepad |
Operation: | write | Name: | iWindowPosX |
Value: 154 | |||
(PID) Process: | (3292) NOTEPAD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Notepad |
Operation: | write | Name: | iWindowPosY |
Value: 154 | |||
(PID) Process: | (3292) NOTEPAD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Notepad |
Operation: | write | Name: | iWindowPosDX |
Value: 960 | |||
(PID) Process: | (3292) NOTEPAD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Notepad |
Operation: | write | Name: | iWindowPosDY |
Value: 501 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3292 | NOTEPAD.EXE | C:\Users\admin\Desktop\bla.bat | text | |
MD5:26D6D715069E9A133713B657E22D1ECA | SHA256:9C4F32AF318FE4BAA4269B42CD45D8533C7582493304BBA902F5BD02620969C9 |