| File name: | Quote#W2005750.img |
| Full analysis: | https://app.any.run/tasks/a8f4e019-bd24-4201-8967-e77c4f3ec8e0 |
| Verdict: | Malicious activity |
| Analysis date: | April 25, 2019, 07:37:35 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | application/x-iso9660-image |
| File info: | UDF filesystem data (version 1.5) 'PDF' |
| MD5: | 3286A2F168957B52196FC8043A46E1C3 |
| SHA1: | AA9D25508EF30FD1745DFF13BB2DB04EEE814F70 |
| SHA256: | 87601D60E0864BF7242EB9A04BC16B563281B7D0ADF94C7733D78E76EF609645 |
| SSDEEP: | 24576:DAHnh+eWsN3skA4RV1Hom2KXMmHau9p7n4lhzFCfSWf6cFzm5:Oh+ZkldoPK8Yau9RnDJI |
MALICIOUS
No malicious indicators.SUSPICIOUS
Application launched itself
- explorer.exe (PID: 2904)
- explorer.exe (PID: 2280)
- explorer.exe (PID: 3532)
- explorer.exe (PID: 1712)
- explorer.exe (PID: 2480)
- explorer.exe (PID: 1232)
- explorer.exe (PID: 1452)
- explorer.exe (PID: 2612)
- explorer.exe (PID: 3920)
- explorer.exe (PID: 2084)
- explorer.exe (PID: 3848)
- explorer.exe (PID: 2140)
- explorer.exe (PID: 3452)
- explorer.exe (PID: 2172)
- explorer.exe (PID: 296)
- explorer.exe (PID: 4916)
- explorer.exe (PID: 2768)
- explorer.exe (PID: 4500)
- explorer.exe (PID: 4068)
- explorer.exe (PID: 5196)
- explorer.exe (PID: 1476)
- explorer.exe (PID: 6108)
- explorer.exe (PID: 4684)
- explorer.exe (PID: 6140)
- explorer.exe (PID: 4312)
- explorer.exe (PID: 4452)
- explorer.exe (PID: 5628)
- explorer.exe (PID: 5320)
- explorer.exe (PID: 4456)
- explorer.exe (PID: 1244)
- explorer.exe (PID: 636)
- explorer.exe (PID: 5660)
- explorer.exe (PID: 4276)
- explorer.exe (PID: 4504)
- explorer.exe (PID: 4816)
- explorer.exe (PID: 4216)
- explorer.exe (PID: 3400)
- explorer.exe (PID: 3948)
- explorer.exe (PID: 2236)
- explorer.exe (PID: 4168)
- explorer.exe (PID: 3300)
- explorer.exe (PID: 5392)
- explorer.exe (PID: 5916)
- explorer.exe (PID: 5652)
- explorer.exe (PID: 6100)
- explorer.exe (PID: 4788)
- explorer.exe (PID: 4100)
- explorer.exe (PID: 4228)
- explorer.exe (PID: 1040)
- explorer.exe (PID: 4328)
- explorer.exe (PID: 2892)
- explorer.exe (PID: 3308)
- explorer.exe (PID: 4672)
- explorer.exe (PID: 5288)
- explorer.exe (PID: 2444)
- explorer.exe (PID: 5856)
- explorer.exe (PID: 5932)
- explorer.exe (PID: 3784)
- explorer.exe (PID: 1540)
- explorer.exe (PID: 6112)
- explorer.exe (PID: 3860)
- explorer.exe (PID: 2664)
- explorer.exe (PID: 2952)
- explorer.exe (PID: 456)
- explorer.exe (PID: 2128)
- explorer.exe (PID: 2188)
- explorer.exe (PID: 3488)
- explorer.exe (PID: 4008)
- explorer.exe (PID: 3376)
- explorer.exe (PID: 3360)
- explorer.exe (PID: 4028)
- explorer.exe (PID: 3096)
- explorer.exe (PID: 1464)
- explorer.exe (PID: 1160)
- explorer.exe (PID: 2500)
- explorer.exe (PID: 2408)
- explorer.exe (PID: 900)
- explorer.exe (PID: 2716)
- explorer.exe (PID: 3732)
- explorer.exe (PID: 6060)
- explorer.exe (PID: 4460)
- explorer.exe (PID: 4116)
- explorer.exe (PID: 4560)
- explorer.exe (PID: 5948)
- explorer.exe (PID: 2856)
INFO
Modifies the open verb of a shell class
- rundll32.exe (PID: 1792)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .iso | | | ISO 9660 CD image (27.6) |
|---|---|---|
| .atn | | | Photoshop Action (27.1) |
| .gmc | | | Game Music Creator Music (6.1) |
EXIF
ISO
| VolumeName: | |
|---|---|
| VolumeBlockCount: | 1028 |
| VolumeBlockSize: | 2048 |
| RootDirectoryCreateDate: | 2019:04:24 18:12:25-07:00 |
| VolumeSetName: | UNDEFINED |
| Software: | IMGBURN V2.5.8.0 - THE ULTIMATE IMAGE BURNER! |
| VolumeCreateDate: | 2019:04:24 18:12:25.00-07:00 |
| VolumeModifyDate: | 2019:04:24 18:12:25.00-07:00 |
Composite
| VolumeSize: | 2.0 MB |
|---|
Total processes
350
Monitored processes
315
Malicious processes
0
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 128 | "C:\Windows\explorer.exe" "C:\Users\admin\AppData\Local\Temp\Quote#W2005750.img" | C:\Windows\explorer.exe | — | explorer.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 236 | "C:\Windows\explorer.exe" "C:\Users\admin\AppData\Local\Temp\Quote#W2005750.img" | C:\Windows\explorer.exe | — | explorer.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 296 | C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding | C:\Windows\explorer.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 320 | "C:\Windows\explorer.exe" "C:\Users\admin\AppData\Local\Temp\Quote#W2005750.img" | C:\Windows\explorer.exe | — | explorer.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 332 | C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding | C:\Windows\explorer.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 356 | C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding | C:\Windows\explorer.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 408 | C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding | C:\Windows\explorer.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 456 | C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding | C:\Windows\explorer.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 544 | "C:\Windows\explorer.exe" "C:\Users\admin\AppData\Local\Temp\Quote#W2005750.img" | C:\Windows\explorer.exe | — | explorer.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 560 | C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding | C:\Windows\explorer.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
Total events
10 592
Read events
10 197
Write events
392
Delete events
3
Modification events
| (PID) Process: | (1792) rundll32.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E |
| Operation: | write | Name: | LanguageList |
Value: en-US | |||
| (PID) Process: | (1792) rundll32.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E |
| Operation: | write | Name: | @C:\Windows\System32\isoburn.exe,-350 |
Value: Disc Image File | |||
| (PID) Process: | (1792) rundll32.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.img\OpenWithProgids |
| Operation: | write | Name: | Windows.IsoFile |
Value: | |||
| (PID) Process: | (1792) rundll32.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache |
| Operation: | write | Name: | LangID |
Value: 0904 | |||
| (PID) Process: | (1792) rundll32.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E |
| Operation: | write | Name: | @%SystemRoot%\System32\isoburn.exe,-352 |
Value: Windows Disc Image Burner | |||
| (PID) Process: | (1792) rundll32.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache |
| Operation: | write | Name: | C:\Windows\System32\isoburn.exe |
Value: Windows Disc Image Burner | |||
| (PID) Process: | (1792) rundll32.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache |
| Operation: | write | Name: | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
Value: Adobe Acrobat Reader DC | |||
| (PID) Process: | (1792) rundll32.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache |
| Operation: | write | Name: | C:\Windows\eHome\ehshell.exe |
Value: Windows Media Center | |||
| (PID) Process: | (1792) rundll32.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache |
| Operation: | write | Name: | C:\Program Files\Internet Explorer\iexplore.exe |
Value: Internet Explorer | |||
| (PID) Process: | (1792) rundll32.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache |
| Operation: | write | Name: | C:\Windows\system32\mspaint.exe |
Value: Paint | |||
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0
Dropped files
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report