File name:

image-webp-attachment.webp

Full analysis: https://app.any.run/tasks/86e3167f-4b43-472c-a11c-63a581d44cf4
Verdict: No threats detected
Analysis date: September 03, 2020, 12:20:13
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: image/webp
File info: RIFF (little-endian) data, Web/P image
MD5:

D56DF442FEFDA1588A000CAC63947944

SHA1:

467D4B7C7120037C5CDC60EC1E86DCEE6F8E27FF

SHA256:

E7681F63E3FF38115405E86CF95CDD509133AA0EF0651F47F266E208A10173F8

SSDEEP:

48:IjIl/XuulcKIg4csEixgtC4CMdL4eiofbVcZSbQfbpe2cfnLM:Icl/Xu1g4cxixgtC4CMGoBcZjc2cvLM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.webp | WebP bitmap (50)

EXIF

RIFF

VP8Version: 0 (bicubic reconstruction, normal loop)
ImageWidth: 130
HorizontalScale: -
ImageHeight: 39
VerticalScale: -

ICC_Profile

ProfileCMMType: lcms
ProfileVersion: 2.1.0
ProfileClass: Display Device Profile
ColorSpaceData: RGB
ProfileConnectionSpace: XYZ
ProfileDateTime: 2018:03:20 09:14:29
ProfileFileSignature: acsp
PrimaryPlatform: Microsoft Corporation
CMMFlags: Not Embedded, Independent
DeviceManufacturer: saws
DeviceModel: ctrl
DeviceAttributes: Reflective, Glossy, Positive, Color
RenderingIntent: Perceptual
ConnectionSpaceIlluminant: 0.9642 1 0.82491
ProfileCreator: hand
ProfileID: 9d91003d4080b03d40742c819ea5228e
ProfileDescription: uRGB
ProfileCopyright: CC0
MediaWhitePoint: 0.9505 1 1.089
RedMatrixColumn: 0.43604 0.22244 0.0139
GreenMatrixColumn: 0.3851 0.71693 0.09708
BlueMatrixColumn: 0.14307 0.06062 0.71393
RedTRC: (Binary data 96 bytes, use -b option to extract)
GreenTRC: (Binary data 96 bytes, use -b option to extract)
BlueTRC: (Binary data 96 bytes, use -b option to extract)

Composite

ImageSize: 130x39
Megapixels: 0.005
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
1
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start rundll32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1132"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Temp\image-webp-attachment.webpC:\Windows\system32\rundll32.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
Total events
44
Read events
30
Write events
14
Delete events
0

Modification events

(PID) Process:(1132) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Program Files\Google\Chrome\Application\chrome.exe
Value:
Google Chrome
(PID) Process:(1132) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Value:
Adobe Acrobat Reader DC
(PID) Process:(1132) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Windows\eHome\ehshell.exe
Value:
Windows Media Center
(PID) Process:(1132) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Windows\system32\mspaint.exe
Value:
Paint
(PID) Process:(1132) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Windows\system32\NOTEPAD.EXE
Value:
Notepad
(PID) Process:(1132) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\PROGRA~1\MICROS~1\Office14\OIS.EXE
Value:
Microsoft Office 2010
(PID) Process:(1132) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Program Files\Opera\Opera.exe
Value:
Opera Internet Browser
(PID) Process:(1132) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Program Files\Windows Photo Viewer\PhotoViewer.dll
Value:
Windows Photo Viewer
(PID) Process:(1132) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Program Files\VideoLAN\VLC\vlc.exe
Value:
VLC media player
(PID) Process:(1132) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Value:
Microsoft Word
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
image-webp-attachment.webp