Windows Analysis Report
7ASw97uLwOWnId-4R23XxVbAzQ0mid1ESUy4KWXADfo.png

Overview

General Information

Sample Name: 7ASw97uLwOWnId-4R23XxVbAzQ0mid1ESUy4KWXADfo.png
(renamed file extension from none to png, renamed because original name is a hash value)
Original Sample Name: 7ASw97uLwOWnId-4R23XxVbAzQ0mid1ESUy4KWXADfo
Analysis ID: 1345563
MD5: 7af523383a67d75244440dfab4a416c5
SHA1: 1b141ccf3958391f48ed0178c2fe1dd144597812
SHA256: ec04b0f7bb8bc0e5a721dfb8476dd7c556c0cd0d2689dd44494cb82965c00dfa

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Queries the volume information (name, serial number etc) of a device
Creates files inside the system directory

Classification

Creates files inside the system directory
Source: C:\Windows\SysWOW64\mspaint.exe File created: C:\Windows\Debug\WIA Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: classification engine Classification label: clean1.winPNG@1/1@0/0
Source: C:\Windows\SysWOW64\mspaint.exe File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Windows\SysWOW64\mspaint.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe Process information queried: ProcessInformation Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\SysWOW64\mspaint.exe Queries volume information: C:\Users\user\Desktop\7ASw97uLwOWnId-4R23XxVbAzQ0mid1ESUy4KWXADfo.png VolumeInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1345563 Sample: 7ASw97uLwOWnId-4R23XxVbAzQ0... Startdate: 21/11/2023 Architecture: WINDOWS Score: 1 4 mspaint.exe 1 3 2->4         started       
No contacted IP infos