Loading... Additional Content is being loaded

Windows Analysis Report
BILL # 965415965285.jpg

Overview

General Information

Sample Name:	BILL # 965415965285.jpg
Analysis ID:	715099
MD5:	4eb6cc54e959e6d6b4f8d5f4723a3e7b
SHA1:	49b2179a34025829ea932f56bba5a14c8e9c70f0
SHA256:	0e24066d7f4fd81120add0e0833fe89b6adfe66d65187cb69c863f90b092a99b

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Queries the volume information (name, serial number etc) of a device

Creates files inside the system directory

Classification

Signatures

Creates files inside the system directory

Source: C:\Windows\SysWOW64\mspaint.exe

File created: C:\Windows\Debug\WIA

Jump to behavior

Source: C:\Windows\SysWOW64\mspaint.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\SysWOW64\mspaint.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{926749fa-2615-4987-8845-c33e65f2b957}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\mspaint.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: classification engine

Classification label: clean1.winJPG@1/0@0/0

Source: C:\Windows\SysWOW64\mspaint.exe

File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL

Jump to behavior

Source: BILL # 965415965285.jpg

Static file information: File size 1497856 > 1048576

Source: C:\Windows\SysWOW64\mspaint.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Source: C:\Windows\SysWOW64\mspaint.exe

Process information queried: ProcessInformation

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\SysWOW64\mspaint.exe

Queries volume information: C:\Users\user\Desktop\BILL # 965415965285.jpg VolumeInformation

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Name	Type	MD5	SHA1	SHA256

Creates files inside the system directory

Source: C:\Windows\SysWOW64\mspaint.exe

File created: C:\Windows\Debug\WIA

Jump to behavior

Source: C:\Windows\SysWOW64\mspaint.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\SysWOW64\mspaint.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{926749fa-2615-4987-8845-c33e65f2b957}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\mspaint.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: classification engine

Classification label: clean1.winJPG@1/0@0/0

Source: C:\Windows\SysWOW64\mspaint.exe

File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL

Jump to behavior

Source: BILL # 965415965285.jpg

Static file information: File size 1497856 > 1048576

Source: C:\Windows\SysWOW64\mspaint.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\mspaint.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Source: C:\Windows\SysWOW64\mspaint.exe

Process information queried: ProcessInformation

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\SysWOW64\mspaint.exe

Queries volume information: C:\Users\user\Desktop\BILL # 965415965285.jpg VolumeInformation

Jump to behavior