Analysis
-
max time kernel
4294177s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20220310-en -
submitted
31-03-2022 04:57
General
-
Target
UID-.jpg
-
Size
180KB
-
MD5
fc5d6e90f071dd1a3f701d7e685ce4ce
-
SHA1
0d66494f4afd78fc5b63b26b88035ea73247c35f
-
SHA256
626067230f1a2e797ecb064d7e942fff7f20cbdefe41e55d19ccc27df96ca76a
-
SHA512
45141e98c558e74760346c42b0e977880bfec52dec819c359e612d8bc71ed422527ae40ae969ec886f4580b308b02c797f98537b6262e5e0b1128cead6ea41e8
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
Processes
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\UID-.jpg1⤵
- Suspicious use of FindShellTrayWindow
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1672-54-0x000007FEFBCC1000-0x000007FEFBCC3000-memory.dmpFilesize
8KB