8ea25999fe93b84c817faa74af0ad94f0c0064d8e28fba5fea17665c38695430 | Triage

Analysis

max time kernel
41s
max time network
43s
platform
windows7_x64
resource
win7-20220414-en
submitted
03-06-2022 04:28

Sharing

Report Analysis Logs

General

Target

Scan_282.jpg
Size

88KB
MD5

f9b2333cc7e93568486a672225f2dd69
SHA1

c0143893cd2461fb2dc2c84330c1bf469dc93c34
SHA256

7e3875bf31005d9d352d9b029e4364df19dccf6c77f16539ca974f224a30347c
SHA512

d30732aba584782ef2783f388ca9183f9c4b02ec6b3e8741a91fae152f2bae19b655a53d19fc2cdbf85a0da3621d0de6c50129435b6ba937a083416d2d22c7f1

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

rundll32.exe

pid process

1276 rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\Scan_282.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:1276

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1276-54-0x000007FEFC2F1000-0x000007FEFC2F3000-memory.dmp

Filesize
8KB

Download