ea21176ce1adc715a5938555f127b9bb397aa05f62f389ac0bd02f1f8b449370 | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30-09-2022 20:03

Sharing

Report Analysis Logs

General

Target

Password.HERE.jpg
Size

2KB
MD5

b364a2257ab7db077315e62596501546
SHA1

71f6b6379f9e160eb67dbc6940d73b33d3f69b93
SHA256

8884f7ba74500a91e09c20f279f2f97480efa450df10712ea3f46ec2c21836af
SHA512

a7a27e46144784be164df45e37de36cbe28f8fd251c18c9c81c458c4a6450926690a0311933ac291bb8bf3d16acbe29ef215a2f49b637422a7bd318046668ced

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

rundll32.exe

pid process

1884 rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\Password.HERE.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:1884

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1884-54-0x000007FEFB5C1000-0x000007FEFB5C3000-memory.dmp

Filesize
8KB

Download