fb2e466347b6a320ce7923193accfe2865a71833e3f28f82314528aaeff0124a | Triage

Analysis

max time kernel
60s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 21:30

Sharing

Report Analysis Logs

General

Target

assets/icon.png
Size

4KB
MD5

cbd39e2887dccc1598e94fbfeca1f122
SHA1

dc898b4667f73a951e11c45d72a169d2874eb0b6
SHA256

7cf6f531fd523066d4588c47ca4e2f066a797507fabd059a9de3c10245a05c59
SHA512

7dc887d57721153920eab7d4c50bf8d4b2f614a611e38685e52cc18d48e3f75438f1f9da5905c50b8d55903923ae12eee50470c2554755fe5a2940832bb002e5
SSDEEP

96:3SZqSVfWIuVS8TZecgEXcjkm8Bgf8XwC/V:3SZqkduVS+TXcjp0wa

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

rundll32.exe

pid process

1868 rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\assets\icon.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:1868

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1868-54-0x000007FEFBDE1000-0x000007FEFBDE3000-memory.dmp

Filesize
8KB

Download