Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
23-11-2022 09:48
General
-
Target
Wvnnidru.bmp
-
Size
2.1MB
-
MD5
aff7f1e33647fab087d3e786a5b37daa
-
SHA1
935df62ce1567e02d7b6604b559d37eaa5c32c63
-
SHA256
07e699981daaca11fcde824dde139152a506e111c578893c6c3afb1916c85462
-
SHA512
50eb29f557e7debf1fce43ff9b21cd7323371373ce5d808b77a0b04f3989b94a9da101b2c867f86f730bed2416ded5ecd28627d5662d871106b9e474991ab04e
-
SSDEEP
24576:G5W1ixGx2xR8rwcKlaOgIRiSGX5BIC1wkt6qzLReHxOka3XrpXjJA/FWfAbJWXWz:zUrre5b3ooqa9tamW/MxwqM2JG8o
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 2 IoCs
Processes
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\Wvnnidru.bmp1⤵
- Suspicious use of FindShellTrayWindow
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB