3da1cb0608f3709bf1331c4088fb258daf0200740b9b67afc6eec68a7f4b111a | Triage

Resubmissions

28-11-2022 19:20

221128-x14m5sad69 10

28-11-2022 13:53

221128-q6zg2sgg66 10

Analysis

max time kernel
597s
max time network
635s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
28-11-2022 19:20

Sharing

Report Analysis Logs

General

Target

peseta/opalescent.jpg
Size

26KB
MD5

e5f0f548e522f0ae14c10f7cf6d41b54
SHA1

c8271a2b42226a45b9c70137f1bc69b432b6e65f
SHA256

5fe310354508efaf34d2da0af9b1c2e61e6b1d785698f7ca98fb85ed1a565618
SHA512

cfefce9b846979d5b1f5dcc5cbae5709073dfb81928e85fc763f267cceb74a3602c8255575b847fceed9b45d667632f880b8c0fe3e29723321db7b5369936ab4
SSDEEP

768:L3AonmQfsXxbWpb+3GpKzdJlVwej22gyUjR:bAOmQfDbeeK9OeayUjR

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

rundll32.exe

pid process

1724 rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\peseta\opalescent.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:1724

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1724-54-0x000007FEFC201000-0x000007FEFC203000-memory.dmp

Filesize
8KB

Download