44306eb6a8066a67b70e1b31b0b86fb920e7284ee805ebe30b7c5b96fc0c33d2 | Triage

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 11:27

Sharing

Report Analysis Logs

General

Target

44306eb6a8066a67b70e1b31b0b86fb920e7284ee805ebe30b7c5b96fc0c33d2.png
Size

2KB
MD5

63cf560de02b8d956a552bd7372ffa11
SHA1

f2526bdfa227145d790ecb0cbf9f4c63d8b31074
SHA256

44306eb6a8066a67b70e1b31b0b86fb920e7284ee805ebe30b7c5b96fc0c33d2
SHA512

142dbca9062956e443c2f6e8224c9617f0187600f13c8dff73e91f8a9befa93ac1b8b8a13645790b121f37557de551043c892b35f339c4b224e41fee8eb82b24

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1976	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\44306eb6a8066a67b70e1b31b0b86fb920e7284ee805ebe30b7c5b96fc0c33d2.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:1976

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1976-54-0x000007FEFC511000-0x000007FEFC513000-memory.dmp

Filesize
8KB

Download