Overview

overview

3

Static

static

60a4635661...e9.png

windows7-x64

3

60a4635661...e9.png

windows10-2004-x64

3

Analysis

  • max time kernel
    53s
  • max time network
    32s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 07:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    60a4635661f7d62845ba992e9d81ffddb458f7c3d10b47e8df8987a40fc2aee9.png

  • Size

    4KB

  • MD5

    03fee0f4fd85a17d7da20691eec55f52

  • SHA1

    7c4f85f75b5681c2eca285a05b759638091e3b44

  • SHA256

    60a4635661f7d62845ba992e9d81ffddb458f7c3d10b47e8df8987a40fc2aee9

  • SHA512

    7397092bac9797e7827e1d79b812c30acccced89ca144116862245a65a1893ea57873a9d60675e495b26c36322d74c89e423b7150c620ca1d1e52278cf71bbc8

  • SSDEEP

    96:BUa37fS4EhR6J1LoAvJpyNXpvLAwLUFGr2FKrQNH0q8Y:BUyqRiJ1LFqN+wrKKrUD8Y

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\60a4635661f7d62845ba992e9d81ffddb458f7c3d10b47e8df8987a40fc2aee9.png
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:848

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/848-54-0x000007FEFC4E1000-0x000007FEFC4E3000-memory.dmp

    Filesize

    8KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.