eb6451fa04b1bc6f37c12599fc57fd5cb7c9c120a0a60ce4a88578cf1a62208b | Triage

Analysis

max time kernel
3s
platform
windows7_x64
resource
win7-20221111-es
resource tags

arch:x64arch:x86image:win7-20221111-eslocale:es-esos:windows7-x64systemwindows
submitted
28/12/2022, 11:18

Sharing

Report Analysis Logs

General

Target

4dd605019a53c67696fa6ecd53185803.jpg
Size

125KB
MD5

104aca987f709afd447db86b4867b0b4
SHA1

9a9caf912597c99d709e8ea1a6e0da682284e256
SHA256

eb6451fa04b1bc6f37c12599fc57fd5cb7c9c120a0a60ce4a88578cf1a62208b
SHA512

14a6a81b4e02c07f30a4606b1e5382948e47383e9e68722153389a1a3212a184b3d863238c66342d79c5221bc3f43efa37b4002bf648f08f6240ed077d1a37bd
SSDEEP

3072:uhCxDUmSLe+leYs0SgtyOWwj2T9hUe3KZeiepGp:KCZEe+leYs0SgIvUediYGp

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
964	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\4dd605019a53c67696fa6ecd53185803.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:964

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/964-54-0x000007FEFBA01000-0x000007FEFBA03000-memory.dmp

Filesize
8KB

Download