05781583e80208267be31f913d547d6c7f635073cd7437ba12b5c7a25e906c30 | Triage

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/01/2023, 18:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

image003.png
Size

28KB
MD5

e1ede6717df4b1c377725280f7c14f7c
SHA1

f39e21e10a499b296b9c4864f2b8c1e91609a65d
SHA256

9ad58b20feb4074746aec764d3ee422ba03250f12e11cc579a648ad9028545f5
SHA512

63c99badfb5dbd9ca88d7dd1dc8768068db05efaf473821eea6af808bcc07dbdce185b89b97c57d034e480806392b15e03689935ada1f99961924cdb40d13a1e
SSDEEP

768:JI/6WvXbkDXmGhXruUoPUproJpAoAgs6QF087:JIoaGhXrzoIoJpAej87

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2016	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\image003.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:2016

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2016-54-0x000007FEFB9C1000-0x000007FEFB9C3000-memory.dmp

Filesize
8KB

Download