Analysis
-
max time kernel
31s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
25-01-2023 11:50
Static task
static1
Behavioral task
behavioral1
Sample
3822C08E1584FCF3725BAD8CECE32F7AB0B2CE4031CE08CB9E4EF5EB3D22A714.msg
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
3822C08E1584FCF3725BAD8CECE32F7AB0B2CE4031CE08CB9E4EF5EB3D22A714.msg
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
image002.png
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
image002.png
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
image005.png
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
image005.png
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
image006.png
Resource
win7-20220901-en
Behavioral task
behavioral8
Sample
image006.png
Resource
win10v2004-20220812-en
General
-
Target
image005.png
-
Size
16KB
-
MD5
e2ba0ff53b131a4021305fe1fb180b64
-
SHA1
e1bc83057d3cd25ae7fbf8f04c02c266cbb134eb
-
SHA256
e77b875878cb422861e96c86ae5ad5737824a5cb626500467f33f2e02e662154
-
SHA512
288d6ce179a465981d9f286b3ab0348e97aa99b17e2032105aae04e0878f311400006b13a077d4e9f78bd51aa4fc99794ba9ff9bdb1868a72565a9829c3b7ee6
-
SSDEEP
384:OWgPDpOMBOQLLUWgJ4vq45/gojGe1SaBzDgo6lXaIEQ:OWgtvAXPyS4tgojb1Sahgouay
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
rundll32.exepid process 1308 rundll32.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1308-54-0x000007FEFB7F1000-0x000007FEFB7F3000-memory.dmpFilesize
8KB