cd9d60ab504e15f67969adf51a4f642c2e37d0abf4c2080c11434788ecb37615

Analysis

max time kernel
872s
max time network
875s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
14/02/2023, 20:26

Target

image001.jpg
Size

7KB
MD5

b8264367703c680a2f4f0eac689ce34e
SHA1

d85dcd636a6e02d47bac3f58a7f050bb4bb3bf22
SHA256

9e164068650b2d271d285f6294a2fb9f7fdf88aff5e5d9a90e8c035eb0402a77
SHA512

8f73109a7fbba5f5d8f7f316169380f86a23a7b5bc8bcbf9ea6b51485d318ab86971a6ec9eaa3de1864b2925b493760315a91372f4a8bc2924455570c8e21477
SSDEEP

96:p2IEJrl48hV8Ab2wBTz3uxz3T+wumFjIzaPt5Cw30m87O25Rmhp61+XRXj11z:pBMHzPawNKDTfjIQ5nkFhjmhO+P1z

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1924	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\image001.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:1924

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1924-54-0x000007FEFB9C1000-0x000007FEFB9C3000-memory.dmp

Filesize
8KB

Download