d726bff07c66933fc869695c38e8a2784e7ebf0c46ef46b73451f1cc1c1feb51 | Triage

Analysis

max time kernel
17s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
15/03/2023, 00:59

Sharing

Report Analysis Logs

General

Target

11_Katie_Westwood_Gura_Pool_11.jpg
Size

883KB
MD5

dc9e8322d86add9c9f16ad22cb7d61a4
SHA1

251d47a3375fb5f0d8d149dc1e5282b6c9ebb6cb
SHA256

d726bff07c66933fc869695c38e8a2784e7ebf0c46ef46b73451f1cc1c1feb51
SHA512

bf49cb405a149b4598bcd048fcc5fd65e20c91ec03eb9b40ce2956aeeca99313f9dd50a37163afe09d22cc47418b71bc6a6d142a832a29be19c320cea542f1ba
SSDEEP

24576:UWGRvBQLmuF1sOUahM+eDRQncW0oNxVCk:lGZKLfm7YaRI0oQk

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1948	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\11_Katie_Westwood_Gura_Pool_11.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:1948

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1948-54-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/1948-55-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download