9d9f28d468d6e002e6a2073a30d6c4210db85c57e081326448f5ef35d161ab71 | Triage

Analysis

max time kernel
29s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
21/03/2023, 13:51

Sharing

Report Analysis Logs

General

Target

image001.png
Size

1KB
MD5

3d8063a8b71aaeb8d70d78e498d32606
SHA1

53e9de05c8de86237559b1c48e0d144bfd8a03b7
SHA256

dcd5ef6d9a3d8d9c148e65e11e3de042d9582cc4fba38fc6527937f2df289f58
SHA512

d239647c8488eceaaafa89128a369109dde09cb03f671c3d2105689d1430a5a8770dd8d4656f4a53da773d2b4aad0c549776208345f75a8843f961baa490cc51

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1268	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\image001.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:1268

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1268-54-0x0000000001BD0000-0x0000000001BD1000-memory.dmp

Filesize
4KB

Download
memory/1268-55-0x0000000001BD0000-0x0000000001BD1000-memory.dmp

Filesize
4KB

Download