45356f9963feb24970cb4726a5355e2cbee76225b71a335ca71dbdbb27907722 | Triage

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
24/03/2023, 02:49

Sharing

Report Analysis Logs

General

Target

Anarquia.png
Size

14KB
MD5

ab4c955253d0a4d37c3ca9ad18d9ccbf
SHA1

4bbcc82c9e61245581c36e0dcfb7f217195c7784
SHA256

45356f9963feb24970cb4726a5355e2cbee76225b71a335ca71dbdbb27907722
SHA512

365644b6e7716c40f0d014cce8cdde36fd3383a252e369d8b84d2f7489e04ff72049f75b1cfd00c5a2db3f73cd35255ddab4b398cfb8cce5779f98137be11fbb
SSDEEP

192:b44NuGMhUX183vkTSfIYCiQrm5SNgax/DBNO79cEO27s2jt9ozAEyi2+2mI7KGKZ:brX18/wSfIdhJz6csLXVhml

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1392	rundll32.exe
1392	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\Anarquia.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:1392

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1392-54-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1392-55-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download