Overview

overview

3

Static

static

1

thumbnail.jpeg

windows7-x64

3

thumbnail.jpeg

windows10-2004-x64

3

Analysis

  • max time kernel
    143s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    27-03-2023 13:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    thumbnail.jpeg

  • Size

    168KB

  • MD5

    d44b487942470dddb8d6d93662a5f535

  • SHA1

    446fb3b13c2880c53cb2fda3a4e3f0017ab6f18e

  • SHA256

    4056272820cba60b74419d92d2489e9ad8b0ecfc6b8a73e3ccce7daab2c0ed39

  • SHA512

    4e9ed3ce30619985181fe3aa776fe4c90b8c859cbec76d64fed74626bf0a001c7f842d22338b80abfb21d56883b6ef902bfe9ef2076b404b65e555648089558e

  • SSDEEP

    3072:tsBVYroO2yZxVw/e4n7R33ejnjbPEx8fDiA05/dIKK3hHJBWDrYd7yOqq9xJ:mBByfS/Fn7+n/PEWfDiAY/dId1JBWYdB

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 2 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\thumbnail.jpeg
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:920
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1196 --field-trial-handle=1468,i,4795505555672376473,633749616907305262,131072 /prefetch:2
    1⤵
      PID:1344
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1348 --field-trial-handle=1468,i,4795505555672376473,633749616907305262,131072 /prefetch:8
      1⤵
        PID:1976
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1660 --field-trial-handle=1468,i,4795505555672376473,633749616907305262,131072 /prefetch:8
        1⤵
          PID:1980
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1468,i,4795505555672376473,633749616907305262,131072 /prefetch:1
          1⤵
            PID:1524
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1468,i,4795505555672376473,633749616907305262,131072 /prefetch:1
            1⤵
              PID:1884
            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
              1⤵
                PID:1608
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1644 --field-trial-handle=1468,i,4795505555672376473,633749616907305262,131072 /prefetch:2
                1⤵
                  PID:2072
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --mojo-platform-channel-handle=1412 --field-trial-handle=1468,i,4795505555672376473,633749616907305262,131072 /prefetch:1
                  1⤵
                    PID:2148
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3948 --field-trial-handle=1468,i,4795505555672376473,633749616907305262,131072 /prefetch:8
                    1⤵
                      PID:2216
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4024 --field-trial-handle=1468,i,4795505555672376473,633749616907305262,131072 /prefetch:8
                      1⤵
                        PID:2260
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=1896 --field-trial-handle=1468,i,4795505555672376473,633749616907305262,131072 /prefetch:1
                        1⤵
                          PID:2356
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=2036 --field-trial-handle=1468,i,4795505555672376473,633749616907305262,131072 /prefetch:1
                          1⤵
                            PID:2564
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=2416 --field-trial-handle=1468,i,4795505555672376473,633749616907305262,131072 /prefetch:1
                            1⤵
                              PID:2636
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=2024 --field-trial-handle=1468,i,4795505555672376473,633749616907305262,131072 /prefetch:1
                              1⤵
                                PID:2760
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=4176 --field-trial-handle=1468,i,4795505555672376473,633749616907305262,131072 /prefetch:1
                                1⤵
                                  PID:2896
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4204 --field-trial-handle=1468,i,4795505555672376473,633749616907305262,131072 /prefetch:1
                                  1⤵
                                    PID:2992
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=4304 --field-trial-handle=1468,i,4795505555672376473,633749616907305262,131072 /prefetch:1
                                    1⤵
                                      PID:2984
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=1592 --field-trial-handle=1468,i,4795505555672376473,633749616907305262,131072 /prefetch:1
                                      1⤵
                                        PID:2280
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1468,i,4795505555672376473,633749616907305262,131072 /prefetch:8
                                        1⤵
                                          PID:1748

                                        Network

                                        MITRE ATT&CK Enterprise v6

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                          Filesize

                                          359B

                                          MD5

                                          da9844ca9d8eefec251316a4fbf04747

                                          SHA1

                                          133de1610c6fdeca9c1cb4d00c428ef55750c467

                                          SHA256

                                          f24d92b3b1f6a0445749aa86dd804c3ac8344d3a6d76a3a6c273e874a4877688

                                          SHA512

                                          decb9324b0c9941da5b32cf560a2d09ad5f02c50a4c4ea7e2e0fc16757a9e7337f62d29f9244efb43ed8e06d72c2ab9731b540cebf59a6f2da6a7e3c9605e019

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                          Filesize

                                          359B

                                          MD5

                                          5f9c27f480a84f757d6fc7b14869364c

                                          SHA1

                                          d8d3b65522047007f3128a5c0177b5fbb1368fa5

                                          SHA256

                                          9b7b027b18a2e0c9d1350569a6a031edba6c45d825cb4456d732cfcb16607c58

                                          SHA512

                                          ea44d2a1e27138792ab4e440b93527e71d28274b5298ce99618cde43d7ffe44073072290547380b9235cd188192bd0e8c3d21cc6a4f0fbcd79bd1af2db021157

                                          Download Submit

                                        • memory/920-54-0x0000000000310000-0x0000000000311000-memory.dmp

                                          Filesize

                                          4KB

                                          Download