43f43bc1cabe913c58d9dc83503b4711eef4c7028098db545ea3e95849801eaa | Triage

Resubmissions

19-04-2023 17:47

230419-wddmrsec7s 1

18-04-2023 16:13

230418-tn47csec9x 8

18-04-2023 16:12

230418-tnnvdaec9t 1

27-03-2023 18:25

230327-w2w41sgg51 8

27-03-2023 18:23

230327-w1yw8agg5x 3

27-03-2023 18:21

230327-wzrfragg4z 6

27-03-2023 18:21

230327-wzgljsef96 1

27-03-2023 18:20

230327-wy9wpsef95 1

27-03-2023 18:12

230327-wtb4wagg2w 1

Analysis

max time kernel
5s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
27-03-2023 18:11

Sharing

Report Analysis Logs

General

Target

fighter.jpg
Size

7KB
MD5

b4ab5bbc090eb4ff916fbb48dc9d3a40
SHA1

b2c8e91298fd8ac51cab4228617db1b469641ab7
SHA256

43f43bc1cabe913c58d9dc83503b4711eef4c7028098db545ea3e95849801eaa
SHA512

edbd4475c6ccfbfe476727511e2546d41b7d039c133df200009c58cd6d350c0eff69d4f4db66f36011e3e9206e55a7e41919fd6342f639f48427dba08ecb791d
SSDEEP

192:uAkBa3UqVX8M08LcJYUaxm3ENPY3h9vY6MDiHbt:rkBa341haxmIY3DY6M2p

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

rundll32.exe

pid process

1992 rundll32.exe
1992 rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\fighter.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:1992

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1992-54-0x0000000000490000-0x0000000000491000-memory.dmp

Filesize
4KB

Download