Analysis
-
max time kernel
1612s -
max time network
1614s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
28-03-2023 21:27
Static task
static1
Behavioral task
behavioral1
Sample
avatar.jpg
Resource
win7-20230220-en
windows7-x64
2 signatures
1800 seconds
Behavioral task
behavioral2
Sample
avatar.jpg
Resource
win10v2004-20230220-en
windows10-2004-x64
37 signatures
1800 seconds
General
-
Target
avatar.jpg
-
Size
8KB
-
MD5
f70b24dfe9e49b0af3513dfbd53cadaa
-
SHA1
666a52fa433181c74463a4a07fc3b14225a1351e
-
SHA256
6c526b56946f1159ddf58f72542a3020e4610f9e70ea59bb1b30c8630a3faf79
-
SHA512
3439302faa2d0d8f7e8584fd630a8816205ea04e9fce0effab1617c71ae7590c08ae69676fc1647c3ce95eb5dafc3ed8ad1e82e607b82fda4d2b9ee65f67c2b4
-
SSDEEP
192:u7SVdhw9DmrAoPnQ7zads8eTVn24O2yyCfkC4VxzgGOJylq84BMqMOM51vUn1uPM:O9DObPn6Gdszpn2UyxEdkjBMSu8IPM
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
rundll32.exepid process 924 rundll32.exe 924 rundll32.exe