Overview

overview

3

Static

static

1

video-web-play.png

windows7-x64

3

video-web-play.png

windows10-2004-x64

3

Analysis

  • max time kernel
    86s
  • max time network
    89s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    31/03/2023, 15:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    video-web-play.png

  • Size

    13KB

  • MD5

    9ba9ef972728e661c7db282c17492e56

  • SHA1

    227649943513fe24015e00a590c51bbd36d033ad

  • SHA256

    381fc88bcad4ab550daf7dd8576b3dfb2083887d0bc5e28b25fe17b0061e186c

  • SHA512

    82cd966b7e2e7dc4047e0b6ab2fe3cd6ab36e7e83c1991289b91ca7c212aa702a9e9fab609addfb2c87ffb82456de86d521324e455d732962da686ba56d2f8c9

  • SSDEEP

    192:eZ+Jd15qZjcNaHAHeBs1AXin8yzxTtizpPQt2ra+iGvVLAIwfx2P615WO:eZY6cN9HeBs+inBDUo+iGvlAIyxNnr

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\video-web-play.png
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1624
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
    1⤵
      PID:520
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x4fc
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1476

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1624-54-0x0000000000320000-0x0000000000321000-memory.dmp

      Filesize

      4KB

      Download