435469a7278571ddb7b2cf629323c105839862df407d90135e8e311bf3fe6b04 | Triage

Resubmissions

02/04/2023, 18:00

230402-wllckshf97 3

02/04/2023, 17:44

230402-wbfpcaah8y 8

02/04/2023, 17:26

230402-vz3ckshe66 4

02/04/2023, 10:34

230402-mmkb8sfh52 1

02/04/2023, 10:34

230402-ml33ysfh48 1

02/04/2023, 10:26

230402-mgrjcsfh32 1

02/04/2023, 10:05

230402-l4st9sfg56 7

Analysis

max time kernel
1s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
02/04/2023, 18:00

Sharing

Report Analysis Logs

General

Target

Borux.png
Size

21KB
MD5

161c2cf23c01ee0d37689fc51458ec7f
SHA1

b864444ecdcd427209155971ee0a91913d2cd304
SHA256

435469a7278571ddb7b2cf629323c105839862df407d90135e8e311bf3fe6b04
SHA512

7fcd9a981886307a44db5c6661e613a7bdf2c0cb5113de4654e4bb85870de10bef7a8032a2e33bf4c2443ae31c1c26315080905c0d407f2ac1dcb7aa3ee59df0
SSDEEP

384:0jBy2lR1p4nhwiddxLPwwnuLUd0eEx0/LnbnMBBVQu8+y+B:kNrpwiiv59nl0eEx0/vnMxq+y+B

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\Borux.png
1⤵
PID:1388

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1388-54-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download