eceb70ab19a5dcae01a8de2e5308b059c7677932374213649817cd7f4a110689 | Triage

Analysis

max time kernel
141s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
15/04/2023, 23:47

Sharing

Report Analysis Logs

General

Target

char.png
Size

6KB
MD5

1a557122fab3dfe5deed2329ee770d90
SHA1

db0abcae320e1e229331e324e3a3df2963ed428e
SHA256

eceb70ab19a5dcae01a8de2e5308b059c7677932374213649817cd7f4a110689
SHA512

5f75d7c5e30e466ea8f9c62c8d019624300066db020a018e5fd05db79b7f8fe624779f5114e23cc40adad225be448607aac57223b4a07c7051147f2461be5883
SSDEEP

96:uLIKrk3lqYcoVGXk/GSUMAWFYEj+O4ZUgM2MN0BCUE5YGbGvKGekNKvTizlyBt:uK3A7JhSZAWFbj+OBg+iB+YuGVe+z4z

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1212	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\char.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:1212

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1212-54-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/1212-55-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download