d771f4add3c944d4b8a21ba5e8849eeaa40659146e5c833ef637c8957a32279e | Triage

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
18/04/2023, 14:26

Sharing

Report Analysis Logs

General

Target

cat.png
Size

62KB
MD5

984682ad73f99eb097d42728dd12a205
SHA1

8b79461dcb6fa2625b02051f9703ba3e45fb1a24
SHA256

d771f4add3c944d4b8a21ba5e8849eeaa40659146e5c833ef637c8957a32279e
SHA512

f0c6956c458cf56ba34e1c9e1fe562a1cd6c759d3ec5507485075273004a0d61b81626ea382801373c886cfd555e5a9a80d20eb4388de0615092dbe1cbee84a5
SSDEEP

1536:gmshkgfKjlMWiSIUkquphk/JlhzDC8WB0bN064pbMel:gdhHD4tQ36mLl

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1676	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\cat.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:1676

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1676-54-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/1676-55-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download