ece2c8247e008e501eda981f73af85498679b3f386da0d5dbb78459ff2ca9a4f | Triage

Analysis

max time kernel
632s
max time network
634s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
02/05/2023, 22:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

155f0bcbce3eaee4.png
Size

685B
MD5

f58097ed86fb381b3fcbcd6502297b56
SHA1

1e02d5960cd096f144ea9f66382dd78a4baebfa3
SHA256

ece2c8247e008e501eda981f73af85498679b3f386da0d5dbb78459ff2ca9a4f
SHA512

216de86d93563c4e82eceeedf9f07de1e64ab9040ab955502781b01daa7609af5e96750fae793df7fec41043a93203e065d943b0c17b08c658fb8b5394ef4c43

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1748	rundll32.exe
1748	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\155f0bcbce3eaee4.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:1748

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1748-54-0x0000000000490000-0x0000000000491000-memory.dmp

Filesize
4KB

Download
memory/1748-55-0x0000000000490000-0x0000000000491000-memory.dmp

Filesize
4KB

Download