7e9f8d4be691c76607d87e7a2139ad4f849d5bb4c443c82faa0143cefd75ad65 | Triage

Analysis

max time kernel
1601s
max time network
1605s
platform
windows7_x64
resource
win7-20230220-ja
resource tags

arch:x64arch:x86image:win7-20230220-jalocale:ja-jpos:windows7-x64systemwindows
submitted
16/05/2023, 06:00

Sharing

Report Analysis Logs

General

Target

images/background.png
Size

28KB
MD5

a0a89ee6d03966ed7426ed34ad6bff7f
SHA1

93ed59bb8aaeca144be9793770d34747fea32a32
SHA256

036dba789f870e05f0741574f0e3521d2a65db0bb7f0fc7313f0f76959033276
SHA512

f41b3cf50a6b8a3ea6a28347101eb730d43e358671a43a331bce40400f1c279cb7e0786cc42b40c2f0c943a06914ec3f0a40d21fd3dc362e59d39ab4288947d9
SSDEEP

768:y7KQxlLF0HTl+iW+dpAdg3kVQrI9ueR0ZOf29qqrRwrw0jWcb:yDH0pwi06rI3EPDrRwMjA

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1572	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\images\background.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:1572

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1572-54-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/1572-55-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download