0d9c7b40537e5a4d45ea7038bacc49a9af1fb01a0b0e9df226fe21edbd1b7d77

Resubmissions

29/05/2023, 01:09

230529-bhz2caha69 10

12/05/2023, 04:55

230512-fj5ensea8z 10

Analysis

max time kernel
1589s
max time network
1592s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
29/05/2023, 01:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

search.png
Size

936B
MD5

25586a2c4e534e1e73d074478775d1dd
SHA1

7f6d4552f489430945463274016e4024f68c4919
SHA256

be65b82e781a2118affd32689002d1d676108a778a75fbc1141eac1b3c428439
SHA512

879708f1d7064a875331a983a7eec65c3fd530f8865979e9498ee4e79c48ee44552ddbf536b6effe729eb6c421b7fbc7b7d5da46a61e9bf9a064e8f812d34a77

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1948	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\search.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:1948

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1948-54-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/1948-55-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download