Resubmissions

06/07/2023, 18:35 UTC

230706-w8fqlsdg43 7

06/07/2023, 18:32 UTC

230706-w6mfdadg35 7

06/07/2023, 18:27 UTC

230706-w34kgsdg32 7

05/07/2023, 09:21 UTC

230705-lbqjfabd66 7

05/07/2023, 08:59 UTC

230705-kxxdfach7v 7

05/07/2023, 08:41 UTC

230705-klwmrscg9y 7

05/07/2023, 07:15 UTC

230705-h3aqhscf6z 7

05/07/2023, 07:13 UTC

230705-h2e9lsba95 7

05/07/2023, 06:50 UTC

230705-hl6fvscf2t 7

Analysis

  • max time kernel
    24s
  • max time network
    32s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    05/07/2023, 06:50 UTC

General

  • Target

    e0012.png

  • Size

    1KB

  • MD5

    8c57428b5458466d2acd39c615537613

  • SHA1

    f47216b2ea4c28111fd5d70a1ef50891dba9622a

  • SHA256

    ced9296a015f81103ed52b1b23fe14e81a4a7456e7723832071a6a4b6a8edcba

  • SHA512

    b003b975f2045f50d988512db74f00a1f8095ca9315374a44c6455212e101018c88ea36ec710bc83a48989a8e8e32868c66d2f44038826b71f2dbd2324a3fadd

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\e0012.png
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2352

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2352-54-0x00000000001A0000-0x00000000001A1000-memory.dmp

    Filesize

    4KB

  • memory/2352-55-0x00000000001A0000-0x00000000001A1000-memory.dmp

    Filesize

    4KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.