1360b29d035673ba3c7513a9ae0078e05bc179e51880beb6648996d9f2bcfc64 | Triage

Analysis

max time kernel
28s
max time network
32s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
07-07-2023 08:35

Sharing

Report Analysis Logs

General

Target

bg_w10_bind_two.62f969b.png
Size

49KB
MD5

1bada24be56de5d8cac20de2d783524b
SHA1

5467e6dce135bb8652d4ff45e2023952c0aeb936
SHA256

36c958646ab147ad2dbe274a1f9e963e972202dd8220b4d37434a149e9dcad0c
SHA512

51125f7c3f21a66f17523456862b58cd34f775d8a4c6e52f071a7f20560c664162e5f26deaa4bee4135935a548fdb9d81e05c175aec798808a87a3b01dd962b7
SSDEEP

1536:XEK7AUpu4+1JCUjqH+oReT+z7QauIcqtMetTzT2h:XEK7dpu4+HCUXoReCQazcqtMe/S

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

rundll32.exe

pid process

2380 rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\bg_w10_bind_two.62f969b.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:2380

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2380-54-0x0000000001D20000-0x0000000001D21000-memory.dmp

Filesize
4KB

Download