Overview

overview

3

Static

static

1

drive-down...01.zip

windows7-x64

1

drive-down...01.zip

windows10-2004-x64

1

image_part_001.jpg

windows7-x64

3

image_part_001.jpg

windows10-2004-x64

3

image_part_002.jpg

windows7-x64

3

image_part_002.jpg

windows10-2004-x64

3

image_part_003.jpg

windows7-x64

3

image_part_003.jpg

windows10-2004-x64

3

image_part_004.jpg

windows7-x64

3

image_part_004.jpg

windows10-2004-x64

3

image_part_005.jpg

windows7-x64

3

image_part_005.jpg

windows10-2004-x64

3

image_part_006.jpg

windows7-x64

3

image_part_006.jpg

windows10-2004-x64

3

image_part_007.jpg

windows7-x64

3

image_part_007.jpg

windows10-2004-x64

3

image_part_008.jpg

windows7-x64

3

image_part_008.jpg

windows10-2004-x64

3

image_part_009.jpg

windows7-x64

3

image_part_009.jpg

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    06/11/2023, 19:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    image_part_004.jpg

  • Size

    88KB

  • MD5

    a54dced53f7592ffc18827474da09f9c

  • SHA1

    605e0c8a69a47a393636efd65f4a4e94af278b61

  • SHA256

    1e4c4ca3e0a2629a4f8b76523d75b783cae054ca08e0ef01d663f19ae02d8c5a

  • SHA512

    4531288bb14db42975b38321db86608b55912427d172db90c5aa1399aa43096e67b1a9b8c92bea16597e73cb27c5e09ef027254b5ce14941ac3cfb01d2a0b38f

  • SSDEEP

    1536:u0bSMo88NRRke0inn/NumN9A3jBjEoJKZuhBXyOqsHfTsgbbcwsdhWGloSkQgBsv:pS18zfin/Ym/AT2oJKZuv1IgbDwWQgBo

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\image_part_004.jpg
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2628

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2628-0-0x0000000000390000-0x0000000000391000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2628-1-0x0000000000390000-0x0000000000391000-memory.dmp

          Filesize

          4KB

          Download