ebad7789a8ec6dfc654851b8631b4565aa4995076b791cef060510614515522b

Analysis

max time kernel
54s
max time network
19s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
18/11/2023, 17:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

gamename_sto-removebg-preview.png
Size

50KB
MD5

9094466161357a2533d23dc07e360253
SHA1

0273bd39043f481f889cb7d08c5ca129df762492
SHA256

ebad7789a8ec6dfc654851b8631b4565aa4995076b791cef060510614515522b
SHA512

9b004aea715a1cb81fdb262f3c49e495ce9121ab96e86e7eec4583df84c44d54822f2a9cf71a28fe7c76c62073ba569011ddd300608011c81c0ad3e63fd5e876
SSDEEP

1536:oxccXfd0CYbwIMS9EiQEKJoYlYOFDufg3ZAqxq:o1LQwI2buOFDuY3ZAj

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2104	rundll32.exe
2104	rundll32.exe
2104	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\gamename_sto-removebg-preview.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2104-0-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2104-1-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download