Overview

overview

5

Static

static

1

Mensajes e...1).zip

windows7-x64

1

Mensajes e...1).zip

windows10-2004-x64

1

2f859fac-0...c2.eml

windows7-x64

5

2f859fac-0...c2.eml

windows10-2004-x64

3

FORMULARIO...RE.pdf

windows7-x64

1

FORMULARIO...RE.pdf

windows10-2004-x64

1

email-html-2.html

windows7-x64

1

email-html-2.html

windows10-2004-x64

1

email-plain-1.txt

windows7-x64

1

email-plain-1.txt

windows10-2004-x64

1

image001.png

windows7-x64

3

image001.png

windows10-2004-x64

3

image002.png

windows7-x64

3

image002.png

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/12/2023, 13:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    image002.png

  • Size

    5KB

  • MD5

    cb388ab231403b9e4d1389df4a6846d0

  • SHA1

    0ca3522fae6a79e37651964c60fe0e022f941bdc

  • SHA256

    34210dac429345306467290b1ac88d93f8fc386269fe478894bfb2a3b8f43f9d

  • SHA512

    70e9d53dcccaaf275e0633516d8e277f8550672305875a7f6a294c979950dcb2fe4bfd9e7ec37ebc55fe9fdd5a34756bbfbf743a19dfc90aca90d10bc8fd22e1

  • SSDEEP

    96:nDFyWZFLFLvVQI8a5xDBmX66EZaXvXHrw05tfxd5MYcCD28ZgYdzqwTW19VGs:Y4LlvCI7fDBW66UsX15tfTBcX8WY9W1r

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\image002.png
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:3064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3064-0-0x0000000000210000-0x0000000000211000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3064-1-0x0000000000210000-0x0000000000211000-memory.dmp

    Filesize

    4KB

    Download