986eb45b5d5c04fee9e2bfcbbc15b968870e40feda870eb949ef10c2b7b73c1e

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02-02-2024 22:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wave.png
Size

10KB
MD5

57bd5782b784673f8e3ebd06f95bdf38
SHA1

1f55e36180024eb5c8fc066a855287898e6b077a
SHA256

986eb45b5d5c04fee9e2bfcbbc15b968870e40feda870eb949ef10c2b7b73c1e
SHA512

9f807db1571b942467f61b2d9a7ef11882036f64a6e1347ede55523deb9da193ec8255be0819e16cac65595f67f05bbf80320c9d46c4e1bf944b34dd000ffe51
SSDEEP

192:sD2HxgUkULWcH4F4/XZ/g4t688FPhzBfZIYeLhl+1/RNqeyFgbCBQJGSz/2Niq:sDXEicYF4/XZ/HT8FPhzMHNQdql0CBQ2

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2288	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\wave.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:2288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2288-0-0x0000000000410000-0x0000000000411000-memory.dmp

Filesize
4KB

Download
memory/2288-1-0x0000000000410000-0x0000000000411000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis