2ce7484c3167fed07bae06f7cad8bfc607e720189e933662617362388ef0350d

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
20-02-2024 21:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Sprites/EpicpetitmarIdle1.png
Size

263B
MD5

09c2ac284e2a8fdd80fb7b6d258c47e9
SHA1

7a33e4fe983a015a35d918507306d6aba6621a55
SHA256

d8a8c8ea52de73705865ad234d441166ba7d789154cb87ff6a3338a7bff554a3
SHA512

12b29f9af6c7d852f1719c5297f8c5eada35fac0faac3777eb556b87005761a4a48c0b259662174422d91f37a2f927601627a6e86b38af0c1e75514c8bc13b5f

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3060	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\Sprites\EpicpetitmarIdle1.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:3060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3060-0-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/3060-1-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download