Resubmissions

23-02-2024 11:52

240223-n18gnafd9v 10

23-02-2024 08:58

240223-kxe46aea3y 10

Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    23-02-2024 11:52

General

  • Target

    bentonite.png

  • Size

    963KB

  • MD5

    e7c43dc3ec4360374043b872f934ec9e

  • SHA1

    6514933e53c6eb9594786a773f75595b0eafeaf7

  • SHA256

    658ac17f4047ccc594edfd7c038701fe2c72ec2edf4aefe6f3c2dd28ab3dd471

  • SHA512

    43b8cb4cacf8bc1e26f7c6af4e58d877287057975b3e28c52d4a3afa478b447a921fbde729ef24be9eb3858c00968455a6873a67e409a6a3fe6a35703470bd6b

  • SSDEEP

    24576:gvnQ8rX+HfLmktxk2ZtrWIxff17XIDHVuJnUNObt/D+jQ9e+k:gvnD+SaZt5X2qAyasev

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\bentonite.png
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2880

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2880-0-0x0000000001E50000-0x0000000001E51000-memory.dmp

    Filesize

    4KB

  • memory/2880-1-0x0000000001E50000-0x0000000001E51000-memory.dmp

    Filesize

    4KB