502b2bfc63c501480abe0209a1ad8889fba1903571d92da7b57990e2eee8b672

Analysis

max time kernel
1562s
max time network
1567s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 14:48

Target

GANG-Nuker/utilities/Avatars/GANG.png
Size

292KB
MD5

c8f94d22ce486c07a1fe48050f0949ec
SHA1

647d0327c7af7428167650060671e2ecba5f1ed5
SHA256

f7a931ef99512e0e4c4059295b356d2878c79549199aa6b5f4eae8d52dc5151f
SHA512

742a7b4b0e98e7c7b5e6184e2aac59195b7449e524be2b341575bc464f3bc5daadb4c3c58f825c6d88eadda911857400e1910701691dac236f7d8f2e7f490bae
SSDEEP

6144:Kx0mNIkEhwsZpttn9UiZzmczxR2Ur2bWXbLAH/A8OVT:KxzNlqwktt9bmczPKbWXbr

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

rundll32.exe

pid process

2196 rundll32.exe

pid	process
2196	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\GANG-Nuker\utilities\Avatars\GANG.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:2196

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

memory/2196-0-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/2196-1-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download