Malware Analysis Report

2024-10-16 06:36

Sample ID 240616-rdms8azelm
Target Screenshot_2024-06-09-16-49-30-136.jpeg
SHA256 39ba31aac730686e81b867c0dca91854fb378b9f413d6d3429e6ba280eed4230
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

39ba31aac730686e81b867c0dca91854fb378b9f413d6d3429e6ba280eed4230

Threat Level: Likely benign

The file Screenshot_2024-06-09-16-49-30-136.jpeg was found to be: Likely benign.

Malicious Activity Summary


Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-16 14:04

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 14:04

Reported

2024-06-16 14:08

Platform

win7-20240221-en

Max time kernel

48s

Max time network

18s

Command Line

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\Screenshot_2024-06-09-16-49-30-136.jpg

Signatures

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\System32\rundll32.exe N/A

Processes

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\Screenshot_2024-06-09-16-49-30-136.jpg

Network

N/A

Files

memory/1032-0-0x0000000001D70000-0x0000000001D71000-memory.dmp

memory/1032-1-0x0000000001D70000-0x0000000001D71000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 14:04

Reported

2024-06-16 14:07

Platform

android-33-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.169.68:443 udp
BE 142.251.168.188:5228 tcp
GB 142.250.179.228:443 tcp
GB 216.58.204.74:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.169.68:443 udp

Files

N/A