Overview

overview

3

Static

static

1

9969-none.png

windows7-x64

9969-none.png

windows10-2004-x64

3

Analysis

  • max time kernel
    42s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2024, 18:44

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    9969-none.png

  • Size

    7KB

  • MD5

    6c978817f770f4c347b77ddc1f989ba3

  • SHA1

    fd4cd482f0dd8b82251278dc7865a2672c219af7

  • SHA256

    2a8428cb2a4af093559e287394740421b88c4db3dd83a53aa7ec54019b573d17

  • SHA512

    af25c2ea05d7d91525f013d891baed9d6d4362c3bb53c7f2f1ee522187f0f76538263d3c2538e7a3a7caba3cb34e27d7f9657d5cab2593bcb7fa1c5d4e12b56b

  • SSDEEP

    192:yYknW1Mf7Ur0BH9+JUk6Jd9q6CgiuzxGy+CWjWsNy:snWKDUrGd+Je4tYxGy0tNy

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\9969-none.png
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2172
  • C:\Windows\system32\cmd.exe
    cmd /c ""C:\Users\Admin\Desktop\RepairJoin.cmd" "
    1⤵
      PID:1636
    • C:\Windows\system32\cmd.exe
      cmd /c ""C:\Users\Admin\Desktop\RepairJoin.cmd" "
      1⤵
        PID:2720
      • C:\Windows\system32\cmd.exe
        cmd /c ""C:\Users\Admin\Desktop\RepairJoin.cmd" "
        1⤵
          PID:2324
        • C:\Windows\system32\LogonUI.exe
          "LogonUI.exe" /flags:0x0
          1⤵
            PID:2636
          • C:\Windows\system32\AUDIODG.EXE
            C:\Windows\system32\AUDIODG.EXE 0x1c4
            1⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2888
          • C:\Windows\system32\LogonUI.exe
            "LogonUI.exe" /flags:0x1
            1⤵
              PID:1784

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2172-0-0x0000000001B40000-0x0000000001B41000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2172-1-0x0000000001B40000-0x0000000001B41000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2636-2-0x00000000029A0000-0x00000000029A1000-memory.dmp

              Filesize

              4KB

              Download