Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
23-09-2024 15:05
Static task
static1
Behavioral task
behavioral1
Sample
__monero_chan_monero_drawn_by_kageira__sample-9425ced95cd7499ea944d3b74942153d.jpg
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
__monero_chan_monero_drawn_by_kageira__sample-9425ced95cd7499ea944d3b74942153d.jpg
Resource
win10v2004-20240802-en
General
-
Target
__monero_chan_monero_drawn_by_kageira__sample-9425ced95cd7499ea944d3b74942153d.jpg
-
Size
232KB
-
MD5
ce4cbfb9ee0084695585fabeb189f9af
-
SHA1
71e0f1173f5ca39c3e5337f974ece18b5aa50b3f
-
SHA256
760ccdcd9a89acf6abfd939b861c7d18ef2ed6da49c5efa8595ff0f6e643ed59
-
SHA512
bf18123760b2285a25c863b677f7662ce276dacb81c7be6cf1c476cadd5cffdf64552c954522e332dc36bfa3ce70964993f1e933609eaa4601d24894d81b8860
-
SSDEEP
6144:l+BSLiyej92LyER0sgYOY+IbopXKB8ayLC1wF01:YBmiyeYL9ngjYHboNKLyLmx
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
rundll32.exepid Process 3048 rundll32.exe
Processes
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\__monero_chan_monero_drawn_by_kageira__sample-9425ced95cd7499ea944d3b74942153d.jpg1⤵
- Suspicious use of FindShellTrayWindow
PID:3048