ee74f6fdae5a722a8823e13b1738dcd8597aa054614bd38301613adee5d723f0

Resubmissions

03-10-2024 10:06

241003-l5a1vazfjb 3

03-10-2024 09:58

241003-lzy6gswglk 10

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-10-2024 10:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mff.png
Size

46KB
MD5

2e8046aaa49a9a20a6077112d82dd843
SHA1

187913575e1bc82c457867a1d3616bf1f5e3b6ad
SHA256

ee74f6fdae5a722a8823e13b1738dcd8597aa054614bd38301613adee5d723f0
SHA512

e9bf46621821c966dc9f6469dfe065d10f186fbe3530775be9621202a11e4b52ca5f5b491a6016a40fb05e15b8c3005ccec65f28038c54514a9a7494cd36adf0
SSDEEP

768:4Sv4yL7b0iwPqLBiaKpnJzDpGbq/54l6wVphyz28sTp6ua97exkpbJ/9EOQXl8Bq:4Sv4ziwyLBiaGJv/gZVpEz2TTXCfbJ/a

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2256	rundll32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2256	rundll32.exe
2256	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\mff.png
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2256-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2256-1-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download