66a412980ebb6bb2153663442db68cb37756acf7a91f7a201750a9a222678b8f

Resubmissions

04/10/2024, 11:40

241004-ns52kawdpf 6

04/10/2024, 11:35

241004-nqcx1awcmh 3

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 11:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Modes/FarmingHatching/Assets/Tray.ico
Size

4KB
MD5

8681ce04266644af7daa3f3948e9301b
SHA1

cf521df57e157050e7a2744bb2b5a4a6b9c354a9
SHA256

9ac00d6ac913cc51ddd1d333185387dc04859b25217503ed84611f30040e7a7c
SHA512

24816d2ce911cee780ee91d5cc594ec404b5998290fc4c2f0c5b7b33a422fac68e379c7e1f59cc0431a8c32acb67c0f2959387d98de3958d9b4f62a3ccf705a4
SSDEEP

96:dsVxxTBjWTqujImWT1wEMO8fHpTTy/8HYEZJUzssVCNsFDK2iCtj7QKKBqE6m/Bn:dsBJWTljtmWEdmHRfHYEIY4TlfKBqQ

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1292	rundll32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1292	rundll32.exe
1292	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\Modes\FarmingHatching\Assets\Tray.ico
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1292-0-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/1292-1-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download