7682efae2c4916c1750fe643fd85f2fdc2b8209e2fedb8691b4612a811e61ce5

Resubmissions

04/12/2024, 19:39

241204-ydewyatkbl 3

01/11/2024, 21:49

241101-1pvgwaxmek 10

Analysis

max time kernel
7s
max time network
0s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
04/12/2024, 19:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PONYDOODOO.png
Size

186KB
MD5

868076ce3956526083cf3f29bf156c2c
SHA1

432d9335d2cb2dee2dde6f6301ae3349e3d239b7
SHA256

7682efae2c4916c1750fe643fd85f2fdc2b8209e2fedb8691b4612a811e61ce5
SHA512

49481e1bae76ba838f7e006f960c6f5bff5978317c5f3b4905effefde8c65394aacf91c9ad465816a08b279aa4cc81c28e4fbd01859bc59935a7fb0e08bd13d8
SSDEEP

3072:snx5651LC8bLMxnBozjxGPwgbKwLZfoNTtd3SP4AuD2Nrn0ZqeYm/zvyQbpCkef:x+8bLMxnBozQPwyKwltVxnkYm/zvFbpu

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1968	rundll32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1968	rundll32.exe
1968	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\PONYDOODOO.png
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1968-0-0x0000000001D70000-0x0000000001D71000-memory.dmp

Filesize
4KB

Download