2519d8b8b33d24cd3b61ce02d11d3f0ff0c16b92aefe48d349e69a3d2fbe7f3f

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
09/09/2022, 20:02

Target

Jordyn.jpeg
Size

9KB
MD5

183142a31845ae8cde8d527f7a8d56d9
SHA1

87d3b031e44881c964b30f1f2b69dc88fa9ea391
SHA256

2519d8b8b33d24cd3b61ce02d11d3f0ff0c16b92aefe48d349e69a3d2fbe7f3f
SHA512

55c94d98268ed6351d53f4c7e33a23e5055bdd4d63ae1d06bf653c56004de95b0294d5a129b8f582c69bee2dd09f485f9a6466b25d3845c15c0f8a9cf483642b
SSDEEP

192:mkIJXSk3u0Q4joRETm0LiRboRcQpHYiFffZfzLhLFQ+EStcqLAX4PLz8YoksPE4n:m/QIu0pj6ETmgiRboRLSiFffZRLttcvj

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2036	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\Jordyn.jpeg
1⤵
- Suspicious use of FindShellTrayWindow
PID:2036

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/2036-54-0x000007FEFBB41000-0x000007FEFBB43000-memory.dmp

Filesize
8KB

Download