76faadb7a67b688f58951c537fa98d0f3cbc77ed01fa3fb18d16146d36b7a06b | Triage

Analysis

max time kernel
25s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
08/05/2023, 03:17

Sharing

Report Analysis Logs

General

Target

embed/embedding0.png
Size

1KB
MD5

ca8675652aa6ef92bfc5570ca263a0dc
SHA1

16bcc4517e276b0a6dcad74cba55b625cfa6c1bf
SHA256

9c87034e1317fe5c82b5ebaefeac70820f35456e7e1df6746f1dc5f1ce8004c9
SHA512

6b19fd817ce545ca1ca22c312465b6d0c081d35af3fbf5ebf0268893c2ea1085a6ab2f1926dede2d4d86c9d23f6cb39c1a88b2006628ba8bd3aac9a98253a360

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2044	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\embed\embedding0.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:2044

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2044-54-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download