2872645c36485ec142118fd7b0778e71a07ef4d36be0680010c4bfc87ed31b34

Analysis

max time kernel
28s
max time network
32s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
20/05/2023, 06:11

Target

ExtractedFiles-Untitled/extract_files/HTTP-1684519895.048645-4fdcd63ca46c4fbdc119ef47c9729729-F668hxH7lG6DMXyf5.jpg
Size

60KB
MD5

4fdcd63ca46c4fbdc119ef47c9729729
SHA1

e60bbfb94c5349046e5b05332cb723a52bd03bcf
SHA256

eb89cfa317ba38f4e282bda1f10967b42f4825173c4fb98fb131c3e33ca445f4
SHA512

2cb04cc9c93bf3ba716b011cc4a66f3d8124b5a6818ad1f599837b06c989bcc3d5d0688414bb3ac0ead22258ccea5dd214e241015f65f681f73655499184248f
SSDEEP

1536:EhEHVqg3kCrMOgvP0XJxs4h6cvlzxJ0F0we2BBll+8APAJgiGJ:TBHIOM0JSEvVj0Fa2BBllQPAuZJ

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2008	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\ExtractedFiles-Untitled\extract_files\HTTP-1684519895.048645-4fdcd63ca46c4fbdc119ef47c9729729-F668hxH7lG6DMXyf5.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:2008

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/2008-54-0x0000000000490000-0x0000000000491000-memory.dmp

Filesize
4KB

Download
memory/2008-55-0x0000000000490000-0x0000000000491000-memory.dmp

Filesize
4KB

Download