1360b29d035673ba3c7513a9ae0078e05bc179e51880beb6648996d9f2bcfc64

Analysis

max time kernel
28s
max time network
32s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
07-07-2023 08:35

Target

bg_w10_bind_one.41d7983.png
Size

88KB
MD5

41d7983c97c6516ff2548cbd071420ab
SHA1

d3787c6ed2b3e39cdcca932595be0bc697bd210b
SHA256

29b15d7bbb8900e633dd5cfbc1d9043565d12fb5b5370aa5c8f63c3dcc4f4498
SHA512

074e7359ca8d2ffb0767539d6a71c08925c2f6e6f9175584f8b842f392c80c75333a162e97580d43194550afdaa098ac9e7a537a1415f642a5a6611ebb9b43c4
SSDEEP

1536:bonZbKtI82LyyuE5MOiJoUBoZrDQ9Tpw/WOAudEjLH7xbmAy1c3pkEQEzAL:bonZHLcuMR22oZfK+AudEPJm1H9EzAL

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

rundll32.exe

pid process

852 rundll32.exe

pid	process
852	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\bg_w10_bind_one.41d7983.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:852

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

memory/852-54-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download
memory/852-55-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download