85d84da597bba6a36e1f89b137e843a09b4022515b9bd51a53a39a97b1325826

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
04/08/2023, 14:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Upload/admin/styles/default/images/close.png
Size

1KB
MD5

c2b5a67eee8781bb11bd7a05f3d8c89d
SHA1

af6c8584a40feb4b8b32a149fd5d2db02a7cd10f
SHA256

a58a94da6df845c1c963c3cab5f092bd09d6df7188bea43b6b3234c95bb2a758
SHA512

b1bbf42b45e140b03f831bdeecd8aedd85d0f3e934cbdb1a9276367799062cb5b69dc9c81a7bf671c7617dfac9c1b4252f24e26ef12a7b16a2ba722caafb103e

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2088	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\Upload\admin\styles\default\images\close.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2088-54-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2088-55-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download