a1590985593285274a20f3a48c6cac3ba9ed95c9771792f891f5a5a9e370e783

Resubmissions

07-09-2023 19:52

230907-ylr68sdg9x 5

14-08-2023 03:55

230814-eg3bvsbc9t 5

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
14-08-2023 03:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

image002.png
Size

6KB
MD5

a199b4f8d1949146cf4f4ded8c0b778f
SHA1

d861b9a87955d5061f16bb5ef1096febcee4ca23
SHA256

0ed109a6948fc2cac960f347a2db0a7a062e5aa87cb937590b77127bb3000dec
SHA512

928faaa12519a1bcd799237bc7dbeb09e38ed32dc48a8b8512427346904ea397a3b50bc59742e724a5a643c318d4df29a36caf559054775cb46eba2b10b92317
SSDEEP

192:IfLQY9xSDHRLJ38JvGYH0QxeGv14Y2YdsKI50S:IjQY0pJsNGpQ4qT2YeKI5z

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2688	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\image002.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2688-54-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2688-55-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download