a38f18e5192fe38a18a128ebd8647868458ae63bfc0637a4fef851e44f763791

Analysis

max time kernel
1558s
max time network
1561s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
30/08/2023, 16:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

images.jpg
Size

5KB
MD5

7fbf548bb372dead576d605b10e45690
SHA1

3cfe1cf1373a39bac0d051999a7aab0c4a401891
SHA256

a38f18e5192fe38a18a128ebd8647868458ae63bfc0637a4fef851e44f763791
SHA512

e3d9388a67f2956afcce614762fee1bdd7574307538e8be9443aead8e52a0276f2b1a560a9d42f61b67e87fe077f9c7584e9dd3084704063cc8dd4a3090ff656
SSDEEP

96:xlJyrFXGRrROyJhPzAZ2pmFu712hGDZ23A3c27NWDbLZixCf8smG64tEw:cBWRroKsZBgZ23Ac27oXZNf8uL

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2284	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\images.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2284-0-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2284-1-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download