c69c594f2c13f1d310e4ed3b47a544835f09f78872b68f99ca10dc9572589baa

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
19/09/2023, 18:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

image002.jpg
Size

754B
MD5

ba190ff333c1b9c425d8ef1cc1b7e8fd
SHA1

503fd4eae794e84eee2dc5142b76b0415d3c4972
SHA256

44b27933e8c22ed4ca8cf35dfacf68f940924fb90f955488d40f5c9366a49a44
SHA512

b0067d96f94b1673170e36c38a7a61026a5dd314c0675170bdcc571ad31bf274f732dad090ce53f13c16581869bac187bc8f04a9991395d1746de539296d4548

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1312	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\image002.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:1312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1312-0-0x0000000000410000-0x0000000000411000-memory.dmp

Filesize
4KB

Download
memory/1312-1-0x0000000000410000-0x0000000000411000-memory.dmp

Filesize
4KB

Download