c61013ad11354e747f7166686e2e0b526aa7745323d53cb86be2744337e50e5c

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
20/09/2023, 19:10

Target

Documentation/js/prettyPhoto/images/fullscreen/2.jpg
Size

82KB
MD5

89871ea85c1e362c30105886ab3db492
SHA1

223fc0b1daaa040d3f0ec7c43fd7913967e41235
SHA256

b0de9e7103e3e3e935e766b253b7717fbc3eb5d5186e477dbef63b35f40e84a7
SHA512

87c0d20bd485ac07c6182b895345fc8119990677295a60ef286e122a265807edf742fb7fadc491bfb1e0e6d098ee6ab3ae281fbd061b73bcb9fe55e2d017576b
SSDEEP

1536:KdEQZpnRbIz7y9JEmJz7ABqUhI64qkCki0TXCiMNEYgThPTh+mo4uNk:8EQZpJ19jJggt6rkHTXCiFTlg4uG

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3020	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\Documentation\js\prettyPhoto\images\fullscreen\2.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:3020

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/3020-0-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download
memory/3020-1-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download