c61013ad11354e747f7166686e2e0b526aa7745323d53cb86be2744337e50e5c

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
20-09-2023 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Documentation/js/prettyPhoto/images/fullscreen/4.jpg
Size

96KB
MD5

81a96cbb5727b5057a1287dc30392003
SHA1

84ff5dd361e88e859402605110bb1ed559379510
SHA256

5a375d6539c3d01809896752a70665268949662ec932e15d7066a466cb2e25f5
SHA512

6e755856050ef75fae1bc8c8ef2f6a837ddd8262eea28c9b18900dd0d8230e9dc13362c3be453d26f198f45fd64354133c796a0d582209ed505ca4051efc5284
SSDEEP

1536:ga025upT7WIYxQHZjcr3MxkkEgnTtaygYivqbgKN0pT/yvP4PvxrBeh:gteupTaIYxSja3MxKgTIObB0pTyvUJk

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2052	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\Documentation\js\prettyPhoto\images\fullscreen\4.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:2052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2052-0-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/2052-1-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download