935f2ed3787ddce80823c6f0e513c1a5865e87edf2c9597994e43c6ceb104ad1

Resubmissions

06-10-2023 17:17

231006-vtvqjsef4v 5

05-10-2023 04:20

231005-ex7aragf4w 10

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
06-10-2023 17:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

image.png
Size

78KB
MD5

fe9fbd251e4634b5dc8b1c325ee29578
SHA1

b34fcd753a2fbd1572870e6b7bda966c23400018
SHA256

8e5d58b06af9af996210967b2d135758c0a737f6a3d880e6da8f5d6c3049b15c
SHA512

bb024c44fe1f525ddb97432fcc80cea69c8002091cf5c9d481d3267aeaf8c441ca83f7e459cefa18c6bac1b099bd61b63b16eeee0836da9593a93a938fb41af3
SSDEEP

1536:SO+ITqfUARGyWbUf6jQJMNLorb7gyTNp4cTIB9e8EQWnM/7kWYSozTJRhtmGQ6j:SO+IOfUARGyWbk6jQ6N0vgyBT34JtoJX

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2080	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\image.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:2080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2080-0-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2080-1-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download