0e0e77cd4f0a899aafcd54ed726276511aab5d578c4d20cfe3fa998b71015f97

General

Target

IMG_20231027_145723.jpg
Size

419KB
MD5

b0cfe290f729bdc74fe8008db935d48a
SHA1

53572b133706c320e598054aaf064e7547b2a888
SHA256

0e0e77cd4f0a899aafcd54ed726276511aab5d578c4d20cfe3fa998b71015f97
SHA512

2d7cb112b797b51be98e668a21e74b163163ddf8009a7cf7515a30a73a53106ceb11612b4df4c4a1bd218e0f91ae6cbadd7659814c06502536ba0b2e52d58885
SSDEEP

6144:/d1jFdU3otxxqXwyrMMTiHCgZlWidzbpzZyWymPr/6JE/zJDIUQwWWeGnPJ2/w3W:pdU3ox9yrM+VIWCgzmPr5rZIUQygoU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2844	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2844	AUDIODG.EXE
Token: 33	2844	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2844	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
628	rundll32.exe
628	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\IMG_20231027_145723.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3468 --field-trial-handle=1196,i,3998251596916745295,13947899070524681848,131072 /prefetch:8
1⤵
PID:2852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3760 --field-trial-handle=1196,i,3998251596916745295,13947899070524681848,131072 /prefetch:8
1⤵
PID:2832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4160 --field-trial-handle=1196,i,3998251596916745295,13947899070524681848,131072 /prefetch:8
1⤵
PID:2824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=4000 --field-trial-handle=1196,i,3998251596916745295,13947899070524681848,131072 /prefetch:1
1⤵
PID:432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=4148 --field-trial-handle=1196,i,3998251596916745295,13947899070524681848,131072 /prefetch:1
1⤵
PID:988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=3324 --field-trial-handle=1196,i,3998251596916745295,13947899070524681848,131072 /prefetch:1
1⤵
PID:1060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=2256 --field-trial-handle=1196,i,3998251596916745295,13947899070524681848,131072 /prefetch:1
1⤵
PID:2076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=1868 --field-trial-handle=1196,i,3998251596916745295,13947899070524681848,131072 /prefetch:1
1⤵
PID:2428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1568 --field-trial-handle=1196,i,3998251596916745295,13947899070524681848,131072 /prefetch:8
1⤵
PID:2984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4128 --field-trial-handle=1196,i,3998251596916745295,13947899070524681848,131072 /prefetch:1
1⤵
PID:2420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1192 --field-trial-handle=1196,i,3998251596916745295,13947899070524681848,131072 /prefetch:8
1⤵
PID:2904

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=1280 --field-trial-handle=1196,i,3998251596916745295,13947899070524681848,131072 /prefetch:1
1⤵
PID:1484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4216 --field-trial-handle=1196,i,3998251596916745295,13947899070524681848,131072 /prefetch:8
1⤵
PID:1304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4504 --field-trial-handle=1196,i,3998251596916745295,13947899070524681848,131072 /prefetch:8
1⤵
PID:2656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=1924 --field-trial-handle=1196,i,3998251596916745295,13947899070524681848,131072 /prefetch:1
1⤵
PID:2780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/628-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing