8025d50f69014668fbdc5c63dd3cd126d63707351a3a631cd8fcf9a04294b45d

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
27/11/2023, 05:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

default_hash.jpg
Size

4KB
MD5

e42c16e31a506afefef2937519790550
SHA1

1bb7f9b1a15b8bd76bf542d674f8cc7d65e1313f
SHA256

7207dcca72a9abb7fc159b2719142abdfb93a5296f6cf7bbd6409551761f10fb
SHA512

2a0773f2a945bb122eea5957ad00843d58e3e76bf65908cbf035bd3ac3687ff09a3d542d6d68df105c3845f13e8ba8efc96ffa7b8bfe09fb721869231b569b2d
SSDEEP

96:F/bEcsU4ypeKfvA/zvL3yzP7smjP6uOovijJF2:FA1UHpe4I/v36PgfzoqjH2

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2176	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\default_hash.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:2176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2176-0-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2176-1-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download