8613cd47f8de90048aef068223446df66c7ee07d527f931f6a3fec3bf5efc9ad

Analysis

max time kernel
123s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 13:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

852638029.jpg
Size

169KB
MD5

b37497fd8e162622b0cb73dea242b5ec
SHA1

ad2dcc161b4e6624e8dbc402c64ec9fc4caaa6ca
SHA256

fc3b83f9f6e7d1d69090af62ea1d9eeda9ca3cadd0a7918e8fed448546d9817d
SHA512

bd9b0fc6ebeae105d41bf42f23adb901741f0a1ec01f8dc4ee7f8483b6b141328db13c11411d786d0503dfcc7d29064d4f1cd056d7af0fdd70e7e8e1813d3fec
SSDEEP

3072:PFs4z7sQoidgvvi+VGFlZigtSr0InhyCoOAuDhfc4ergRM4qb0Bm5JheVFw+oKHE:PFZz7siCiPpSr/n5oOAoBqbf5zeVFaKk

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1320	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\852638029.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:1320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1320-0-0x0000000000410000-0x0000000000411000-memory.dmp

Filesize
4KB

Download
memory/1320-1-0x0000000000410000-0x0000000000411000-memory.dmp

Filesize
4KB

Download