0d9a40c3c09aec9f9964f166a3525d9a8dcbdd1c80440493d96c5d6eb40fa5a7

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 09:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cabecera-email.png
Size

6KB
MD5

625795abda7926b31d5d52659d7ddcc9
SHA1

6e2958a85ee407ecb97adf4a30d36ed249ed0824
SHA256

d1366cb56ffbdbd7f665bb848780e8066c94c62492208f42388c65b85ff2fd6e
SHA512

853cec8078391a626aa930fbfda36b415f5fc99582a770d92d8f5a751216dbb60e01486a63f5ec8c60c56620c822a6d82e9d594f58c14416549ac8bd0fd075cb
SSDEEP

192:Bv+P0AAnnXYxjQnfKMULxYbcrZni94ol+jZp:BWTAnoLMuxYT9Vw/

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
840	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\cabecera-email.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/840-0-0x0000000000410000-0x0000000000411000-memory.dmp

Filesize
4KB

Download
memory/840-1-0x0000000000410000-0x0000000000411000-memory.dmp

Filesize
4KB

Download