34f77c03faaa39e7f7bd7d891c6aa212a16a45ca6a619fd031b0653efeac2ccc

Analysis

max time kernel
121s
max time network
144s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
20-02-2024 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00c9bd5d56fd8a90f8eb544ccac1d6c7.png
Size

2KB
MD5

00c9bd5d56fd8a90f8eb544ccac1d6c7
SHA1

8c0209fed3ad8a7522bab387244f2a975fb9119e
SHA256

238a6059da105e71d609e72887c4b8b3d9dc1e7cac0e499b7e3d6bf385ddca63
SHA512

f3eadfa87787cdb3bb391c95cbf0a492bef5e527fdb0d748935329fa05fe4c1b6eecf8dda0ce62716667a2447cc46f61757fc0610ccbd4af7cd274b9b6920c01

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2160	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\00c9bd5d56fd8a90f8eb544ccac1d6c7.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:2160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2160-0-0x0000000001BC0000-0x0000000001BC1000-memory.dmp

Filesize
4KB

Download
memory/2160-1-0x0000000001BC0000-0x0000000001BC1000-memory.dmp

Filesize
4KB

Download