81dea6647da16aa253a7b97ac7b4ebc07406ddb1f763cc2cdca736e2c92ac62d

Analysis

max time kernel
1565s
max time network
1567s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 19:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RobloxScreenShot20240510_155746821.png
Size

1.7MB
MD5

2abaa424d96067f8165d939f513c0ac7
SHA1

2e092d54601e154ad15043b2ecb8d8cb88a7c684
SHA256

81dea6647da16aa253a7b97ac7b4ebc07406ddb1f763cc2cdca736e2c92ac62d
SHA512

7136ee810767664b7845330e42ed4452d0349e4dfcfc19d7fbc8745b5aadf3cc98f5d2ce6d4765c1e813cce89f2e64686c7af4e27888e9b6724cae68e188d44a
SSDEEP

49152:EVYpCkroQWE5x9rsdyRAhM/ZCMHjwvzI4ucwMY:Akro2rtShMcijwvz5YF

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1368	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\RobloxScreenShot20240510_155746821.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:1368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1368-0-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/1368-1-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download