775ae687874330480ac8e46e542a0bf1edce2ac78e721c46c31915b54ad6f1f1

Analysis

max time kernel
1561s
max time network
1561s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 18:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

images.jpg
Size

4KB
MD5

01ccab16201eaa9b7ec57b7bf15f2ae0
SHA1

3e5baaa7f47ddfd3c7593374a8b485c5431e9aed
SHA256

775ae687874330480ac8e46e542a0bf1edce2ac78e721c46c31915b54ad6f1f1
SHA512

0f3f9dc898909fd83dca81b5e628b366ab2b048043f03771be21fef8bad85cc49af41c4b9e49ccb2ad0b2b0bb4894755a3522263444df8fc04137502a76bab1e
SSDEEP

96:fmHK0Ueh4+B1EuqkhMc2w7Jp+eoXVyCfk3L8mwI:f6FeYSq1HJpxCfk3LlT

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1852	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\images.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:1852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1852-0-0x0000000001E00000-0x0000000001E01000-memory.dmp

Filesize
4KB

Download
memory/1852-1-0x0000000001E00000-0x0000000001E01000-memory.dmp

Filesize
4KB

Download