1c53c7115d57d6a5d2a61ddf20d8f0c4f05105a3947dd853da20a1928ed2c167

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 19:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

611c663b458f4bd1f2106f2f7d2faa0b_JaffaCakes118.jpg
Size

8KB
MD5

611c663b458f4bd1f2106f2f7d2faa0b
SHA1

45fb7b540062b6177b093e6e3935e3c2bff293e9
SHA256

1c53c7115d57d6a5d2a61ddf20d8f0c4f05105a3947dd853da20a1928ed2c167
SHA512

15c304492a5e5c19ddc40742979f8fbec03489474d273367195478470badff1b2b82a2df99a100e78a2bde53de73f143a79b43ec9ed2b4f971be6d6daf76c8f7
SSDEEP

192:jOCgiyZGGzAwvfDX4FbyCAeUgkRycg/bKrGhX8Y:j6Z5zAwMFbUgk1g/bKShXP

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2328	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\611c663b458f4bd1f2106f2f7d2faa0b_JaffaCakes118.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:2328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2328-0-0x0000000000490000-0x0000000000491000-memory.dmp

Filesize
4KB

Download
memory/2328-1-0x0000000000490000-0x0000000000491000-memory.dmp

Filesize
4KB

Download