cf3102093e5081f1fa3af52d015140a505b887ef702daf803fe0ecf149fa11ed

Resubmissions

05-08-2024 13:36

240805-qwc63a1fkd 3

05-08-2024 12:45

240805-pzbxqswekn 10

Analysis

max time kernel
18s
max time network
18s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
05-08-2024 13:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

777.png
Size

87KB
MD5

2c5c9eddf9769bc29d8bdc9971bae0f2
SHA1

8cd725e5b4e3eb334f2c6268fac2fe440baa974f
SHA256

cf3102093e5081f1fa3af52d015140a505b887ef702daf803fe0ecf149fa11ed
SHA512

3fcb5875c17c41574a7dba0f97a66a96b50f3c04c64f08262ba127532d166694ca69d4a39179340378ff76b9d75b34fe67fac4c8ec1b9846ffda00ad5065651a
SSDEEP

1536:q9QaE6hVFc3fY5elIEp26kW7OcMkmbi4rdZx9rB19Td6UG30/x:q9Qa16w5ZEAA75wVZxjd6e/x

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2336	rundll32.exe
2336	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\777.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2336-0-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download