bc0b324c49a3fc9cf036d1e94b54775fae35a415d990f1b347479641147cc2dd

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
05/08/2024, 16:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot_2024-08-05-19-32-47-357_com.discord-edit.jpg
Size

486KB
MD5

14c0db3716fd2a554d47f5954711cce2
SHA1

c3522308b3a141740382da50ac5f39d12d899f1a
SHA256

bc0b324c49a3fc9cf036d1e94b54775fae35a415d990f1b347479641147cc2dd
SHA512

4c3af8fbceedee14e0ddb9e38ef5e90d24f78bf1524022837c586f267f72c7d7f756740a72ed02430363e91a71563e796829cb73ab9633dd6e24ce6247114755
SSDEEP

12288:QDtBHfN8JPJTcTl81BHTJJHUGzvxGJ6vGHn67eCBSAw2:sB1wJTcTWYGzwCXB9w2

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2980	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\Screenshot_2024-08-05-19-32-47-357_com.discord-edit.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:2980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2980-0-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2980-1-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download