c18f13c536c38daee65313e8129d61ec0ed0ee4e728c1d21c718f84de3a7b679

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 15:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a72b49349ca77fbf647579b6072f41e1_JaffaCakes118.jpg
Size

2KB
MD5

a72b49349ca77fbf647579b6072f41e1
SHA1

8d0beb6ca29022dccdbd233f34d25f12a43e78a6
SHA256

c18f13c536c38daee65313e8129d61ec0ed0ee4e728c1d21c718f84de3a7b679
SHA512

f622da1996b7c026a1a1d398b1ff36ced719e8bf7473668e83530b40bf1020bcf0fb1d7763e2858598bab7cb9d85296e683cd4420817348f93aadf29ecda7a44

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2980	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\a72b49349ca77fbf647579b6072f41e1_JaffaCakes118.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:2980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2980-0-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2980-1-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download