90fc1d60783e2423eb15b4867710ba3f8927da3d4ffdb235fc706e92197991bd

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06-09-2024 15:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cfd0b5cebcfdf35349be8f81941bbcb1_JaffaCakes118.jpg
Size

9KB
MD5

cfd0b5cebcfdf35349be8f81941bbcb1
SHA1

eaa64786486557afc85610b044395b2dbe7284c9
SHA256

90fc1d60783e2423eb15b4867710ba3f8927da3d4ffdb235fc706e92197991bd
SHA512

d60a89ebd3b8f89e94b57fec19075b862af6523bc2c68ccb9c4ec4bfc46497567cc9bebac1b76a0d8f0768b8be57d41a0f047c7c0fdbc15c11f9f308d3b8776d
SSDEEP

192:jcS7qRmIIa/7kFmzC0LuMKpadx9EVoaGMK5QMX9zFKrGhX8Y:jcS+3Ik7kkHLu7wdx9Emvd57HKShXP

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2340	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\cfd0b5cebcfdf35349be8f81941bbcb1_JaffaCakes118.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2340-0-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2340-1-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download