2bb051354e260e4e29a6a03f8270cd05f1546ed9781b1a3a2e8289fc5e8b748c

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 03:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

003e3738-4700-4df8-bbc0-fff3b1aff261-removebg-preview.png
Size

167KB
MD5

516d13cbd3be8fa80932e7692ffc94d8
SHA1

af83170f239640cc10ad4f886e505e890af89615
SHA256

2bb051354e260e4e29a6a03f8270cd05f1546ed9781b1a3a2e8289fc5e8b748c
SHA512

8329e890c4182b108621099a6b5a4f6595626b7c43ff1e1cde6c3a4fb63a2fb8ecb412c47f5010d41bd218b579f5e6a2bbf2525449b81d9446739987dc9ba987
SSDEEP

3072:zaoOwRj+aWG3u+jlEB/am5i2vhwEA78cJwDjc2xwccNaIOBYjY8IiMeZrLI2fNQu:Wq+qjeUmMW+8xfn/cNaI9E8i4rU2VD

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2340	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\003e3738-4700-4df8-bbc0-fff3b1aff261-removebg-preview.png
1⤵
- Suspicious use of FindShellTrayWindow
PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2340-0-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/2340-1-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download