760ccdcd9a89acf6abfd939b861c7d18ef2ed6da49c5efa8595ff0f6e643ed59

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-09-2024 15:05

Target

__monero_chan_monero_drawn_by_kageira__sample-9425ced95cd7499ea944d3b74942153d.jpg
Size

232KB
MD5

ce4cbfb9ee0084695585fabeb189f9af
SHA1

71e0f1173f5ca39c3e5337f974ece18b5aa50b3f
SHA256

760ccdcd9a89acf6abfd939b861c7d18ef2ed6da49c5efa8595ff0f6e643ed59
SHA512

bf18123760b2285a25c863b677f7662ce276dacb81c7be6cf1c476cadd5cffdf64552c954522e332dc36bfa3ce70964993f1e933609eaa4601d24894d81b8860
SSDEEP

6144:l+BSLiyej92LyER0sgYOY+IbopXKB8ayLC1wF01:YBmiyeYL9ngjYHboNKLyLmx

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

rundll32.exe

pid process

3048 rundll32.exe

pid	process
3048	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\__monero_chan_monero_drawn_by_kageira__sample-9425ced95cd7499ea944d3b74942153d.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:3048

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/3048-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/3048-1-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download