8d7f94cec1c9bb3d9e78ec86691aa38d4c81db77f4374340222feb7e59c5d37d

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 13:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

09JB344QE.tif
Size

50KB
MD5

593a0105b0b4da867805713b2771322a
SHA1

db01696303bcd5d45f6e9e520fa0ba5b09a3e062
SHA256

8d7f94cec1c9bb3d9e78ec86691aa38d4c81db77f4374340222feb7e59c5d37d
SHA512

f2977733dd3982628e1249ef1604ccabb991df58d0cbb9f190a0ea9bd6a3121bd5b41ece905ad96f6c9eb3138a0a05541ec3fde40aa270324ab6bfef1d337e59
SSDEEP

768:s1DyUuHGoaijSmORARt35HAik5g2k3tz2EWxLBjHdhwbqwk2fp0F0jIjzmcmwgF3:s1DyUkGmS0cO6HdhwbqwkMeROply/je

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2400	rundll32.exe
2400	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\09JB344QE.tif
1⤵
- Suspicious use of FindShellTrayWindow
PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2400-0-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/2400-1-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download