8fffc4d5eed4697ed0aaa0e46f9ecdff311a47ffdc5642c8cb21423f83315fdb

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-01-2025 20:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Kvaa.jpg
Size

164KB
MD5

ffaf2136b0bfd6e6ce0b28f72978c909
SHA1

ba34b8ef21b1d3f93c1efc0e3f0735aa0e862ba7
SHA256

8fffc4d5eed4697ed0aaa0e46f9ecdff311a47ffdc5642c8cb21423f83315fdb
SHA512

c2b13d1bcf566e2affcba3a8ec34ffd8b3ce4c683fe01545d1f00ae8231f108fd56df754f0690c696775ce31000d643c39cf4dfa8ebc8a2218c33be356884925
SSDEEP

3072:1p19Dw/4Ph7rSnIpoddd7uRKJ6EX99bXKNVFEKeiM4TftdWlSsS3KHZ3N/8yAXoY:1Nauh7Boddd7uRKgEX99jbKeilTLWlSz

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2484	rundll32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2484	rundll32.exe
2484	rundll32.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\Kvaa.jpg
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2484-0-0x0000000001EE0000-0x0000000001EE1000-memory.dmp

Filesize
4KB

Download
memory/2484-1-0x0000000001EE0000-0x0000000001EE1000-memory.dmp

Filesize
4KB

Download