7e83112aa106b22580bd34202564c60edbcef45b43e3325d86483b53f94fe37b

Analysis

max time kernel
101s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2022, 15:18

Target

Fivem-Spoofer-main/encryption.h
Size

676B
MD5

12191cafd73bca5fcafe77254f8f8f5c
SHA1

41188583f0eb1ab12ab815d213d636d5988fca25
SHA256

56184093fb07353d13045ec8ea91a9c84afcd561f9f61e688105d2a7d06435b2
SHA512

15d1a08948a1bb828ee3ffbbc400cfbbc50a53d6a6ba4b2ddfc2a33415a2a961b225534f10b071cdbc2f050cb3f1ee5d86193723e0e06370da2728e912495bec

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3360	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Fivem-Spoofer-main\encryption.h
1⤵
- Modifies registry class
PID:3988

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact