3952873719ebe020a1a4207f8c20adc4e025c8a9eeb787edfd45bd0b771b3d1c

Analysis

max time kernel
91s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2022, 13:32

Target

Discord-QR-Token-Logger-main/utilities.py
Size

7KB
MD5

b4c8cab61f7068012d5281be925c31fe
SHA1

576d8c587367558f3086e8e6100f6fb5d1e416d8
SHA256

5b9ce8ff5457cf300cd359b0c3f7da9d93532963aa5acd92fba4a9c83810e8fa
SHA512

923c6ebf606c2aaba4b06b8965f086f930e759cb22a32b5012b0fbb18f884a80847eac3de555d79a1d49e6e430e72579e59f47d49f144ac73de5d55731cab645
SSDEEP

192:CVlKNrAQz91w8crbvbqAV2apONy9RJ8QlBZN/b/N:CHOVzE8crbzzVpONy9T

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2012	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Discord-QR-Token-Logger-main\utilities.py
1⤵
- Modifies registry class
PID:4796

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact