3952873719ebe020a1a4207f8c20adc4e025c8a9eeb787edfd45bd0b771b3d1c

Analysis

max time kernel
90s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2022, 13:32

Target

Discord-QR-Token-Logger-main/.github/ISSUE_TEMPLATE/feature_request.md
Size

604B
MD5

183208d06fb1a5f6d80de9b22521b578
SHA1

435e13162eda4961e818f66441f4f05407e55758
SHA256

72a5f467b083c24507b1e848bbb958800f783fe1d313a8ca017f2a2673acad47
SHA512

c6dbeb618052b51ed7b51b6ae16cf382f89f99d6bd2b4c82617168f77706dc5128b54513aae030ffdc6d5a3160197c4e4ad368a6639d14f1a11d8f37b2c734ad

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4796	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Discord-QR-Token-Logger-main\.github\ISSUE_TEMPLATE\feature_request.md
1⤵
- Modifies registry class
PID:4908

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact