b902902f414d71f99254b009d971eb2031a06cba1196695adc4568830ccbd9b0

Analysis

max time kernel
14s
max time network
20s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
24-10-2022 03:44

Target

Data/xulrunner/js-gdb.py
Size

263B
MD5

3112cc778265aa80f38b678e6a9831c3
SHA1

7bed46fc4af78d67ac58f00b2d2737ea17b41a27
SHA256

32e7ff13d390bb4a23f029726b8856b6add8a035bf6da2b24657a96076debbeb
SHA512

ff8afe0f0470101401db7cd55843045fbace3f619977d2dbff0256fce5cd2d16124fcd4c7a1a369c4f1b2d760f6f10de0191a770a6f466b4cdac4110a4d0ac95

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings	cmd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4240	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Data\xulrunner\js-gdb.py
1⤵
- Modifies registry class
PID:1512

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact