e5b33a838a0963fac7d8f9c7174e64afce095cb4cc0f4425e53f81d723f3e938

Analysis

max time kernel
80s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
08-12-2022 17:37

Target

Discord-Token-Logger/src/components/systeminfo.py
Size

6KB
MD5

005bcf8bf0be949d1045277b946ab52b
SHA1

389d89aeea0c72f125b5b6a4c10eaf3764e1c363
SHA256

bd6135b30cac690b547cef528cbcabe6147f36b7163f510e3164549317bbd077
SHA512

b4a142fb26796df2e3bab9703b664c2969a16b3ea1ccd1e0ba41c56f56334b39276448b2397be43aa2c0c1c8fd4a955186e91ddc31c170f4b49a9f8f0d839f22
SSDEEP

96:o62a5Q8kjqXmBHyCOSRdpvlGa4sVV2iHxhwqf+zadcTP9eTbIf:PQRy6Tka/T2UIzaaL9eM

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 2 IoCs

Processes:

cmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

3480 OpenWith.exe

pid	process
3480	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Discord-Token-Logger\src\components\systeminfo.py
1⤵
- Modifies registry class
PID:544

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact