7024a9859a5dba92870e4ef58e0dca2c75fa8dca0803cf10ce70136f3c5e9150

Analysis

max time kernel
91s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-02-2023 21:11

Target

unpaid_1498-February-03.one
Size

1.3MB
MD5

49c84bfd5cfbf3062ff95fa99f1f9bbe
SHA1

60a008eb6bd1148fb1b6884792a1c4f9d6b732c0
SHA256

7024a9859a5dba92870e4ef58e0dca2c75fa8dca0803cf10ce70136f3c5e9150
SHA512

3bdfc75bfa4cefeadffe21e0f0ff506af878279ef77380dad48e94845320c159f76dcd2b34f009572a444e06e978e9cb492bcd280591f70339be9536f5c1c0ba
SSDEEP

6144:N8HYm1L0Wqvjb+KEKGNqR0ZLBiRhpwNDLNyiFnnD76yMuaXJ3/Cfifmjp/WL1fMT:+LRkjb18ZZLBiu1k

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5000	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\unpaid_1498-February-03.one
1⤵
- Modifies registry class
PID:2992

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact