437c8032e578d678d10379c25af38953c41821103fb2d7d25f6a229fdd2bec10

Analysis

max time kernel
59s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2023 22:51

Target

Borrador/Language/Polish.lng
Size

6KB
MD5

05e11996cd6c94dbd0ab0f7f1d2876b0
SHA1

f5da0cc5c96049030e3e2e553c6f6123a1e6bd66
SHA256

d24f9b863e8d0d11b6bfa679b92526f9bd509bfaa96364ea9388fb1ea5123133
SHA512

c69dfe534c8fdefb9dbd4b8d3ab13c9ade884f3c4e6a18f32b8f5dd746214c4c47288c93b0a4baed0c53c5841f9a32b45b1696215978b33e8cbc3e50fdc052ca
SSDEEP

96:rRKvUtxVSr8N+aaVmAMFnoEJpneTyOvgsnBGqC//LZl77BxXDLT9tQdW+p9P6Gyi:dKvkxVSrEraPzq9lnDLhtQ82PTfqWD

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3076	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Borrador\Language\Polish.lng
1⤵
- Modifies registry class
PID:4396

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact