364c55291e5f66855481d99cb57dc6fe233fa6fbf78536b4fe616616528ad3cf

Analysis

max time kernel
51s
max time network
182s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
16/02/2023, 19:30

Target

69816026469__D18B5D4B-734B-485C-AEE4-B24C750E08AB.heic
Size

2.4MB
MD5

456bb6ae17ec868fe58a6bff9e60af93
SHA1

9b6145d0a5157427de02ca2539cad22ca88da2f8
SHA256

364c55291e5f66855481d99cb57dc6fe233fa6fbf78536b4fe616616528ad3cf
SHA512

83fdeb33bf66cc103c524071c6007435f24262d800b68b2de03c2c6f97150da8b6c5d530e96f54b04a28fa5b34a581d9adbf7f6591c430947ab888bade939c4f
SSDEEP

49152:6Pn5CvwTlYZjgi2h+Ea5BXbxleHv7dzNViVvxYCO0+VtbVv8p:6f5zTlYG8Ea5/UP73ViVZYCONVxip

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
380	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\69816026469__D18B5D4B-734B-485C-AEE4-B24C750E08AB.heic
1⤵
- Modifies registry class
PID:2752

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact