1a9e29a335b77226168d360aeba6cddf7624a6e3d5e57f191113d3be3de2f7e4

Analysis

max time kernel
32s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
04/03/2023, 12:50

Target

0FF1C3 2022 - by Diekrolo.rar
Size

11.3MB
MD5

4c8a417bbad244c232332f496df87ac3
SHA1

e244b243d71517b1040c7a38fb3528005233f8c7
SHA256

1a9e29a335b77226168d360aeba6cddf7624a6e3d5e57f191113d3be3de2f7e4
SHA512

6d3a906a70ca0257880bd88ca7c272e9c071c8c22ecb1aef87a1eca8afdb356fb9a740d693554bd76b8e5855ab76846a7434371ae5be6251b3abc405a4838805
SSDEEP

196608:YbFJuGasTuE2o38nuRodHzUFehlJ+VLclTgJ2dMFzPENPp9TRyOmxO2736fAljy:YbvuGasBVhodHze2wVLclTXd8jexLP/r

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3696	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\0FF1C3 2022 - by Diekrolo.rar"
1⤵
- Modifies registry class
PID:1124

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact