e6360d66b7e3b8aebee4ae5aae9e2f470ed8ba472373ff56057ad69b6c5ac54b

Analysis

max time kernel
104s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
27-03-2023 16:30

Target

notifica a usted la primera audiencia por el proceso judicial adelantado.rar
Size

673KB
MD5

ea1a6d4ee652e1810ca3df145259deab
SHA1

8eb9819138ef5d6e10e98e0e5524abf26d6791fa
SHA256

e6360d66b7e3b8aebee4ae5aae9e2f470ed8ba472373ff56057ad69b6c5ac54b
SHA512

6e9425a61762dcde831bef634c2d7de248d418343a4d419a6ac8d4152bd454ed0d6526a4f169c64210a3c434e493407a34344fd1af8cad50db27545b5bdde896
SSDEEP

12288:UyG+3U4tBSIUsuHVAQGs9Xwvd7MWcv7o8jrPbx1xWGFFPgUgZH:Uyr9q1AWGF7MWOR3XxWG3gUgZH

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 2 IoCs

Processes:

cmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

3100 OpenWith.exe

pid	process
3100	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\notifica a usted la primera audiencia por el proceso judicial adelantado.rar"
1⤵
- Modifies registry class
PID:4568

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact