ac2d6bf8652b335de61f9ea57037bc83c1d7c87de44fe9cab2be50b85563d28e

Analysis

max time kernel
33s
max time network
182s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
01-04-2023 06:49

Target

Synpase/workspace/rostruct/cache/releases/richie0866-midiplayer-LATEST-ZIPBALL/src/Components/Controller.lua
Size

4KB
MD5

80a831ab6505bd61d6f798b314ec6c7b
SHA1

4956cb08df436f00f00112e915fc580bc6cbb460
SHA256

074d7c8738f6205add801ca30b3ebdbbc3059f10d8b7be1f66c8cb51ad84864d
SHA512

224b6ba45c86c4c95b8f2e11031f55ea80d030669cb5d9faf60c1c006d94824660fb66a248e6fb7250fc5581cc85fe9de9b6fc664bbb90da8179554749f4f751
SSDEEP

48:HBd+6nK8MK+ibvx2dErmTnZ2mRQx8Hd/BRcrm+mWZF2OFz2kOLUyjiyC8/uCklRY:h46KkUdEanZ26dfcL5WC8WCyhbiNA4

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 2 IoCs

Processes:

OpenWith.execmd.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	cmd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

3824 OpenWith.exe

pid	process
3824	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Synpase\workspace\rostruct\cache\releases\richie0866-midiplayer-LATEST-ZIPBALL\src\Components\Controller.lua
1⤵
- Modifies registry class
PID:2568

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact