df53d5d9fd823812fe6f8da727dda6c5422eb6f10ec45db2325fa0fc2db91684

Analysis

max time kernel
369s
max time network
432s
platform
windows10-1703_x64
resource
win10-20230220-es
resource tags

arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
11-04-2023 14:15

Target

LBOTS V2 FREE LOGIN/LBots.deps.json
Size

2KB
MD5

56c16886636a7c91b294adaa9d021917
SHA1

e44d546170c9ef90a31adb632d807d2c65c9921c
SHA256

3485b832f38596b38d6ecd5d001ecda90214ce0936da2dd145ed32f1f901047d
SHA512

0876ef6dc34c6efe0980132b45be7c8f723513911537ab35624141ce570daa0fcaba2cd3b6edb34047b339401b467a6106fc739f7a4d10f3e726625a4c086996

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 2 IoCs

Processes:

cmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

1712 OpenWith.exe

pid	process
1712	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\LBOTS V2 FREE LOGIN\LBots.deps.json"
1⤵
- Modifies registry class
PID:1680

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact