0697f94db49fc7272e35c018ede19f07aaa680623753c93f964f0dd9e24c2536

Analysis

max time kernel
135s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14/04/2023, 17:41

Target

image-logger-main/utils/Imports.py
Size

530B
MD5

b7f36ecc14144d74d92a361a5586a3c1
SHA1

d48f53e937f0ee7d39471362fbf22b0e2416c3c3
SHA256

60f72dd5d50266f90dbc878765082fd3487edc6c37a9591c5d3cc85c45b51823
SHA512

ac5ce8ac1b5ff97937b4786b5f0acaac82a40bcdeaf62a8aa0fee7cdca7738f03d2d3357c7f3a307031decdd447b36bb0fff9a7050a7cfc45b5710c078fa837d

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	cmd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4460	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\image-logger-main\utils\Imports.py
1⤵
- Modifies registry class
PID:3476

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact