48a62a730ed202a7e69474435781cb8d241861a94243314977b48f1538110851

Analysis

max time kernel
51s
max time network
62s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
15/04/2023, 18:19

Target

Worst-main/GoodNight.py
Size

1KB
MD5

eb3f81d2472e850db246fe1cf542013c
SHA1

2cb5ac171c39b84f9a6bdc1ff4ad846c55fbe48a
SHA256

0e555a81c49048153327368d9c7a323a8d734701f1cafc8301a1f90c3823049c
SHA512

1981005972a6f6d27746783cbe4d8e088c8b7cd27ead1260b4f6c6870d4db6d685c8659e2d59707a1515e34705634a7da3241d61ba8de95b049de4f093a7e651

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 3 IoCs

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Worst-main\GoodNight.py
1⤵
- Modifies registry class
PID:3648

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact