707e4c6d5d57fe10d244fd24f57943ac4bd01f575cafa82dcacba9ce1ca6700e

Analysis

max time kernel
24s
max time network
32s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
22/05/2023, 16:03

Target

NodeBeamEditor/bin/html/css/bootstrap-theme.min.css
Size

19KB
MD5

89b29714ad4aaaa3953ef3b51cf9c43a
SHA1

fc6b4268fbd57ad95d2b41a1d4d6866f222fbdb2
SHA256

2453e31f9c5e0dbee528d11f97a85edf897ed93406954ce8e475f0244abf249a
SHA512

56a5c43520c14e207e53431613bb0e5e1af051fe29d1319481c1b86929f1960a11bbba4b6418f09d50f1817ad10030b6b9fcc702a1374b934cd495b49c3ddf76
SSDEEP

192:I7dOxdOiu/8IGMXcMdO1dO5MsObgolkZOMdOkdOG31QNGiuUiu5iuOVOvVO2:8QfudGmzEUMngolsLP3by/

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1492 wrote to memory of 672	1492	cmd.exe	28
PID 1492 wrote to memory of 672	1492	cmd.exe	28
PID 1492 wrote to memory of 672	1492	cmd.exe	28

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\NodeBeamEditor\bin\html\css\bootstrap-theme.min.css
1⤵
- Suspicious use of WriteProcessMemory
PID:1492
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\NodeBeamEditor\bin\html\css\bootstrap-theme.min.css
  2⤵
  PID:672

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact