77e4220f82cf6295f1cd743c63543705c222d9a469f68992bcb443d95e9adf54

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2023, 15:23

Target

locale/sk/LC_MESSAGES/default.mo
Size

16KB
MD5

45997a08ee351bacc1f7ff47b55ab5b8
SHA1

76c12eb4d6ab8cd5fd69be04d2048fc3e2a11882
SHA256

e94246c6d41736ad55f78991ccb16f53fc79e9597c566cf3dcc795484b0a7a27
SHA512

6152a9174d0fc1dcfc692705c0634f19de5100b95168f9f263c823eb6e988ce9da2514c65cc8cb35dec0640dd83e514e7e76bdfb142947f4cb3aaf5a7de9c0f1
SSDEEP

384:KpHQMU7hfAns99vSjKNLDrO17bUHHE/AYc2g+O:KpHQZ4o8L/fc2o

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1444	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\locale\sk\LC_MESSAGES\default.mo
1⤵
- Modifies registry class
PID:1828

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact