1120384cb197413e7a81b25c51f2b8c6ee3ff49c5260579d2e8ea36d7ffd03d4

Analysis

max time kernel
135s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
09-06-2023 23:44

Target

Exodus.rar
Size

10.9MB
MD5

187f57461e7ad41353f91cdcb8da4fce
SHA1

581cdec9c38ee21d072de12ffdd334eba951080e
SHA256

be34e510178b9f1b10880945b5346f78288d499b9481355ee1cbaa4e07f4d9af
SHA512

9310aa4e3b64c815878ecada314241481bf7e92677ff936b0b420ae929896bd282f98531a88f5f378b057291eb1b9d456cf8be23039c3d50f4e914f779323d30
SSDEEP

196608:xvLkHhp2Xje+t4quCtF5485nmFXroiZnvXoHV12gl3uEI8x+qMfKRPH9NH9NL7dF:xvLkHhp2S8eCtj8bB812suEIWqfKRPHL

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

Processes:

cmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

OpenWith.exe

pid process

2436 OpenWith.exe
2436 OpenWith.exe
2436 OpenWith.exe
2436 OpenWith.exe
2436 OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Exodus.rar
1⤵
- Modifies registry class
PID:2128

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact