cd660bd4d4f7d33920a2c18be331041ba80d7770e1c47153a5dfae6da3f5e43e

Analysis

max time kernel
110s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
15-06-2023 05:33

Target

Crafty-v1.1/runtimes/linux-arm64/native/libHarfBuzzSharp.so
Size

1.3MB
MD5

f2444a16900d297e1120dfa2b7934e96
SHA1

05bae572ee923ae98e978438ddacb9492ef73783
SHA256

b75e8ee2025ade030da55027efedc41c18c07c91d4910003bb0eaaa81def70b1
SHA512

db1801c49718cc1abb885135b5ac663d80974208a77cdcf50b4f034ebd4cb2a75600b11f918ff1797a230c98a128a1eecd01af2b45c84b694efe85094fcd7c68
SSDEEP

24576:spWxLpZbvPOhxm8q8ccmYMyVIkWim+67Hbx+RchMNwDF4/000oGSFFLM:sp+P+xmyccmYMyVuHbx+mQwDF4/p0oG5

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

Processes:

cmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

5076 OpenWith.exe

pid	process
5076	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Crafty-v1.1\runtimes\linux-arm64\native\libHarfBuzzSharp.so
1⤵
- Modifies registry class
PID:1796

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact