cd660bd4d4f7d33920a2c18be331041ba80d7770e1c47153a5dfae6da3f5e43e

Analysis

max time kernel
68s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
15-06-2023 05:33

Target

Crafty-v1.1/runtimes/linux-x64/native/libSkiaSharp.so
Size

8.8MB
MD5

72d0cf246079952f888d939eb490a334
SHA1

0c81cceca9358a70802e3c6a4e43c0a4e4f6a4b8
SHA256

e61aa1774f855a433467f6252e188a42a971cb5d2f475817ecc158e1a08f0c8f
SHA512

702a5e335483590c9289c3a3de71aa3c21148728aa97f25b62351b6db54d6fc2461a765019cc5245437c19ddfc9b3d8d4e9318a785334c834d5518019c468bf4
SSDEEP

98304:hcUzoYhF9O04dMBGxcNgcT+Vws7RS5EFruzPZpC01vA:hc5QGXpoMuHC0S

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

Processes:

cmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

536 OpenWith.exe

pid	process
536	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Crafty-v1.1\runtimes\linux-x64\native\libSkiaSharp.so
1⤵
- Modifies registry class
PID:1368

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact