fe7b1c4c3c432a072c620a993838a27ef0d5b43dbc24b03bb28641106b98b645

Resubmissions

01-08-2023 16:40

230801-t6l4haaf9s 7

01-08-2023 16:38

230801-t5c47shf79 3

Analysis

max time kernel
44s
max time network
50s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2023 16:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BLTools v2.0.rar
Size

2.2MB
MD5

d500f0b995a897d3a01c0b393632a82e
SHA1

13367fbac0893aa1e7acce3f00570cb8431d0abb
SHA256

fe7b1c4c3c432a072c620a993838a27ef0d5b43dbc24b03bb28641106b98b645
SHA512

58384e53b15d9aaafea058edab24411c193fb0a83723e2b0fcc24a1fa2d30b4847873e528b0b66fc8184bd3e498d5d8a596e0c83be58eeac53eaa0a2c59f5a0a
SSDEEP

49152:m2QHl5kNlNJU9MyAUyi9Qhyrq769EQL38xCOofjuZpHYatpYrG:0ArU9MyAUrFrSls38oLub3mrG

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe
1440	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\BLTools v2.0.rar"
1⤵
- Modifies registry class
PID:2252

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads