fe183156cd4105047619178de50e3c0e104177fce097927958de88002889b882

Analysis

max time kernel
306s
max time network
407s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
21/08/2023, 03:37

Target

renpy/styledata/styleclass.pyx
Size

1KB
MD5

25331633f22f3b9851d3a248770cc066
SHA1

dfb2cf7a117d1a4c70e72c3011c07eea50648b7a
SHA256

d25d239b9601a17cef6e500a615ec932bc07a58963a59b8e97d9b956ec6b77df
SHA512

57d0b44a5c74e11b35ef9124780344a19ae9553fbd281ce714fc58ff6f9cd2e8390bb52451b33fcfb5b8bb285ae817e4754d2201491334a825303c83700d9a89

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1766410430-2870137818-4067673745-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1766410430-2870137818-4067673745-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3308	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\renpy\styledata\styleclass.pyx
1⤵
- Modifies registry class
PID:380

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact