fe183156cd4105047619178de50e3c0e104177fce097927958de88002889b882

Analysis

max time kernel
308s
max time network
410s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
21/08/2023, 03:37

Target

renpy/gl/gl.pyx
Size

27KB
MD5

98f42cb65cdb06c22fbc14fbbe7de5eb
SHA1

8607e8566af4a46ac73467917210a79b4703629f
SHA256

b4e90256e45ae0bf2127d9fc58ed453e424fc6b7ecc5729c5112fa241e7fce00
SHA512

5f3b5e9ea3a500d43230cf546e45977314265c1869d53870796e54185001f7cc4dfc4d00c363cad7e4c601298f6d3a524ddcc4e2c928a035e2b16598149c16b6
SSDEEP

768:+X78Jn7oB46CwoQu6oNa5oDC7oxCsoZl8o3/no7rQUo5yxKoMlOoczroNo9vsmos:+r85e4jis/jUbmVGsnmIsg5S/rucy/eC

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings	cmd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3540	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\renpy\gl\gl.pyx
1⤵
- Modifies registry class
PID:608

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact